Aggregator

ServiceNow has confirmed a security vulnerability that could allow unauthorized actors to query customer instance tables, raising concerns about potential data exposure across enterprise environments. The issue, disclosed through threat intelligence channels, involves improper access controls that may enable attackers to execute queries against backend instance tables without proper authentication. ServiceNow, widely used for IT […]

The post ServiceNow Confirms Vulnerability Allowing Unauthorized Access to Customer Instance Tables appeared first on Cyber Security News.

Почему в последний момент алгоритм выбрал знакомое объяснение?

A malicious package targeting software developers has been discovered on npm, one of the most widely used package registries in the world. The package, named dbmux, was found to contain hidden malware capable of giving attackers complete control over any developer’s system that had it installed or running. The incident was disclosed on June 9, […]

The post Hackers Infect npm Package dbmux With Malware to Fully Compromise Developer Systems appeared first on Cyber Security News.

AI agents are becoming a core part of how companies manage their inboxes, triaging messages, pulling up files, and even replying to emails on behalf of employees. What researchers have now confirmed is that these agents can be tricked just like humans, and sometimes more easily. A new phishing simulation has shown that an AI […]

The post OpenClaw AI Agent Leaks Sensitive Credentials in New Phishing Attack Simulation appeared first on Cyber Security News.

从电力革命到大型语言模型，技术价值往往不来自工具替换，而来自围绕技术重新设计工作流程。以前研究攻击者，后来研究攻击面；AI 时代，或许还要再补上一句，以前研究工具，后来研究工作。

A threat actor using the alias Zab26 is advertising for sale what they describe as a 533 GB "full-stack" healthcare dataset spanning French and European health systems.

BI.ZONE зафиксировала новую волну фишинговых атак на российские компании.

The disgruntled researcher released yet another PoC for a Windows Defender bug that allows for system takeover, showing no signs of abandoning their ongoing feud with Microsoft.

A threat actor using the alias Soral claims to have breached H1 (h1.co), a global healthcare technology and data-analytics company.

研究人员在疫情期间进行了一系列实验，观察在保持安全距离的情况下多少人能共享同一空间。在回看视频时，他们注意到大多数人都逆时针方向行走。这一意外发现促使科学家展开了更多实验，发现人类总是倾向于逆时针行走。他们的研究报告发表在《Nature Communications》期刊上。科学家尚不清楚这种偏好的来源。男性和女性都存在该偏好行为，儿童中间更为明显。动物中间也有类似行为，如岩蚁（rock ants）探索未知巢穴时偏好左转。科学家怀疑与生物机械学有关，但确切机制仍然是个谜团。奥运会的田径比赛最初让运动员沿顺时针跑道跑，但后来因运动员认为这种跑法不自然而改为沿逆时针跑道跑，原因这可能是人口中的右腿优势。

Cybersecurity researchers have warned of a "resurgence and expansion" of JDY, a covert network associated with China-nexus state-sponsored threat actors. "The JDY botnet comprises over 1,500 SOHO [small office and home office] and IoT devices and operates as a centrally controlled, high-performance scanner used to discover, fingerprint, and continuously map exposed services at scale," Lumen's

A vulnerability that meets all four criteria would need to be fixed within three days, for instance.

The post CISA directive orders agencies to prioritize vulnerability patching in a new way appeared first on CyberScoop.

Самый надёжный генератор случайных чисел работает по принципу: не доверяй ничему, даже себе.

Threat actors push fake free-software tutorials on TikTok and Instagram to spread Vidar stealer

全是不建模就得死的题

揭秘MCP生态中的「暗面」：AI代理如何成为攻击者的帮凶？ by ourren

PacketPatch：面向基于字节特征的加密流量分类的对抗性数据包实用化生成与部署 by ourren

AI网络攻防演化与安全重构 by ourren

更多最新文章，请访问SecWiki

A vulnerability was found in sudo-rs up to 0.2.0. It has been classified as critical. The affected element is an unknown function of the file /var/run/sudo-rs/ts. Performing a manipulation results in path traversal. This vulnerability is reported as CVE-2023-42456. The attack requires a local approach. No exploit exists. Upgrading the affected component is recommended.

A vulnerability, which was classified as problematic, has been found in Google Chrome on Android. This vulnerability affects unknown code of the component WebView. This manipulation causes permissive cross-domain policy with untrusted domains. This vulnerability is registered as CVE-2026-11097. Remote exploitation of the attack is possible. No exploit is available. It is advisable to upgrade the affected component.

A vulnerability was found in Google Chrome. It has been rated as critical. Affected is an unknown function of the component Media. Performing a manipulation results in use of uninitialized variable. This vulnerability is reported as CVE-2026-11089. The attack is possible to be carried out remotely. No exploit exists. Upgrading the affected component is advised.

A vulnerability categorized as critical has been discovered in Google Chrome. Affected by this vulnerability is an unknown functionality of the component Dawn. Executing a manipulation can lead to out-of-bounds read. This vulnerability appears as CVE-2026-11091. The attack may be performed from remote. There is no available exploit. It is advisable to upgrade the affected component.