@cyber-security ↑
zdroje:
#bleepingcomputer.com
#blog.google-TAG
#csirt.cz
#cyberscoop.com
#cybersecuritynews.com
#darkreading.com
#googleprojectzero.blogspot.com
#kratkespravy.sk
#krebsonsecurity.com
#linuxsecurity.com
#nakedsecurity.sophos.com
#nukib.cz
#scmagazine.com
#security.googleblog.com
#securityaffairs.co
#securityweek.com
#thehackernews.com
#therecord.media
#threatpost.com
#tripwire.com-state-of-security
bleepingcomputer.com
- MITRE warns that funding for critical CVE program expires today
- ChatGPT 4.1 early benchmarks compared against Google Gemini
- Midnight Blizzard deploys new GrapeLoader malware in embassy phishing
- Landmark Admin data breach impact now reaches 1.6 million people
- Infamous message board 4chan taken down following major hack
- Microsoft blocks ActiveX by default in Microsoft 365, Office 2024
- Microsoft: Exchange 2016 and 2019 reach end of support in six months
- Google adds Android auto-reboot to block forensic data extractions
- Microsoft warns of CPU spikes when typing in classic Outlook
- Hertz confirms customer info, drivers' licenses stolen in data breach
- Govtech giant Conduent confirms client data stolen in January cyberattack
- Cybersecurity firm buying hacker forum accounts to spy on cybercriminals
blog.google-TAG
- TAG Bulletin: Q4 2024
- TAG Bulletin: Q3 2024
- State-backed attackers and commercial surveillance vendors repeatedly use the same exploits
- Iranian backed group steps up phishing campaigns against Israel, U.S.
- Google disrupted over 10,000 instances of DRAGONBRIDGE activity in Q1 2024
- TAG Bulletin: Q2 2024
- A review of zero-day in-the-wild exploits in 2023
- TAG Bulletin: Q1 2024
- Tool of First Resort: Israel-Hamas War in Cyber
- Buying Spying: How the commercial surveillance industry works and what can be done about it
- TAG Bulletin: Q4 2023
- Russian threat group COLDRIVER expands its targeting of Western officials to include the use of malware
csirt.cz
- Distribuovaný FTP bruteforcer
- Oracle potvrdil únik dat, útočník nabízí 6 milionů záznamů
- Postřehy z bezpečnosti: operace Red Card vyústila v zatčení tří set lidí
- NÚKIB spustil novou verzi Portálu
- Botnet Eleven11bot infikoval desítky tisíc zařízení a sloužit má k DDoS útokům
- Desítky podvodných stránek napodobujících DeepSeek jsou využívány k šíření malware
- Postřehy z bezpečnosti: starý dobrý miner ukrytý v herních instalátorech
- Falešné hovory a umělá inteligence zvyšují úspěšnost nebezpečných útoků
- Pozor na falešné SMS zneužívající číslo 158
- Postřehy z bezpečnosti: běžný den týmu telefonických podvodníků
cyberscoop.com
- Chinese law enforcement places NSA operatives on wanted list over alleged cyberattacks
- Chinese espionage group leans on open-source tools to mask intrusions
- Is Ivanti the problem or a symptom of a systemic issue with network devices?
- Rep. Swalwell demands Hill briefing on planned CISA personnel cuts
- Judges strike skeptical note of NSO Group’s argument to dismiss case from El Salvadoran journos
- Cyber experts offer lukewarm praise for voluntary code governing use of commercial hacking tools
- Trump signs order stripping Chris Krebs of security clearance
- BadBazaar and Moonshine malware targets Taiwanese, Tibetan and Uyghur groups, U.K. warns
- Treasury bureau notifies Congress that email hack was a ‘major’ cybersecurity incident
- Bill to study national security risks in routers passes House committee
cybersecuritynews.com
private- Authorities Dismantled 4 Encrypted Cyber Criminals Communication Platforms
- Using Threat Intelligence To Combat Advanced Persistent Threats (APTs)
- Windows 11 Escalation Vulnerability Let Attackers Gain Admin Access Within 300 Milliseconds
- Critical Chrome Vulnerability Let Attackers Steal Data & Gain Unauthorized Access
- MITRE’s Support for CVE Program Expired Today! – Internal Letter Leaked Online, “MITRE Confirmed”
- Microsoft 365 Outage – Admins are Unable to Access the Microsoft 365 Admin Center
- Why 78% of Security Leaders Are Rethinking Their Entire Cyber Strategy in 2025
- Data Poisoning: The Next Evolution of Ransomware That No One is Ready For
- How and Why Threat Hunting Teams Investigate Linux Malware Attacks
- New PasivRobber Malware Steals Data From macOS Systems and Applications
darkreading.com
- Max Severity Bug in Apache Roller Enabled Persistent Access
- With AI's Help, Bad Bots Are Taking Over the Web
- AI-Powered Presentation Tool Leveraged in Phishing Attacks
- Hertz Falls Victim to Cleo Zero-Day Attacks
- Wave of Wine-Inspired Phishing Attacks Targets EU Diplomats
- China-Backed Threat Actor 'UNC5174' Using Open Source Tools in Stealthy Attacks
- Are We Prioritizing the Wrong Security Metrics?
- AI Code Tools Widely Hallucinate Packages
- Threat Intel Firm Offers Crypto in Exchange for Dark Web Accounts
- Fortinet Zero-Day Bug May Lead to Arbitrary Code Execution
- Chinese APTs Exploit EDR 'Visibility Gap' for Cyber Espionage
- A New 'It RAT': Stealthy 'Resolver' Malware Burrows In
googleprojectzero.blogspot.com
- Blasting Past Webp
- Windows Bug Class: Accessing Trapped COM Objects with IDispatch
- Windows Exploitation Tricks: Trapping Virtual Memory Access (2025 Update)
- The Windows Registry Adventure #5: The regf file format
- The Qualcomm DSP Driver - Unexpectedly Excavating an Exploit
- Windows Tooling Updates: OleView.NET
- Simple macOS kernel extension fuzzing in userspace with IDA and TinyInst
- From Naptime to Big Sleep: Using Large Language Models To Catch Vulnerabilities In Real-World Code
- The Windows Registry Adventure #4: Hives and the registry layout
- Effective Fuzzing: A Dav1d Case Study
- The Windows Registry Adventure #3: Learning resources
- Project Naptime: Evaluating Offensive Security Capabilities of Large Language Models
kratkespravy.sk
- Zo sveta IT bezpečnosti, 3/2025
- Zo sveta IT bezpečnosti, 2/2025
- Zo sveta IT bezpečnosti, 1/2025
- Zo sveta IT bezpečnosti, 12/2024
- Zo sveta IT bezpečnosti, 11/2024
- Zo sveta IT bezpečnosti, 10/2024
- Zo sveta IT bezpečnosti, 9/2024
- Oslo: Návod na použitie
- Zo sveta IT bezpečnosti, 8/2024
- Zo sveta IT bezpečnosti, 7/2024
krebsonsecurity.com
- Funding Expires for Key Cyber Vulnerability Database
- Trump Revenge Tour Targets Cyber Leaders, Elections
- China-based SMS Phishing Triad Pivots to Banks
- Patch Tuesday, April 2025 Edition
- Cyber Forensic Expert in 2,000+ Cases Faces FBI Probe
- How Each Pillar of the 1st Amendment is Under Attack
- When Getting Phished Puts You in Mortal Danger
- Arrests in Tap-to-Pay Scheme Powered by Phishing
- DOGE to Fired CISA Staff: Email Us Your Personal Data
- ClickFix: How to Infect Your PC in Three Easy Steps
linuxsecurity.com
- Securing Kubernetes and Cloud-Native Environments through DevSecOps
- Mastering SSH for Secure Linux Remote Server Management
- BPFDoor: Understanding Malware Threats and Mitigation Tactics
- Navigating Open Source Security with TuxCare Insights and Strategies
- SUSE: 2025:1285-1 important: etcd memory allocation issue
- openSUSE Leap 15.6: 2025:1285-1 critical: etcd memory allocation fix
- SUSE 15 SP6: Update Apache2-mod_auth_openidc Important Data Leak Fix
- openSUSE 15.6: SUSE-SU-2025:1286-1 important: apache2 data leak
- openSUSE Leap 15.6: SUSE 2025:1287-1 moderate: mozjs52 fix
- openSUSE: 2025:1287-1 moderate: mozjs52 buffer overflow
nakedsecurity.sophos.com
-
[kanál neteče]
nukib.cz
- Národní úřad pro kybernetickou a informační bezpečnost uspořádal cvičení pro spojence NATO
- Upozornění na možnou zvýšenou aktivitu kyberútočníků v souvislosti s EXPO 2025
- Šestý ročník mezinárodní Prague Cyber Security Conference 2025
- Vydali jsme přehled kybernetických incidentů za únor 2025
- V Praze byl zahájen šestý ročník mezinárodní Prague Cyber Security Conference pořádané NÚKIB
- Česko na neformálním zasedání Rady pro telekomunikace podpořilo posílení kybernetické bezpečnosti v EU
- Upozorňujeme na zneužívání identit Amazon, Microsoft a státních institucí
- Upozornění na zvýšené riziko DDoS útoků během voleb do Evropského parlamentu
- Upozornění na kompromitaci routerů Ubiquity Edge OS aktérem sponzorovaným ruským státem
- Upozorňujeme na dvě kritické zranitelnosti v operačním systému FortiOS
- Doporučení v oblasti kryptografických prostředků verze 3.0
- Doporučení k používání protokolu TLP ke sdílení chráněných informací
scmagazine.com
-
[kanál neteče]
security.googleblog.com
-
[kanál neteče]
securityaffairs.co
- Critical Apache Roller flaw allows to retain unauthorized access even after a password change
- Meta will use public EU user data to train its AI models
- Hertz disclosed a data breach following 2024 Cleo zero-day attack
- Gladinet flaw CVE-2025-30406 actively exploited in the wild
- New malware ‘ResolverRAT’ targets healthcare, pharmaceutical firms
- Malicious NPM packages target PayPal users
- Tycoon2FA phishing kit rolled out significant updates
- South African telecom provider Cell C disclosed a data breach following a cyberattack
- SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 41
- Security Affairs newsletter Round 519 by Pierluigi Paganini – INTERNATIONAL EDITION
securityweek.com
- Virtue AI Attracts $30M Investment to Address Critical AI Deployment Risks
- Industry Moves for the week of April 14, 2025 - SecurityWeek
- Insurance Firm Lemonade Says API Glitch Exposed Some Driver’s License Numbers
- Kidney Dialysis Services Provider DaVita Hit by Ransomware
- Conduent Says Names, Social Security Numbers Stolen in Cyberattack
- 2.6 Million Impacted by Landmark Admin, Young Consulting Data Breaches
- China Pursuing 3 Alleged US Operatives Over Cyberattacks During Asian Games
- Blockchain, Quantum, and IoT Firms Unite to Secure Satellite Communications Against Quantum Threats
- NetRise Raises $10 Million to Grow Software Supply Chain Security Platform
- Hertz Discloses Data Breach Linked to Cleo Hack
- CISO Conversations: Maarten Van Horenbeeck, SVP & Chief Security Officer at Adobe
thehackernews.com
- U.S. Govt. Funding for MITRE's CVE Ends April 16, Cybersecurity Community on Alert
- Chinese Hackers Target Linux Systems Using SNOWLIGHT Malware and VShell Tool
- Critical Apache Roller Vulnerability (CVSS 10.0) Enables Unauthorized Session Persistence
- Majority of Browser Extensions Can Access Sensitive Enterprise Data, New Report Finds
- Malicious PyPI Package Targets MEXC Trading API to Steal Credentials and Redirect Orders
- Crypto Developers Targeted by Python Malware Disguised as Coding Challenges
- Gladinet’s Triofox and CentreStack Under Active Exploitation via Critical RCE Vulnerability
- Meta Resumes E.U. AI Training Using Public User Data After Regulator Approval
- ResolverRAT Campaign Targets Healthcare, Pharma via Phishing and DLL Side-Loading
- Phishing Campaigns Use Real-Time Checks to Validate Victim Emails Before Credential Theft
- Weekly Recap: Windows 0-Day, VPN Exploits, Weaponized AI, Hijacked Antivirus and More
- Cybersecurity in the AI Era: Evolve Faster Than the Threats or Get Left Behind
therecord.media
- MITRE warns of lapse with CVE program as contract with US set to expire
- China accuses NSA of launching cyberattacks on Asian Winter Games
- 23andMe bankruptcy draws investigation from House panel over data concerns
- EU confirms issuing ‘burner phones’ to top officials but denies practice caused by Trump
- Insurance firm Lemonade says breach exposed driver’s license numbers
threatpost.com
- Student Loan Breach Exposes 2.5M Records
- Watering Hole Attacks Push ScanBox Keylogger
- Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms
- Ransomware Attacks are on the Rise
- Cybercriminals Are Selling Access to Chinese Surveillance Cameras
- Twitter Whistleblower Complaint: The TL;DR Version
- Firewall Bug Under Active Attack Triggers CISA Warning
- Fake Reservation Links Prey on Weary Travelers
- iPhone Users Urged to Update to Patch 2 Zero-Days
- Google Patches Chrome’s Fifth Zero-Day of the Year
tripwire.com-state-of-security
- Best Practices for Transitioning from Security to Privacy
- Energy Under Siege: How the Industry is Fighting Against Cyber Attacks
- Article 7 of GDPR: Preserving Data Integrity in Image Publication
- Ransomware Reaches A Record High, But Payouts Are Dwindling
- The Cost of Ransomware: Shutdowns & Extortion
- Cyber Fraud: The Primary Culprit in UK Payment Fraud
- April 2025 Patch Tuesday Analysis
- How CEOs Can Embrace GenAI for Business Growth
- Information Security Risk Management (ISRM) Boosts Compliance by Undermining Configuration Drift
- Mastering Cybersecurity Incident Communication Part 1: A Proactive Approach