The threat situation in the software supply chain is intensifying. Securing it belongs at the top of the CISO’s agenda.

Security issues continue to pervade the OpenClaw ecosystem, formerly known as ClawdBot then Moltbot, as multiple projects ...

Two malware campaigns weaponize open-source software to target executives and cloud systems, combining social engineering ...

AutoPentestX is an open-source Linux penetration testing toolkit that automates scanning, CVE mapping, and reporting without unsafe exploitation.

A JavaScript sandbox bug rated CVSS 9.9 enables attackers to bypass AST‑based protections, while a Python execution bypass ...

Google is rolling out Personal Intelligence in AI Mode, letting its Gemini-powered chatbot mine Gmail and Google Photos for instant context. Opt-in US subscribers on the AI Pro an ...

Pulsar RAT 作为开源 Quasar RAT 的复杂变种，通过引入危险的功能增强，使攻击者能够利用高级规避技术维持隐形远程访问。这款专注于 Windows ...

The Testament of Ann Lee Amanda Seyfried founds the Shakers. The Voice of Hind Rajab Medical workers field a call from a ...

Ben Affleck and Matt Damon used a pit stop on "The Joe Rogan Experience" to torch the idea that ChatGPT could pen the next blockbuster. Affleck ...

这并非LinkedIn首次被滥用于定向攻击。近年来，包括与CryptoCore和Contagious Interview攻击活动相关的多个朝鲜威胁行为者，都曾在LinkedIn上以工作机会为幌子联系受害者，并说服他们运行恶意项目，作为所谓评估或代码审查的一部分。

Cybersecurity researchers have disclosed details of an ongoing campaign dubbed KongTuke that used a malicious Google Chrome extension masquerading as an ad blocker to deliberately crash the web ...

安全专家披露了一项活跃的恶意软件攻击活动，攻击者利用开源c-ares库中合法二进制文件的DLL侧加载漏洞，绕过安全控制并传播多种商业木马和窃取程序。攻击者将恶意libcares-2.dll与合法的已签名ahost.exe配对执行代码，绕过传统签名防护。此次攻击分发了Agent Tesla、CryptBot、Formbook等多种恶意软件，主要针对石油天然气、进出口等行业的财务、采购等岗位员工。