Aggregator

European and U.S. law enforcement have disrupted the operations of a pro-Russian hacker group known for launching distributed denial-of-service attacks against Ukraine and its allies.

Reuven “Rubi” Aronashvili, CEO of CYE, asks a blunt question: Why are breaches still rampant when security budgets have never been larger? Drawing on his journey from leading an Israeli red‑team unit to advising Fortune‑500 boards, Aronashvili argues that most companies are still flying blind. Visibility—knowing exactly which assets, vulnerabilities and business processes are at..

The post Bridging the Visibility Gap: 2025 Global Cybersecurity Maturity Report appeared first on Security Boulevard.

Security Leaders Need Deep Observability to Balance Innovation and Risk
Organizations face mounting pressure to accelerate AI adoption while maintaining robust security controls across hybrid cloud environments where traditional tools fall short. This World AI Appreciation Day, it's time to challenge the assumption that rapid innovation comes at the cost of security.

Startup Raises $30M, Uses Risk Intelligence to Preempt Reconnaissance Attacks
Former FireEye and Mandiant leader John Watters unveils iCounter, a new cyber risk intelligence startup focused on targeted attacks and AI-enabled adversaries. Backed by Syn Ventures, the firm aims to transform threat detection with deeper visibility into attacker reconnaissance.

Oracle Cloud Infrastructure Flaw Enabled Malicious File Uploads, Researchers Found
Exploring Oracle Cloud Infrastructure, researchers at Tenable found that Oracle's console-based Code Editor tool failed to block arbitrary file uploads, and could be silently exploited via drive-by attacks to install malware. They said Oracle has now fixed the vulnerability.

Hacking Group UNC6148 Steals Credentials With New OVERSTEP Rootkit, Google Says
A cybercrime group used a backdoor in a fully patched SonicWall appliance to steal credentials and may have sold the stolen data to ransomware groups as part of an ongoing campaign, Google Threat Intelligence Group found. The firm attributed the campaign to a cybercrime group it tracks as UNC6148.

Unknown intruders are targeting fully patched end-of-life SonicWall Secure Mobile Access (SMA) 100 series appliances and deploying a novel, persistent backdoor / rootkit, analysts with Google’s Threat Intelligence Group (GTIG) have warned. The analysts say UNC6148 – as they dubbed the threat group – is likely financially motivated. “An organization targeted by UNC6148 in May 2025 was posted to the ‘World Leaks’ data leak site (DLS) in June 2025, and UNC6148 activity overlaps with publicly … More →

The post SonicWall SMA devices persistently infected with stealthy OVERSTEP backdoor and rootkit appeared first on Help Net Security.

To quash speculation of a cyberattack or BGP hijack incident causing the recent 1.1.1.1 Resolver service outage, Cloudflare explains in a post mortem that the incident was caused by an internal misconfiguration. [...]

A prominent Cambodian tycoon was the subject of multiple raids conducted Tuesday by Thai police, who accused him of being involved in cyber scams.

Ношение медицинских гаджетов скоро перестанет быть пыткой.

How do you lead a security team when threats evolve faster than your tools? It’s a challenge many CISOs face daily. Detection gaps, constant alert noise, and slow incident response make it harder to protect the organization and support the team.  The real issue often comes down to visibility. Without seeing how a threat actually […]

The post Top 3 CISO Challenges And How To Solve Them  appeared first on Cyber Security News.

BCH vs. SDR, AAR vs. CISA: Railroad industry first warned about this nasty vulnerability in 2005.

The post ‘FRED’ Security FAIL — Ignored by US Rail for 20 YEARS appeared first on Security Boulevard.

天文学家通过韦伯望远镜发现一个罕见天体，命名为「无限星系」（Infinity Galaxy）。这个系统是由两个盘状星系碰撞所形成，结构呈现两个紧密的核心，各自被环状结构包围，外观酷似数学符号「∞」，因此得名。无限星系距离地球约 83 亿光年，位于宇宙的中早期阶段。而在这个星系中，天文学家可能首次捕捉到一颗超大质量黑洞正在形成的过程，并指出这颗黑洞并非来自恒星坍缩，而是直接由气体云塌缩而成。这项发现支持「重种子」理论，有助解释为何在宇宙形成后不到十亿年内，已经出现质量庞大的黑洞。传统的「轻种子」（light seeds）理论认为，黑洞起初来自恒星核心坍缩所形成的小黑洞，质量约为数十到数千个太阳质量，需经由长期合并才能演化为超大质量黑洞。然而，这样的成长过程所需时间过长，无法解释宇宙早期即出现的巨大黑洞。因此，也有「重种子」（heavy seeds）理论提出，在特殊条件下，大质量气体云可直接塌缩为黑洞，省略中间合并的过程，但这一机制尚缺乏观测证据。无限星系可能提供了这种极端条件的实例。当两个星系碰撞时，产生的气体震波与压缩作用可能足以触发塌缩。这类情况虽在现今宇宙中极为罕见，但在早期宇宙中可能相当常见，有助解释韦伯望远镜所观测到的早期巨大黑洞来源。

Currently trending CVE - Hype Score: 20 - Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write (non-default configuration). This issue affects Apache Tomcat: from 11.0.0-M1 ...

The lawmakers say the potential is high for such a system to return false positives, blocking citizens from voting.

The post Senate Democrats seek answers on Trump overhaul of immigrant database to find noncitizen voters appeared first on CyberScoop.

DNSlog-GO：一款开箱即用的 DNS 解析监控神器

今日暂未更新资讯~
更多最新文章，请访问SecWiki

A vulnerability classified as problematic was found in Emlog Pro up to 2.5.17. This vulnerability affects unknown code of the component POST Request Handler. The manipulation of the argument comname leads to cross site scripting. This vulnerability was named CVE-2025-53926. The attack can be initiated remotely. There is no exploit available.

Dozens of Fortinet FortiWeb instances have been compromised with webshells in a widespread hacking campaign, according to the threat monitoring organization The Shadowserver Foundation. The attacks are linked to a critical vulnerability, tracked as CVE-2025-25257, for which public proof-of-concept (PoC) exploits were released just days ago. Key Takeaways1. A critical flaw in Fortinet FortiWeb is […]

The post Fortinet FortiWeb Instances Hacked With Webshells Following Public PoC Exploits appeared first on Cyber Security News.

A vulnerability classified as problematic has been found in LabRedesCefetRJ WeGIA up to 3.4.4. This affects an unknown part of the file adicionar_raca.php. The manipulation of the argument raca leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-53931. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.