CISA released three significant Industrial Control Systems (ICS) advisories on August 26, 2025, alerting organizations to critical vulnerabilities affecting widely-deployed automation systems. 

Hackers are targeting American industrial firms by contacting them through their website forms, posing as potential business partners before infecting them with malware.

AI-powered phishing attacks leverage ConnectWise ScreenConnect for remote access, underscoring their sophistication.

The U.S. National Security Agency (NSA), the UK's National Cyber Security Centre (NCSC), and partners from over a dozen countries have linked the Salt Typhoon global hacking campaigns to three China-based technology firms.

A stored cross-site noscripting (XSS) flaw identified in IPFire 2.29’s web-based firewall interface (firewall.cgi). 

یکشنبه
۷ ‏( دی = ۱۰ )‏ ۱٤۰٤
‏28 ( دسامبر = december = 12 ) 2025
تکنیک‌ها ، کالبدشکافی ، درک عمیق ، یک قدم جلوتر ...
https://news.1rj.ru/str/boost/NullError_ir

A cyberattack on Miljödata, an IT systems supplier for roughly 80% of Sweden's municipal systems, has caused accessibility problems in more than 200 regions of the country.

A critical zero-day remote code execution (RCE) vulnerability, tracked as CVE-2025-7775, is affecting over 28,000 Citrix instances worldwide.

Cisco Talos’ Vulnerability Discovery & Research team recently disclosed ten vulnerabilities in BioSig Libbiosig, nine in Tenda AC6 Router, eight in SAIL, two in PDF-XChange Editor, and one in a Foxit PDF Reader.

The vulnerabilities mentioned in this blog…

The U.S. Treasury Department announced new sanctions targeting key players in North Korea’s ongoing scheme to get its citizens hired as IT workers at American companies.

This week Jonathan, Doc, and Aaron chat about Open Source AI, advertisements, and where we’re at in the bubble roller coaster!

The Sangoma FreePBX Security Team is warning about an actively exploited FreePBX zero-day vulnerability that impacts systems with the Administrator Control Panel (ACP) is exposed to the internet.

یکشنبه
۷ ‏( دی = ۱۰ )‏ ۱٤۰٤
‏28 ( دسامبر = december = 12 ) 2025
تکنیک‌ها ، کالبدشکافی ، درک عمیق ، یک قدم جلوتر ...
https://news.1rj.ru/str/boost/NullError_ir

The Mustang Panda APT is hijacking Google Chrome browsers when they attempt to connect to new networks and redirecting them to phishing sites.

Threat researchers discovered the first AI-powered ransomware, called PromptLock, that uses Lua noscripts to steal and encrypt data on Windows, macOS, and Linux systems.

The ZipLine campaign is a sophisticated phishing scheme that has already hit dozens of organizations across industries of all sizes.

The Game Boy Advance (GBA) was released in 2001 to breathe some new life into the handheld market, and it did it with remarkable success. Unfortunately, the original models had a glaring problem: t…

یکشنبه
۷ ‏( دی = ۱۰ )‏ ۱٤۰٤
‏28 ( دسامبر = december = 12 ) 2025
تکنیک‌ها ، کالبدشکافی ، درک عمیق ، یک قدم جلوتر ...
https://news.1rj.ru/str/boost/NullError_ir

The threat actor abused Anthropic's Claude Code service to "an unprecedented degree," automating reconnaissance, intrusions, and credential harvesting.

Microsoft warns that a threat actor tracked as Storm-0501 has evolved its operations, shifting away from encrypting devices with ransomware to focusing on cloud-based encryption, data theft, and extortion.