@cyber-security ↑
zdroje:
#bleepingcomputer.com
#blog.google-TAG
#csirt.cz
#cyberscoop.com
#cybersecuritynews.com
#darkreading.com
#googleprojectzero.blogspot.com
#kratkespravy.sk
#krebsonsecurity.com
#linuxsecurity.com
#nakedsecurity.sophos.com
#nukib.cz
#scmagazine.com
#security.googleblog.com
#securityaffairs.co
#securityweek.com
#thehackernews.com
#therecord.media
#threatpost.com
#tripwire.com-state-of-security
bleepingcomputer.com
- CrushFTP warns users to patch unauthenticated access flaw immediately
- Cloudflare R2 service outage caused by password rotation error
- Broadcom warns of authentication bypass in VMware Windows Tools
- New Windows zero-day leaks NTLM hashes, gets unofficial patch
- EncryptHub linked to MMC zero-day attacks on Windows systems
- Browser-in-the-Browser attacks target CS2 players' Steam accounts
- New Android malware uses Microsoft’s .NET MAUI to evade detection
- 23andMe files for bankruptcy, customers advised to delete DNA data
- New VanHelsing ransomware targets Windows, ARM, ESXi systems
- Cyberattack takes down Ukrainian state railway’s online services
- DrayTek routers worldwide go into reboot loops over weekend
- Chinese Weaver Ant hackers spied on telco network for 4 years
blog.google-TAG
- TAG Bulletin: Q4 2024
- TAG Bulletin: Q3 2024
- State-backed attackers and commercial surveillance vendors repeatedly use the same exploits
- Iranian backed group steps up phishing campaigns against Israel, U.S.
- Google disrupted over 10,000 instances of DRAGONBRIDGE activity in Q1 2024
- TAG Bulletin: Q2 2024
- A review of zero-day in-the-wild exploits in 2023
- TAG Bulletin: Q1 2024
- Tool of First Resort: Israel-Hamas War in Cyber
- Buying Spying: How the commercial surveillance industry works and what can be done about it
- TAG Bulletin: Q4 2023
- Russian threat group COLDRIVER expands its targeting of Western officials to include the use of malware
csirt.cz
- NÚKIB spustil novou verzi Portálu
- Botnet Eleven11bot infikoval desítky tisíc zařízení a sloužit má k DDoS útokům
- Desítky podvodných stránek napodobujících DeepSeek jsou využívány k šíření malware
- Postřehy z bezpečnosti: starý dobrý miner ukrytý v herních instalátorech
- Falešné hovory a umělá inteligence zvyšují úspěšnost nebezpečných útoků
- Pozor na falešné SMS zneužívající číslo 158
- Postřehy z bezpečnosti: běžný den týmu telefonických podvodníků
- Pozor na phishing napodobující službu MojeID
- Ransomwarový útok ochromil služby katastru na Slovensku
- Akt o kybernetické odolnosti je platný. V účinnost vstoupí za dva roky
cyberscoop.com
- Trump issues executive order seeking greater federal control of elections
- Senators criticize Trump officials’ discussion of war plans over Signal, but administration answers don’t come easily
- Privacy-boosting tech could prevent breaches, data misuse with government aid, report says
- Researchers raise alarm about critical Next.js vulnerability
- As 23andMe declares bankruptcy, privacy advocates sound alarm about DNA data
- Canadian citizen allegedly involved in Snowflake attacks consents to extradition to US
- Despite challenges, the CVE program is a public-private partnership that has shown resilience
- FCC’s Carr alleges Chinese companies are making ‘end run’ around Chinese telecom bans, announces investigation
- Nation-state groups hit hundreds of organizations with Microsoft Windows zero-day
- Capital One hacker Paige Thompson got too light a sentence, appeals court rules
cybersecuritynews.com
private- VMware Tools for Windows Vulnerability Let Attackers Bypass Authentication
- Hackers Exploit Windows MMC Zero-Day Vulnerability to Execute Malicious Code
- Active Roles Wins 2025 Cybersecurity Excellence Award for Hybrid Active Directory Protection
- CYREBRO Recognized in Gartner Emerging Tech Report for Detection and Response Startups
- ARMO Launches First Cloud App Detection and Response to Unify Code to Cloud Runtime Security
- Hackers Deliver Malware via Browser Extensions & Legitimate Tools to Bypass Security Controls
- Malicious AI Tools Spike 200% and Discussions on Jailbreaking Legitimate ChatGPT Grow by 52%
- 248,000 Mobile Users Infected by Banking Malware With Social Engineering Techniques
- Microsoft Announces New Enhanced Protection Against AI & BYOD for Edge Business Users
- Researchers Compared Malware Development in Rust vs C & C++ Languages
darkreading.com
- OPSEC Nightmare: Leaking US Military Plans to a Reporter
- South African Poultry Company Reports $1M Loss After Cyber Intrusion
- Accused Snowflake Attacker 'Judische' Agrees to US Extradition
- 5 Considerations for a Data Loss Prevention Rollout
- Meet the Low-Key Access Broker Supercharging Russian State Cybercrime
- 23andMe Bankruptcy Filing May Put Sensitive Data at Risk
- Windows 10 End-of-Life Puts SMB at Risk
- Microsoft Gives Security Copilot Some Autonomy
- Chinese Hacker Group Tracked Back to iSoon APT Operation
- FBI Warns of Document Converter Tools Due to Uptick in Scams
- Critical 'IngressNightmare' Vulns Imperil Kubernetes Environments
- China-Nexus APT 'Weaver Ant' Caught in Yearslong Web Shell Attack
googleprojectzero.blogspot.com
- Windows Bug Class: Accessing Trapped COM Objects with IDispatch
- Windows Exploitation Tricks: Trapping Virtual Memory Access (2025 Update)
- The Windows Registry Adventure #5: The regf file format
- The Qualcomm DSP Driver - Unexpectedly Excavating an Exploit
- Windows Tooling Updates: OleView.NET
- Simple macOS kernel extension fuzzing in userspace with IDA and TinyInst
- From Naptime to Big Sleep: Using Large Language Models To Catch Vulnerabilities In Real-World Code
- The Windows Registry Adventure #4: Hives and the registry layout
- Effective Fuzzing: A Dav1d Case Study
- The Windows Registry Adventure #3: Learning resources
- Project Naptime: Evaluating Offensive Security Capabilities of Large Language Models
- Driving forward in Android drivers
kratkespravy.sk
- Zo sveta IT bezpečnosti, 2/2025
- Zo sveta IT bezpečnosti, 1/2025
- Zo sveta IT bezpečnosti, 12/2024
- Zo sveta IT bezpečnosti, 11/2024
- Zo sveta IT bezpečnosti, 10/2024
- Zo sveta IT bezpečnosti, 9/2024
- Oslo: Návod na použitie
- Zo sveta IT bezpečnosti, 8/2024
- Zo sveta IT bezpečnosti, 7/2024
- Zo sveta IT bezpečnosti, 6/2024
krebsonsecurity.com
- Arrests in Tap-to-Pay Scheme Powered by Phishing
- DOGE to Fired CISA Staff: Email Us Your Personal Data
- ClickFix: How to Infect Your PC in Three Easy Steps
- Microsoft: 6 Zero-Days in March 2025 Patch Tuesday
- Alleged Co-Founder of Garantex Arrested in India
- Feds Link $150M Cyberheist to 2022 LastPass Hacks
- Who is the DOGE and X Technician Branden Spikes?
- Notorious Malware, Spam Host “Prospero” Moves to Kaspersky Lab
- U.S. Soldier Charged in AT&T Hack Searched “Can Hacking Be Treason”
- Trump 2.0 Brings Cuts to Cyber, Consumer Protections
linuxsecurity.com
- Anatomy of Linux Ransomware Attacks and Protection Strategies
- What OpenInfra Joining Linux Foundation Means for Cloud Security Posture Management
- How Linux Security Admins Can Safeguard Firefox from Add-On Breakage
- Microsoft's Hornet: Securing the Linux Kernel with eBPF Verification
- Debian: DSA-5886-1: ruby-rack Security Advisory Updates
- Ubuntu 7371-1: FreeRDP Security Advisory Updates
- openSUSE: 2025:14920-1 moderate: gitleaks-8.24.2-1.1 Advisory Security Update
- openSUSE: 2025:14919-1 moderate: forgejo-10.0.3-1.1 Advisory Security Update
- openSUSE: 2025:1012-1 important: php8 Advisory Security Update
- SUSE: 2025:1012-1 important: php8 Security Advisory Updates
nakedsecurity.sophos.com
-
[kanál neteče]
nukib.cz
- Vydali jsme přehled kybernetických incidentů za únor 2025
- V Praze byl zahájen šestý ročník mezinárodní Prague Cyber Security Conference pořádané NÚKIB
- Česko na neformálním zasedání Rady pro telekomunikace podpořilo posílení kybernetické bezpečnosti v EU
- Vyšší bezpečnost a odolnost vůči kybernetickým hrozbám díky projektu „Černá Pole 3 – Kyberbezpečnost“
- Portál NÚKIB je nyní modernější a přehlednější
- Upozorňujeme na zneužívání identit Amazon, Microsoft a státních institucí
- Upozornění na zvýšené riziko DDoS útoků během voleb do Evropského parlamentu
- Upozornění na kompromitaci routerů Ubiquity Edge OS aktérem sponzorovaným ruským státem
- Upozorňujeme na dvě kritické zranitelnosti v operačním systému FortiOS
- Upozorňujeme na hrozbu Terrapin útoku mířícího na SSH protokol
- Doporučení v oblasti kryptografických prostředků verze 3.0
- Doporučení k používání protokolu TLP ke sdílení chráněných informací
scmagazine.com
-
[kanál neteče]
security.googleblog.com
-
[kanál neteče]
securityaffairs.co
- Android malware campaigns use .NET MAUI to evade detection
- Astral Foods, South Africa’s largest poultry producer, lost over $1M due to a cyberattack
- A cyberattack hits Ukraine’s national railway operator Ukrzaliznytsia
- Chinese APT Weaver Ant infiltrated a telco in Asia for over four years
- Medusa ransomware uses malicious Windows driver ABYSSWORKER to disable security tools
- Attackers can bypass middleware auth checks by exploiting critical Next.js flaw
- FBI warns of malicious free online document converters spreading malware
- Cloak ransomware group hacked the Virginia Attorney General’s Office
- SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 38
- Security Affairs newsletter Round 516 by Pierluigi Paganini – INTERNATIONAL EDITION
securityweek.com
- Google Patches Chrome Sandbox Escape Zero-Day Caught by Kaspersky
- Industry Moves for the week of March 24, 2025 - SecurityWeek
- Vulnerability Exploitation Possibly Behind Widespread DrayTek Router Reboots
- VMware Patches Authentication Bypass Flaw in Windows Tools Suite
- Microsoft Adds AI Agents to Security Copilot
- Charm Security Emerges From Stealth With $8 Million in Funding
- Numotion Data Breach Impacts Nearly 500,000 People
- Webinar Today: Which Security Testing Approach is Right for You?
- Chinese APT Weaver Ant Targeting Telecom Providers in Asia
- Ransomware Shifts Tactics as Payouts Drop: Critical Infrastructure in the Crosshairs
- Hacker Conversations: Frank Trezza – From Phreaker to Pentester
thehackernews.com
- Researchers Uncover ~200 Unique C2 Domains Linked to Raspberry Robin Access Broker
- Chinese Hackers Breach Asian Telecom, Remain Undetected for Over 4 Years
- AI-Powered SaaS Security: Keeping Pace with an Expanding Attack Surface
- Hackers Use .NET MAUI to Target Indian and Chinese Users with Fake Banking, Social Apps
- INTERPOL Arrests 306 Suspects, Seizes 1,842 Devices in Cross-Border Cybercrime Bust
- Critical Ingress NGINX Controller Vulnerability Allows RCE Without Authentication
- Microsoft Adds Inline Data Protection to Edge for Business to Block GenAI Data Leaks
- VanHelsing RaaS Launch: 3 Victims, $5K Entry Fee, Multi-OS, and Double Extortion Tactics
- THN Weekly Recap: GitHub Supply Chain Attack, AI Malware, BYOVD Tactics, and More
- VSCode Marketplace Removes Two Extensions Deploying Early-Stage Ransomware
- How to Balance Password Security Against User Experience
- Critical Next.js Vulnerability Allows Attackers to Bypass Middleware Authorization Checks
therecord.media
- Hacker defaces NYU website, exposing admissions data on 1 million students
- Nearly $13 million stolen from Abracadabra Finance in crypto heist
- Alleged Snowflake hacker consents to extradition from Canada after US charges
- Cyber Command official is Trump’s choice for Pentagon policy job
- Flurry to pay $3.5 million for harvesting sexual and reproductive health data from period app
threatpost.com
- Student Loan Breach Exposes 2.5M Records
- Watering Hole Attacks Push ScanBox Keylogger
- Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms
- Ransomware Attacks are on the Rise
- Cybercriminals Are Selling Access to Chinese Surveillance Cameras
- Twitter Whistleblower Complaint: The TL;DR Version
- Firewall Bug Under Active Attack Triggers CISA Warning
- Fake Reservation Links Prey on Weary Travelers
- iPhone Users Urged to Update to Patch 2 Zero-Days
- Google Patches Chrome’s Fifth Zero-Day of the Year
tripwire.com-state-of-security
- An Introduction to Data Masking in Privacy Engineering
- MAS Compliance 101: Key Regulations for Financial Institutions in Singapore
- Cross-Border Data Compliance: Navigating Public Security Regulations in a Connected World
- Top 10 Scam Techniques: What You Need to Know
- BlackLock Ransomware: What You Need To Know
- CMS ARS: A Blueprint for US Healthcare Data Security and Compliance
- The Intersection of Public Policy and Cybersecurity: Building a Framework for 2025 and Beyond
- How to Secure Your Information on AWS: 10 Best Practices
- The 10 Most Common Website Security Attacks (and How to Protect Yourself)
- What is Bundesamt für Sicherheit in der Informationstechnik (BSI)?