Aggregator

一位拥有两年印度初级软件工程师经验及八个月美国网络安全分析师经验的专业人士，希望在美国长期从事网络安全工作（如SOC或应用安全领域），但对自身软件背景是否有助于申请中低层职位存在疑问，并寻求如何优化个人背景以增强竞争力的建议。

The ransomware landscape experienced a significant shift in the second quarter of 2025 as Qilin ransomware emerged as the dominant threat following the unexpected collapse of RansomHub, previously the most prolific ransomware-as-a-service operation. This transition has reshaped the cybercriminal ecosystem, with Qilin capitalizing on the vacuum left by RansomHub’s abrupt cessation of operations in early […]

The post Qilin Ransomware Surging Following The Fall of dominant RansomHub RaaS appeared first on Cyber Security News.

A vulnerability was found in Apple macOS up to 15.5. It has been classified as problematic. Affected is an unknown function of the component App. The manipulation leads to information disclosure. This vulnerability is traded as CVE-2025-43267. It is possible to launch the attack on the local host. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Apple macOS up to 13.6/14.6/15.5. It has been rated as critical. Affected by this issue is some unknown functionality of the component App. The manipulation leads to sandbox issue. This vulnerability is handled as CVE-2025-43266. Local access is required to approach this attack. There is no exploit available. It is recommended to upgrade the affected component.

​芯芯之火，可以燎原。

近期，为贯彻落实《2025年深入推进IPv6规模部署和应用工作要点》，推进IPv6规模部署和应用专家委组织开展国内用户量较大的200款移动互联网应用IPv6流量情况测试。

中方一贯主张，网络安全是各国面临的共同挑战，应当通过对话与合作共同应对。

中国工程院院士吴世忠在由同济大学和上海市杨浦区人民政府联合主办的2025年世界人工智能大会智能社会论坛上做了题为《大模型安全治理的现状与展望》的主旨演讲。

Вместо патронов — код. Хакеры открыли огонь по SharePoint.

Red-Hot Startup Noma Security to Deepen Protection for AI Models and Agents
With agentic AI deployments accelerating, Noma Security’s $100 million Series B will fuel development of risk management and runtime protection features. CEO Niv Braun said demand for securing agentic AI has surged among Fortune 500 firms and healthcare and financial institutions.

US Alleged Illumina 'Knowingly' Sold Feds Systems Containing Vulnerabilities
Genomics sequencing firm Illumina Inc. has agreed to pay $9.8 million to resolve False Claims Act whistleblower allegations that it sold software and systems containing cybersecurity vulnerabilities over more than seven years to government agencies.

New Funding, Platform Expansion Aim for Predictive, Autonomous Threat Defense
Safe's $70 million Series C will fund expanded capabilities across its cyber risk quantification, exposure management and third-party oversight tools. The company says its agentic AI vision – cyber AGI – will transform how enterprises manage and mitigate cyberthreats.

Also: Rethinking IT-OT Integration; Previewing Black Hat 2025
In this week's update, four ISMG editors discussed the latest on the ToolShell exploit and the rise of Warlock ransomware, why IT-OT integration may not be the best answer for industrial security and what to expect next week from ISMG Studio at Black Hat Conference 2025.

A vulnerability has been found in Agnitum Outpost Internet Security 8.1 and classified as critical. This vulnerability affects unknown code of the file acs.exe. The manipulation leads to path traversal. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability was named CVE-2013-10046. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in Havalite CMS 1.1.7. It has been declared as critical. This vulnerability affects unknown code of the file upload.php. The manipulation leads to unrestricted upload. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability was named CVE-2013-10055. The attack can be initiated remotely. Furthermore, there is an exploit available.

LockBit ransomware operators have adopted an increasingly sophisticated approach to evade detection by leveraging DLL sideloading techniques that exploit the inherent trust placed in legitimate applications. This stealthy method involves tricking legitimate, digitally signed applications into loading malicious Dynamic Link Libraries instead of their intended components, allowing cybercriminals to execute ransomware payloads while masquerading as […]

The post LockBit Operators Using Stealthy DLL Sideloading Technique to Load Malicious App as Legitimate One appeared first on Cyber Security News.

Shopee信息安全团队招聘基础安全工程师/专家

A vulnerability classified as critical has been found in LxCenter Kloxo up to 6.1.12. Affected is an unknown function. The manipulation leads to improper privilege management. This vulnerability is traded as CVE-2012-10022. It is possible to launch the attack on the local host. Furthermore, there is an exploit available.

A vulnerability has been found in MiniWeb HTTP Server up to Build 300 and classified as critical. This vulnerability affects unknown code of the component Management Instrumentation Service. The manipulation leads to unrestricted upload. This vulnerability was named CVE-2013-10047. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability classified as problematic was found in Gohigheris Com Jwhmcs 1.5.0. Affected by this vulnerability is an unknown functionality of the file index.php. The manipulation of the argument controller leads to path traversal. This vulnerability is known as CVE-2010-1977. The attack can be launched remotely. Furthermore, there is an exploit available.