Aggregator

登录tix.qq.com获取更多资讯

Microsoft has announced it will discontinue password management features in its widely used Authenticator app, marking a significant shift in its approach to digital security. Starting July 2025, the app’s autofill capability will be disabled, and by August 2025, all saved passwords will be permanently removed from the app. A Strategic Move Toward Passwordless Security […]

The post Microsoft Ends Authenticator App’s Password Management Support From 2025 appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Что скрывают чертежи Vision Pro, за которые инженер Apple рискнул карьерой.

CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. 

• CVE-2025-6554 Google Chromium V8 Type Confusion Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. 

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information. 

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of KEV Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria. 

Zr.Ms. Friesland heeft opnieuw een drugstransport in de Caribische Zee onderschept. Na een achtervolging nam het marineschip een grote hoeveelheid cocaïne in beslag. Dat gebeurde 14 juni, maar is vandaag pas bekendgemaakt.

OsmAnd 或代表 OpenStreetMap Automated Navigation Directions 是一款基于 OpenStreetMap 数据集的 FOSS 地图导航应用，至今已走过了 15 年历程。项目开发者称，OsmAnd 在所有平台的月活跃量为 250 万，日活跃量为 10 万以上，总安装量超过 2000 万。开发者称，过去 15 年可分为三个阶段：前五年是构建地图导航应用的基础功能；接下来五年是让功能齐全，提供丰富的插件和专业的工具；第三个五年是重写和改进了渲染引擎和路由算法等核心组件。未来的五年将是改善稳定性、速度和整合。

Australia’s flagship carrier, Qantas Airways, has disclosed a significant cybersecurity breach affecting up to 6 million customers, with cybercriminals gaining unauthorized access to a third-party customer service platform used by the airline’s contact centre operations. The incident, detected on Monday and contained shortly thereafter, represents one of the most significant data breaches in Australian aviation […]

The post Qantas Airlines Hit by Cyberattack, Customer Data Compromised appeared first on Cyber Security News.

Security-First Culture (SFC) is an organization-wide commitment where security considerations influence decision-making at every level, from strategic planning to daily operational tasks.  It’s not just about having fancy tech or a dedicated IT team; it’s about making security a core part of how the company thinks and acts. A mindset where every decision, from coding […]

The post A Guide to Developing Security-First Culture Powered by Threat Intelligence  appeared first on ANY.RUN's Cybersecurity Blog.

I analyzed some PureLogs Stealer malware infections this morning and found some interesting behavior and artifacts that I want to share. PureLogs infections sometimes start with a dropper/downloader (PureCrypter) that retrieves a .pdf file from a legitimate website. The dropper I will demo here down[...]

PureLogs恶意软件通过伪装成PDF文件传播，实际为加密的DLL文件。该DLL被注入到InstallUtil.exe进程并连接C2服务器。分析揭示了其行为模式及多个IOC指标。

A vulnerability classified as very critical has been found in Infinera G42 up to 7.0. This affects an unknown part of the component Endpoint. The manipulation leads to improper handling of insufficient permissions or privileges. This vulnerability is uniquely identified as CVE-2025-27025. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

文章介绍了Reddit作为一个社交媒体平台的功能和使用方法，包括导航、社区互动、应用程序下载以及登录流程等内容。

AI含量一小步，安全运营一大步

360航空维修AI助手目前已在全国多家航空企业落地

Как жили, любили и мечтали до нашей эры?

澳大利亚最大航空公司Qantas遭网络攻击，第三方客服平台泄露600万客户记录，包括姓名、邮箱等信息。未涉及信用卡等敏感数据。公司已隔离系统并配合调查。FBI警告黑客针对航空业的威胁增加。

A significant security flaw has been identified in the popular YONO SBI banking application that could potentially expose millions of users to cybersecurity threats.  The vulnerability, designated as CVE-2025-45080, affects version 1.23.36 of the YONO SBI: Banking & Lifestyle app and stems from insecure network configuration settings that allow unencrypted data transmission. Summary1. CVE-2025-45080 in […]

The post YONO SBI Banking App Vulnerability Let Attackers Execute a Man-in-the-Middle Attack appeared first on Cyber Security News.

Пятерых "бизнесменов" поймали за руку.

Netcraft报告指出大型语言模型在识别登录网站时不可靠,易导致钓鱼攻击风险增加,并举例说明其结果可能被恶意利用。