To gain root access at this company, all an intruder had to do was ask nicely - 惯性聚合

推荐订阅源

Google DeepMind News

Fortinet All Blogs

阮一峰的网络日志

Apple Machine Learning Research

WordPress大学

让小产品的独立变现更简单 - ezindie.com

Java Code Geeks

罗磊的独立博客

SegmentFault 最新的问题

Visual Studio Blog

钛媒体：引领未来商业与生活新知

美团技术团队

博客园 - 三生石上(FineUI控件)

Stack Overflow Blog

Y Combinator Blog

Google DeepMind News

Blog — PlanetScale

Microsoft Research Blog - Microsoft Research

Secure Thoughts

cs.CL updates on arXiv.org

www.infosecurity-magazine.com

Recent Announcements

CERT Recently Published Vulnerability Notes

True Tiger Recordings

Proofpoint News Feed

Privacy International News Feed

The Cloudflare Blog

Hacker News - Newest: "LLM"

Security Archives - TechRepublic

The Register - Security

Recent Commits to openclaw:main

Palo Alto Networks Blog

Schneier on Security

LINUX DO - 热门话题

CXSECURITY Database RSS Feed - CXSecurity.com

Security Latest

Cybersecurity and Infrastructure Security Agency CISA

The Register - Security

Trump Mobile site leaks customer data as phone finally ships Cisco used AI to write security incident reports, with mixed results Dems slam Trump cyber cuts amid ballroom, Jan. 6 'slush fund' Threat hunters find Google API keys still usable 23 minutes after deletion HackerOne takes an axe to its bug bounty rewards 46k plaintext passwords pwned in Myspace93 breach Cisco serves up yet another perfect 10 bug with Secure Workload admin flaw Microsoft open-sources agentic AI safety tools Zombie user account let hackers control the city’s water Even Claude agrees: hole in its sandbox was real and dangerous GitHub says internal repos exfiltrated after poisoned VS Code extension attack London's police asked Big Tech for comms data over 700,000 times last year Microsoft shuts down illegal code-signing operation used by ransomware crims to mask their malware America's top cyber-defense agency left a GitHub repo open with passwords, keys, tokens – and incredibly obvious filenames America's top cyber-defense agency left a GitHub repo open with with passwords, keys, tokens – and incredibly obvious filenames Clear your calendar, Drupal user: You have a critically urgent patch to install Clear your calendar, Drupal user: You have a critically urgent patch to install Do fear the Reaper - stealer swipes macOS users' passwords, wallets, then backdoors them Shai-Hulud copycat hits another npm package Linux kernel flaw opens root-only files to unprivileged users TanStack weighs invitation-only pull requests after supply chain attack NGINX Rift attackers waste no time targeting exposed servers Poland directs officials to ditch Signal in favor of 'secure' state-developed alternative F-35 software delays leave UK buying time with US glide bombs Mozilla warns UK: Breaking VPNs will not magically fix Britain's age-check mess Grafana Labs admits all its codebase are belong to someone who popped its GitHub account Linus Torvalds says AI-powered bug hunters have made Linux security mailing list ‘almost entirely unmanageable’ OpenAI caught in TanStack npm supply chain chaos after employee devices compromised MPs want social media treated more like unsafe toys than harmless apps Nobody believes the 'criminals and scumbags' who hacked Canvas really deleted stolen student data Cops arrest man suspected of being Dream Market kingpin Dirty Frag gets a sequel as Fragnesia hands Linux attackers root-level access To gain root access at this company, all an intruder had to do was ask nicely AI models are getting better at replacing cybersecurity pros on certain tasks Cisco to fire 4,000 staff and generously give them free training – on Cisco Welcome to the vulnpocalypse, as vendors use AI to find bugs and patches multiply like rabbits AWS patched Quick auth bypass, says customers weren't using control AWS to Quick admins: The access control didn't work, but you weren't using it anyway, so what's the problem? Bug hunter tracks down three massive MCP flaws and one vendor won't fix theirs Disgruntled researcher releases two more Microsoft zero-days Malware crew TeamPCP open-sources its Shai-Hulud worm on GitHub Vietnam to develop domestic cloud so it can ditch risky overseas operators for government workloads Doozy of a Patch Tuesday includes 30 critical Microsoft CVEs Foxconn confirms cyberattack after Nitrogen claims Apple, Nvidia data theft US bank reports itself after AI customer data mishap Cache-poisoning caper turns TanStack npm packages toxic Apple, Google drag cross-platform texting into the encrypted age Japan’s PM orders cybersecurity review to stop Mythos going full CyberZilla Double Canvas breach acknowledged as ShinyHunters sets new pay-or-leak deadline Cookie thieves caught stealing dev secrets via fake Claude Code installers Anthropic’s bug-hunting Mythos was greatest marketing stunt ever, says cURL creator Best Western Hotels confirms web app data breach Checkmarx tackles another TeamPCP intrusion as Jenkins plugin sabotaged Checkmarx tackles another TeamPCP intrusion as Jenkins plugin sabotaged Taiwan's train cyber-trauma reveals a global system that’s coming off the tracks Worm rubs out competitor's malware, then takes control 'Dirty Frag' Linux flaw one-ups CopyFail with no patches and public root exploit Meta U-turns on encryption push for Instagram as DMs go plaintext Hackers ate my homework: Educational SaaS Canvas down after cyberattack Hackers ate my homework: Educational SaaS Canvas down after cyberattack Meta fights Ofcom over how many billions count as billions Mozilla boasts Mythos boosted Firefox bug cull Anthropic response to 1-click pwn: Shouldn't have clicked 'ok' 60% of MD5 password hashes are crackable in under an hour The network password was a key plot point in one of the most famous movies of all time Arctic Wolf cuts 250 jobs in AI push 1 in 8 workers say selling company logins is justifiable Iran cyberspies LARPing as ransomware crims in espionage ops UK age-gating plans risk breaking the internet, privacy groups warn India orders infosec red alert in case Mythos sparks crime India orders infosec red alert in case Mythos sparks crime spree ServiceNow clears agents for landing with new AI control tower Attackers are cashing in on fresh 'CopyFail' Linux flaw 'CopyFail' attackers start cashing in on Linux flaw Real estate giant confirms vishing incident as ShinyHunters and Qilin both come knocking Real estate giant confirms vishing incident as ShinyHunters and Qilin both come knocking ShinyHunters claims dump puts 119K Vimeo emails in the wild ShinyHunters claims 119K Vimeo emails in the wild Romance scammers turn sweet talk into £102M payday Romance scammers turn sweet talk into £102M payday NHS to close-source hundreds of GitHub repos over AI, security concerns Microsoft's bad obsession is showing up in shabby services and slipshod software. Here's proof Singapore boffins get diverse SIEMs singing in harmony with agentic rule translation Singapore boffins get diverse SIEMs singing in harmony Kids say they can beat age checks by drawing on a fake mustache Kids say they can beat age checks by drawing on a fake mustache Shadow IT has given way to shadow AI. Enter AI-BOMs AI-BOMs replace SBOMs as way to track AI agents and bots If the vote you rocked, your personal info can be grokked If the vote you rocked, your personal info can be grokked Five Eyes spook shops warn rapid rollouts of agentic AI are too risky Five Eyes spook shops warn agentic is too wonky for rapid rollout Brace for the patch tsunami: AI is unearthing decades of buried code debt Brace for the patch tsunami: AI is unearthing decades of buried code debt First reports come in of victims of critical cPanel vuln as 'millions' of sites potentially exposed First reports come in of victims of critical cPanel vuln as 'millions' of sites potentially exposed OpenAI locks GPT-5.5-Cyber behind velvet rope despite slamming Anthropic for doing exactly that OpenAI locks GPT-5.5-Cyber behind velvet rope despite slamming Anthropic for doing exactly that Pro-Iran crew turns DDoS into shakedown as Ubuntu.com stays down Pro-Iran crew turns DDoS into shakedown as Ubuntu.com stays down

To gain root access at this company, all an intruder had to do was ask nicely

2026-05-14 · via The Register - Security

此内容由惯性聚合(RSS阅读器)自动聚合整理，仅供阅读参考。原文来自 — 版权归原作者所有。