Vulnerability News
前往频道在 Telegram
Every day new posts about vulnerabilities and cybersecurity news. Get the latest news about the cyberspace! Group: @VulnerabilityNewsGroup
显示更多5 012
订阅者
+824 小时
+287 天
+11830 天
数据加载中...
相似频道
标签云
进出提及
---
---
---
---
---
---
吸引订阅者
七月 '26
七月 '26
+20
在0个频道中
六月 '26
+156
在0个频道中
Get PRO
五月 '26
+204
在0个频道中
Get PRO
四月 '26
+187
在0个频道中
Get PRO
三月 '26
+254
在0个频道中
Get PRO
二月 '26
+116
在0个频道中
Get PRO
一月 '26
+166
在0个频道中
Get PRO
十二月 '25
+134
在0个频道中
Get PRO
十一月 '25
+139
在0个频道中
Get PRO
十月 '25
+8
在0个频道中
Get PRO
九月 '25
+12
在0个频道中
Get PRO
八月 '25
+13
在0个频道中
Get PRO
七月 '25
+11
在0个频道中
Get PRO
六月 '25
+12
在0个频道中
Get PRO
五月 '25
+18
在1个频道中
Get PRO
四月 '25
+14
在0个频道中
Get PRO
三月 '25
+21
在0个频道中
Get PRO
二月 '25
+17
在0个频道中
Get PRO
一月 '25
+15
在1个频道中
Get PRO
十二月 '24
+262
在1个频道中
Get PRO
十一月 '24
+206
在1个频道中
Get PRO
十月 '24
+166
在0个频道中
Get PRO
九月 '24
+146
在0个频道中
Get PRO
八月 '24
+137
在0个频道中
Get PRO
七月 '24
+96
在1个频道中
Get PRO
六月 '24
+91
在0个频道中
Get PRO
五月 '24
+95
在0个频道中
Get PRO
四月 '24
+104
在0个频道中
Get PRO
三月 '24
+149
在0个频道中
Get PRO
二月 '24
+279
在0个频道中
Get PRO
一月 '24
+395
在0个频道中
Get PRO
十二月 '23
+327
在0个频道中
Get PRO
十一月 '23
+38
在0个频道中
Get PRO
十月 '23
+32
在0个频道中
Get PRO
九月 '23
+47
在0个频道中
Get PRO
八月 '23
+53
在0个频道中
Get PRO
七月 '23
+51
在0个频道中
Get PRO
六月 '23
+42
在0个频道中
Get PRO
五月 '23
+43
在0个频道中
Get PRO
四月 '23
+67
在0个频道中
Get PRO
三月 '23
+65
在0个频道中
Get PRO
二月 '23
+45
在0个频道中
Get PRO
一月 '23
+67
在0个频道中
Get PRO
十二月 '22
+62
在0个频道中
Get PRO
十一月 '22
+71
在0个频道中
Get PRO
十月 '22
+70
在0个频道中
Get PRO
九月 '22
+55
在0个频道中
Get PRO
八月 '22
+44
在0个频道中
Get PRO
七月 '22
+54
在0个频道中
Get PRO
六月 '22
+78
在0个频道中
Get PRO
五月 '22
+46
在0个频道中
Get PRO
四月 '22
+77
在0个频道中
Get PRO
三月 '22
+105
在0个频道中
Get PRO
二月 '22
+48
在0个频道中
Get PRO
一月 '22
+61
在0个频道中
Get PRO
十二月 '21
+99
在0个频道中
Get PRO
十一月 '21
+68
在0个频道中
Get PRO
十月 '21
+170
在0个频道中
Get PRO
九月 '21
+72
在0个频道中
Get PRO
八月 '21
+104
在0个频道中
Get PRO
七月 '21
+72
在0个频道中
Get PRO
六月 '21
+292
在0个频道中
Get PRO
五月 '21
+1 344
在0个频道中
| 日期 | 订阅者增长 | 提及 | 频道 | |
| 04 七月 | +3 | |||
| 03 七月 | +10 | |||
| 02 七月 | +3 | |||
| 01 七月 | +4 |
频道帖子
Malaysia's LHDN Tax Portal Data Offered for Sale, 10 Million Taxpayer Records Exposed
A threat actor using the alias dezetat is advertising a database from Malaysia's Inland Revenue Board (LHDN / IRBM), taken from the MyTax portal, for $20,000.
https://darkwebinformer.com/malaysias-lhdn-tax-portal-data-offered-for-sale-10-million-taxpayer-records-exposed/
| 2 | Aussies Face Reduced Cybercrime Risk, as Pressure Shifts to SMBs
Improved institutional safeguards and stricter regulations have pushed the burdens of protection and risk reduction on to Australian businesses.
https://www.darkreading.com/cybersecurity-analytics/aussies-face-reduced-cybercrime-risk-pressure-shifts-smbs | 69 |
| 3 | Chinese LLMs Broaden the Gap Between Attackers & Defenders
Two new models from Chinese firms compete with top US mainstream and frontier models. Should cyber-defenders be worried?
https://www.darkreading.com/cyber-risk/chinese-llms-broaden-gap-between-attackers-and-defenders | 53 |
| 4 | PamStealer Uses Fake Maccy Sites and PAM Checks to Steal Mac Login Passwords
Cybersecurity researchers have flagged a new macOS information stealer called PamStealer that employs a series of clever tricks to infect systems and siphon sensitive data.
The stealer, discovered by Jamf Threat Labs, is distributed as a compiled AppleScript (.scpt) file impersonating Maccy, a legitimate open-source clipboard manager. It has been codenamed PamStealer owing to its ability to
https://thehackernews.com/2026/07/pamstealer-uses-fake-maccy-sites-and.html | 47 |
| 5 | European Parliament Member Investigating Spyware Was Hacked With Pegasus
A new report from the Citizen Lab has revealed that former Member of the European Parliament Stelios Kouloglou had his mobile device repeatedly hacked with the notorious Pegasus spyware while serving on a committee that was tasked with investigating the abuse of such commercial surveillance tools in the bloc.
"Through forensic analysis of his device, we found that the attackers could have had
https://thehackernews.com/2026/07/european-parliament-member.html | 45 |
| 6 | Armored Likho Targets Government Agencies, Power Sector with BusySnake Stealer
A previously undocumented threat actor known as Armored Likho has been attributed to cyber attacks targeting government agencies and the electric power sector across Russia, Brazil, and Kazakhstan.
"Armored Likho blends financially motivated campaigns targeting private individuals with targeted cyber espionage aimed at organizations," Kaspersky said in a technical analysis published today. "
https://thehackernews.com/2026/07/armored-likho-targets-government.html | 30 |
| 7 | North Korea-Linked npm Packages Mimic Rollup Polyfills to Steal Developer Secrets
Threat actors with ties to North Korea have been linked to a fresh set of malicious npm packages that masquerade as Rollup polyfill tooling to facilitate remote access and data theft.
According to JFrog, the packages "rollup-packages-polyfill-core" and "rollup-runtime-polyfill-core" mimic the legitimate "rollup-plugin-polyfill-node" project, down to the description, repository metadata, and
https://thehackernews.com/2026/07/north-korea-linked-npm-packages-mimic.html | 21 |
| 8 | New Avalon Malware Framework Packs CrownX Ransomware Capabilities
Cybersecurity researchers have discovered a previously undocumented modular malware framework codenamed Avalon that's distributed by means of a multi-stage phishing chain capable of bypassing traditional security controls.
Avalon combines credential collection, lateral movement, remote access, recovery disruption, and ransomware execution, bringing together diverse functions under one
https://thehackernews.com/2026/07/new-avalon-malware-framework-packs.html | 24 |
| 9 | New "Bad Epoll" Linux Kernel Flaw Lets Unprivileged Users Gain Root, Hits Android
A newly disclosed Linux kernel flaw called Bad Epoll (CVE-2026-46242) lets an ordinary user with no special access take full control of a machine as root. It affects Linux desktops, servers, and Android, and a fix is out.
Bad Epoll sits in the same small stretch of kernel code where Anthropic's most powerful AI model, Mythos, recently found a different bug.
The AI caught one flaw and missed
https://thehackernews.com/2026/07/new-bad-epoll-linux-kernel-flaw-lets.html | 21 |
| 10 | Unpatched Flaws Disclosed in Filesystem Bundled Into Millions of Embedded Devices
Security firm runZero has disclosed seven vulnerabilities in FatFs, a small filesystem library that lets a device read and write the FAT and exFAT formats used on USB drives and SD cards.
The flaws matter because FatFs is nearly everywhere. It ships inside the firmware that runs security cameras, drones, industrial controllers, hardware crypto wallets, and other devices built on
https://thehackernews.com/2026/07/unpatched-flaws-disclosed-in-filesystem.html | 16 |
| 11 | Critical Cursor AI Code Editor Flaws Could Lead to OS-Level Remote Code Execution
The DuneSlide vulnerabilities enable zero-click prompt injection attacks that escape Cursor's sandbox and execute arbitrary code on the underlying operating system.
The post Critical Cursor AI Code Editor Flaws Could Lead to OS-Level Remote Code Execution appeared first on SecurityWeek.
https://www.securityweek.com/critical-cursor-ai-ide-flaws-could-lead-to-os-level-remote-code-execution/ | 14 |
| 12 | Google, FBI Disrupt NetNut Residential Proxy Network Powered by Millions of Devices
NetNut rented access to millions of compromised devices, allowing cybercriminals and nation-state actors to mask their identities during attacks.
The post Google, FBI Disrupt NetNut Residential Proxy Network Powered by Millions of Devices appeared first on SecurityWeek.
https://www.securityweek.com/google-fbi-disrupt-netnut-residential-proxy-network-powered-by-millions-of-devices/ | 15 |
| 13 | Alleged Scattered Spider Hacker Extradited to US
Prosecutors say 19-year-old Peter Stokes was a member of Scattered Spider, the hacking group linked to more than 100 network intrusions and over $100 million in ransom payments.
The post Alleged Scattered Spider Hacker Extradited to US appeared first on SecurityWeek.
https://www.securityweek.com/alleged-scattered-spider-hacker-extradited-to-us/ | 16 |
| 14 | Medtronic Data Breach Impacts 3.8 Million People
In April, ShinyHunters accessed the company’s corporate IT systems and stole patients’ personal and medical information.
The post Medtronic Data Breach Impacts 3.8 Million People appeared first on SecurityWeek.
https://www.securityweek.com/medtronic-data-breach-impacts-3-8-million-people/ | 17 |
| 15 | Agentic AI Used to Conduct Ransomware Attack via Langflow
Attack demonstrates how LLM agents can combine known exploitation techniques with real-time reasoning to automate complex, multi-stage intrusions.
The post Agentic AI Used to Conduct Ransomware Attack via Langflow appeared first on SecurityWeek.
https://www.securityweek.com/agentic-ai-used-to-conduct-ransomware-attack-via-langflow/ | 20 |
| 16 | In Other News: Canadian Hacker Jailed, Open Source Zero-Days, Two Sentenced for ATM Jackpotting
Noteworthy stories that might have slipped under the radar: Anonymous-linked Canadian hacker jailed, researcher drops zero-days in open source projects, Venezuelans sentenced in the US over ATM jackpotting.
The post In Other News: Canadian Hacker Jailed, Open Source Zero-Days, Two Sentenced for ATM Jackpotting appeared first on SecurityWeek.
https://www.securityweek.com/in-other-news-canadian-hacker-jailed-open-source-zero-days-two-sentenced-for-atm-jackpotting/ | 19 |
| 17 | Claude Fable relaunch disappoints users with nerfed performance
Claude Fable, the company's most powerful model, is now available to all users, but early impressions are disappointing, as it appears to be nowhere near the original release. [...]
https://www.bleepingcomputer.com/news/artificial-intelligence/claude-fable-relaunch-disappoints-users-with-nerfed-performance/ | 22 |
| 18 | Claude Fable 5 isn’t permanently leaving subscriptions, Anthropic says
Anthropic says Claude Fable 5 won't be accessible via Claude subscriptions after July 7, but it's not a permanent change, and the company expects the model to return outside the usage-based plan soon. [...]
https://www.bleepingcomputer.com/news/artificial-intelligence/claude-fable-5-isnt-permanently-leaving-subscriptions-anthropic-says/ | 24 |
| 19 | ARToken PhaaS exposes EvilTokens' Microsoft 365 phishing toolkit
A new phishing-as-a-service (PhaaS) platform dubbed "ARToken" appears to operate as an affiliate of the EvilTokens phishing platform, giving researchers a glimpse into an extensive toolkit designed to compromise Microsoft 365. [...]
https://www.bleepingcomputer.com/news/security/artoken-phaas-exposes-eviltokens-microsoft-365-phishing-toolkit/ | 29 |
| 20 | NetNut proxy network disrupted, 2 million infected devices cut off
A joint operation involving Google has disrupted NetNut, a residential proxy network that gave access to millions of compromised Android devices, including smart TVs and streaming boxes. [...]
https://www.bleepingcomputer.com/news/security/netnut-proxy-network-disrupted-2-million-infected-devices-cut-off/ | 45 |
现已上线!2025 年 Telegram 研究 — 年度关键洞察 
