@cyber-security ↑
zdroje:
#bleepingcomputer.com
#blog.google-TAG
#csirt.cz
#cyberscoop.com
#cybersecuritynews.com
#darkreading.com
#googleprojectzero.blogspot.com
#kratkespravy.sk
#krebsonsecurity.com
#linuxsecurity.com
#nakedsecurity.sophos.com
#nukib.cz
#scmagazine.com
#security.googleblog.com
#securityaffairs.co
#securityweek.com
#thehackernews.com
#therecord.media
#threatpost.com
#tripwire.com-state-of-security
bleepingcomputer.com
- Microsoft unveils new AI agents that can modify Windows settings
- Linux wiper malware hidden in malicious Go modules on GitHub
- Microsoft pushes fix for Windows 11 24H2 update failures
- Luna Moth extortion hackers pose as IT help desks to breach US firms
- New "Bring Your Own Installer" EDR bypass used in ransomware attack
- Microsoft finds default Kubernetes Helm charts can expose data
- Unofficial Signal app used by Trump officials investigates hack
- Darcula PhaaS steals 884,000 credit cards via phishing texts
- Microsoft is killing Skype today, pushes users to Teams
- UK shares security tips after major retail cyberattacks
- Microsoft silently fixes Start menu bug affecting Windows 10 PCs
- Microsoft: Windows 11 24H2 now ready to rollout to everyone
blog.google-TAG
- TAG Bulletin: Q4 2024
- TAG Bulletin: Q3 2024
- State-backed attackers and commercial surveillance vendors repeatedly use the same exploits
- Iranian backed group steps up phishing campaigns against Israel, U.S.
- Google disrupted over 10,000 instances of DRAGONBRIDGE activity in Q1 2024
- TAG Bulletin: Q2 2024
- A review of zero-day in-the-wild exploits in 2023
- TAG Bulletin: Q1 2024
- Tool of First Resort: Israel-Hamas War in Cyber
- Buying Spying: How the commercial surveillance industry works and what can be done about it
- TAG Bulletin: Q4 2023
- Russian threat group COLDRIVER expands its targeting of Western officials to include the use of malware
csirt.cz
- Postřehy z bezpečnosti: rootkit Curing ukazuje slabiny detekce
- Zranitelnosti v protokolu AirPlay umožňují vzdálené spuštění kódu přes Wi-Fi
- Nová verze ransomwaru WormLocker
- Distribuovaný FTP bruteforcer
- Oracle potvrdil únik dat, útočník nabízí 6 milionů záznamů
- Postřehy z bezpečnosti: operace Red Card vyústila v zatčení tří set lidí
- NÚKIB spustil novou verzi Portálu
- Botnet Eleven11bot infikoval desítky tisíc zařízení a sloužit má k DDoS útokům
- Desítky podvodných stránek napodobujících DeepSeek jsou využívány k šíření malware
- Postřehy z bezpečnosti: starý dobrý miner ukrytý v herních instalátorech
cyberscoop.com
- After Signal controversy, do private conversations online exist anymore?
- Google addresses 1 actively exploited vulnerability in May’s Android security update
- Federal prosecutors indict alleged head of Black Kingdom ransomware
- Amazon, CrowdStrike, Google and Palo Alto Networks claim no change to threat intel sharing under Trump
- Trump administration proposes cutting $491M from CISA budget
- Ukrainian extradited to US for alleged Nefilim ransomware attack spree
- National Security Council cyber lead wants to ‘normalize’ offensive operations
- Quantum computer threat spurring quiet overhaul of internet security
- Leaders of 764, global child sextortion group, arrested and charged
- North Korean operatives have infiltrated hundreds of Fortune 500 companies
cybersecuritynews.com
private- Hackers Using Fake Chrome Error Pages to Attack Windows Users With Malicious Scripts
- Android Security Update – Critical Patch Released for Actively Exploited Vulnerability
- Microsoft Reminds of Windows 10 To Reach End of Support – No More Security Updates
- Samsung MagicINFO 9 Server Vulnerability Exploited in the Wild
- Microsoft Fixes Group Policy Bug That Prevents Installation of Windows 11 24H2
- New ClickFix Attack Mimics Ministry of Defense Website to Attack Windows & Linux Machines
- New GPOHound Tool To Analyze Group Policy in Active Directory For Privilege Escalation Paths
- CISA Warns of Langflow Missing Authentication Vulnerability Exploited in Attacks
- Darcula (PhaaS) Stolen 884,000 Credit Card Details on 13 Million Clicks from Users Worldwide
- Beyond DDoS: The New Breed Of Layer 7 Attacks And How SMEs Can Outmaneuver Them
darkreading.com
- AI Domination: RSAC 2025 Social Media Roundup
- 'Venom Spider' Targets Hiring Managers in Phishing Scheme
- Ongoing Passkey Usability Challenges Require 'Problem Solving'
- The Dark Side of Digital: Breaking the Silence on Youth Mental Health
- Phony Hacktivist Pleads Guilty to Disney Data Leak
- How to Prevent AI Agents From Becoming the Bad Guys
- UK Retailers Reeling From Likely Ransomware Attacks
- What NY's New Security Rules Mean for Finance Firms
- Attackers Ramp Up Efforts Targeting Developer Secrets
- Despite Arrests, Scattered Spider Continues High-Profile Hacking
- Cut CISA and Everyone Pays for It
- SANS Top 5: Cyber Has Busted Out of the SOC
googleprojectzero.blogspot.com
- The Windows Registry Adventure #6: Kernel-mode objects
- Blasting Past Webp
- Windows Bug Class: Accessing Trapped COM Objects with IDispatch
- Windows Exploitation Tricks: Trapping Virtual Memory Access (2025 Update)
- The Windows Registry Adventure #5: The regf file format
- The Qualcomm DSP Driver - Unexpectedly Excavating an Exploit
- Windows Tooling Updates: OleView.NET
- Simple macOS kernel extension fuzzing in userspace with IDA and TinyInst
- From Naptime to Big Sleep: Using Large Language Models To Catch Vulnerabilities In Real-World Code
- The Windows Registry Adventure #4: Hives and the registry layout
- Effective Fuzzing: A Dav1d Case Study
- The Windows Registry Adventure #3: Learning resources
kratkespravy.sk
- Zo sveta IT bezpečnosti, 4/2025
- Zo sveta IT bezpečnosti, 3/2025
- Zo sveta IT bezpečnosti, 2/2025
- Zo sveta IT bezpečnosti, 1/2025
- Zo sveta IT bezpečnosti, 12/2024
- Zo sveta IT bezpečnosti, 11/2024
- Zo sveta IT bezpečnosti, 10/2024
- Zo sveta IT bezpečnosti, 9/2024
- Oslo: Návod na použitie
- Zo sveta IT bezpečnosti, 8/2024
krebsonsecurity.com
- xAI Dev Leaks API Key for Private SpaceX, Tesla LLMs
- Alleged ‘Scattered Spider’ Member Extradited to U.S.
- DOGE Worker’s Code Supports NLRB Whistleblower
- Whistleblower: DOGE Siphoned NLRB Case Data
- Funding Expires for Key Cyber Vulnerability Database
- Trump Revenge Tour Targets Cyber Leaders, Elections
- China-based SMS Phishing Triad Pivots to Banks
- Patch Tuesday, April 2025 Edition
- Cyber Forensic Expert in 2,000+ Cases Faces FBI Probe
- How Each Pillar of the 1st Amendment is Under Attack
linuxsecurity.com
- Overcoming SaaS Security Risks with Open-Source Tools
- Understanding the Linux Filesystem Case Sensitivity Debate
- Strengthening Privacy & Security with Tails 6.15
- 20-Year Browser History Privacy Flaw Prompts Chrome 136 Release
- Ubuntu 25.04 & 24.10: USN-7484-1 Critical: OpenJDK 24 Issues Fixed
- Ubuntu 24.04 LTS: 7483-1 critical: OpenJDK 21 Denial of Service
- Ubuntu 25.04 Advisory USN-7482-1: OpenJDK 17 multiple threats fixed
- Ubuntu 25.04: USN-7481-1 critical: OpenJDK 11 Denial of Service
- Ubuntu 25.04: USN-7480-1 critical: openjdk denial of service
- Fedora 41: FEDORA-2025-8fbc37e703 critical: chromium issues
nakedsecurity.sophos.com
-
[kanál neteče]
nukib.cz
- Ředitel NÚKIB Lukáš Kintr jednal v USA o pokračování spolupráce v kybernetické bezpečnosti s administrativou prezidenta Trumpa
- Vydali jsme Čtvrtletní přehled hrozeb pohledem NÚKIB Q1/2025
- Další ročník kyberbezpečnostní konference CYBER_CON se blíží, zapojte se do tvorby programu
- Návrh nového zákona o kybernetické bezpečnosti schválila Poslanecká sněmovna
- Upozorňujeme na metodu „harvest now, decrypt later“
- Vydali jsme přehled kybernetických incidentů za březen 2025
- Upozornění na možnou zvýšenou aktivitu kyberútočníků v souvislosti s EXPO 2025
- Upozorňujeme na zneužívání identit Amazon, Microsoft a státních institucí
- Upozornění na zvýšené riziko DDoS útoků během voleb do Evropského parlamentu
- Upozornění na kompromitaci routerů Ubiquity Edge OS aktérem sponzorovaným ruským státem
- Doporučení v oblasti kryptografických prostředků verze 3.0
- Doporučení k používání protokolu TLP ke sdílení chráněných informací
scmagazine.com
-
[kanál neteče]
security.googleblog.com
-
[kanál neteče]
securityaffairs.co
- Google fixed actively exploited Android flaw CVE-2025-27363
- New ‘Bring Your Own Installer (BYOI)’ technique allows to bypass EDR
- Smishing on a Massive Scale: ‘Panda Shop’ Chinese Carding Syndicate
- Kelly Benefits December data breach impacted over 400,000 individuals
- A hacker stole data from TeleMessage, the firm that sells modified versions of Signal to the U.S. gov
- Experts shared up-to-date C2 domains and other artifacts related to recent MintsLoader attacks
- Sansec uncovered a supply chain attack via 21 backdoored Magento extensions
- US authorities have indicted Black Kingdom ransomware admin
- Malicious Go Modules designed to wipe Linux systems
- SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 44
securityweek.com
- Virtue AI Attracts $30M Investment to Address Critical AI Deployment Risks
- Industry Moves for the week of April 14, 2025 - SecurityWeek
- Insurance Firm Lemonade Says API Glitch Exposed Some Driver’s License Numbers
- Kidney Dialysis Services Provider DaVita Hit by Ransomware
- Conduent Says Names, Social Security Numbers Stolen in Cyberattack
- 2.6 Million Impacted by Landmark Admin, Young Consulting Data Breaches
- China Pursuing 3 Alleged US Operatives Over Cyberattacks During Asian Games
- Blockchain, Quantum, and IoT Firms Unite to Secure Satellite Communications Against Quantum Threats
- NetRise Raises $10 Million to Grow Software Supply Chain Security Platform
- Hertz Discloses Data Breach Linked to Cleo Hack
- CISO Conversations: Maarten Van Horenbeeck, SVP & Chief Security Officer at Adobe
thehackernews.com
- Third Parties and Machine Credentials: The Silent Drivers Behind 2025's Worst Breaches
- Microsoft Warns Default Helm Charts Could Leave Kubernetes Apps Exposed to Data Leaks
- Entra ID Data Protection: Essential or Overkill?
- Update ASAP: Google Fixes Android Flaw (CVE-2025-27363) Exploited by Attackers
- Critical Langflow Flaw Added to CISA KEV List Amid Ongoing Exploitation Evidence
- Wormable AirPlay Flaws Enable Zero-Click RCE on Apple Devices via Public Wi-Fi
- Commvault CVE-2025-34028 Added to CISA KEV After Active Exploitation Confirmed
- Weekly Recap: Nation-State Hacks, Spyware Alerts, Deepfake Malware, Supply Chain Backdoors
- Perfection is a Myth. Leverage Isn't: How Small Teams Can Secure Their Google Workspace
- Golden Chickens Deploy TerraStealerV2 to Steal Browser Credentials and Crypto Wallet Data
- Malicious Go Modules Deliver Disk-Wiping Linux Malware in Advanced Supply Chain Attack
- Iranian Hackers Maintain 2-Year Access to Middle East CNI via VPN Flaws and Malware
therecord.media
- Multiple iHeartRadio stations breached in December
- Peru denies it was hit by ransomware attack following Rhysida claims
- Hackers launch ‘serious’ attacks against Georgia school district, New Mexico university
- Myanmar militia leader sanctioned by US over cyber scam connections
- Ukraine detains alleged FSB agent recruited via TikTok for spying on military
threatpost.com
- Student Loan Breach Exposes 2.5M Records
- Watering Hole Attacks Push ScanBox Keylogger
- Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms
- Ransomware Attacks are on the Rise
- Cybercriminals Are Selling Access to Chinese Surveillance Cameras
- Twitter Whistleblower Complaint: The TL;DR Version
- Firewall Bug Under Active Attack Triggers CISA Warning
- Fake Reservation Links Prey on Weary Travelers
- iPhone Users Urged to Update to Patch 2 Zero-Days
- Google Patches Chrome’s Fifth Zero-Day of the Year
tripwire.com-state-of-security
- As Vishing Gains Momentum, It’s Time to Fight Back
- PIVOTT Act Revived to Tackle Growing Cybersecurity Workforce Shortages
- Strengthening Cybersecurity Incident Response Part 2: From Detection to Recovery
- Getting Email Security Right
- The Growing Threat of Ransomware-as-a-Service (RaaS) on Healthcare Infrastructure
- Ransomware Attacks on Critical Infrastructure Surge, Reports FBI
- The Growing Threat of Ransomware to the Manufacturing Sector
- New Bill Mandates Cybersecurity Overhaul for Federal Contractors
- Scams 2.0: How Technology Is Powering the Next Generation of Fraud
- Smart Africa Unveils 5-Year Cybersecurity Plan to Strengthen Digital Resilience