ZCyberNews
English

行业动态

129 篇文章

Grafana GitHub Token

GRAFANA

Grafana GitHub Token Breach Lets Attacker Download Full Codebase

May 17 · HIGH

grafanagithubtoken-theft

AI Agents Automate

AI SECURITY

AI Agents Automate Exploitation of Obscure Vulnerabilities

May 16 · HIGH

ai-securityvulnerability-discoveryai-generated-code

AI Security

HALLUCINATION

AI幻觉利用人类对关键基础设施的信任

May 14 · HIGH

ai-securityhallucinationcritical-infrastructure

AI Security

STARTUP FUNDING

AI安全初创公司在1Q26的融资超过收购金额10亿美元

May 14 · INFORMATIONAL

ai-securitystartup-fundingventure-capital

Malwarebytes Blocks Suspicious

YAHOO MAIL

Malwarebytes Blocks Suspicious Yahoo Mail Redirects to Opaque Domains

May 14 · MEDIUM

yahoo-mailmalwarebytesredirects

Nist

NVD

NIST NVD 增强变更为 80% 的 CVEs 造成 CVSS 差距

May 14 · MEDIUM

nistnvdcvss

Openai

TEAMPCP

OpenAI 在 TanStack 供应链攻击中被入侵

May 14 · HIGH

openaiteampcptanstack

Pwn2own

ZERO DAY

Pwn2Own Berlin 2026: 研究人员通过黑客攻击Windows 11和Edge赚取52.3万美元

May 14 · CRITICAL

pwn2ownzero-daymicrosoft-edge

Computer Misuse Act

UK LEGISLATION

英国将在计算机滥用法改革中保护安全研究人员

May 14 · INFO

computer-misuse-actuk-legislationsecurity-research

AI Driven Attacks

AUTONOMOUS VALIDATION

AI驱动攻击在73秒内破坏系统,超越补丁速度

May 13 · HIGH

ai-driven-attacksautonomous-validationpicus-security

Surveillance Pricing

CONSUMER PRIVACY

国会调查25家食品零售商关于监控定价问题

May 13 · INFORMATIONAL

surveillance-pricingconsumer-privacyftc

Foxconn

RANSOMWARE

富士康确认北美工厂遭受勒索软件攻击

May 13 · HIGH

foxconnransomwarenitrogen

Apple

ZERO DAY

苹果修补一切:0-Days,RCS加密推出

May 12 · CRITICAL

applezero-dayrcs

Surveillance Tech

SPYWARE

欧盟国家向滥用政权出口间谍软件,人权观察报告发现

May 12 · INFO

surveillance-techspywarehuman-rights

Instructure

CANVAS

Instructure 向 ShinyHunters 支付赎金以应对 Canvas 泄露

May 12 · CRITICAL

instructurecanvasshinyhunters

Ivanti

PATCH ADVISORY

Ivanti 修补 Secure Access Client、EPM、Xtraction、VTM 中的漏洞

May 12 · HIGH

ivantipatch-advisorysecure-access-client

Škoda

DATA BREACH

斯柯达在线商店被黑客攻击后披露客户数据泄露

May 12 · HIGH

škodadata-breachautomotive

Microsoft

PATCH TUESDAY

微软在2026年5月补丁星期二更新中修补了120个漏洞

May 12 · HIGH

microsoftpatch-tuesdaywindows-11

Ico

SOUTH STAFFORDSHIRE WATER

英国对南斯塔福德郡水务公司因2022年数据泄露罚款130万美元

May 12 · HIGH

icosouth-staffordshire-watercl0p

West Pharmaceutical Services

RANSOMWARE

West Pharma 遭受勒索软件攻击,全球系统中断

May 12 · HIGH

ransomwarewest-pharmaceutical-servicesunit-42

Active Directory

KERBEROS

Active Directory 密码重置未能驱逐攻击者

May 11 · HIGH

active-directorykerberospassword-reset

Fcc

ROUTER SECURITY

FCC 将针对外国制造路由器的安全更新禁令推迟至2029年

May 11 · MEDIUM

fccrouter-securitysupply-chain

Sailpoint

GITHUB

SailPoint 披露通过第三方应用程序 GitHub 仓库遭入侵

May 11 · HIGH

sailpointgithubsupply-chain

Braintrust

API KEY BREACH

Braintrust 泄露暴露 AI 供应商 API 密钥,敦促轮换

May 8 · HIGH

braintrustapi-key-breachsupply-chain-risk

Boost Security

SDLC SECURITY

Boost Security 融资400万美元,收购 SecureIQx 和 Korbit.ai

May 7 · INFO

boost-securitysdlc-securityfunding

Social Engineering

USB DROP ATTACK

USB 投掷攻击定义了社交工程学已20年

May 6 · INFORMATIONAL

social-engineeringusb-drop-attackphysical-security

Open Source Security

EOL SOFTWARE

EOL 开源盲点隐藏 40 万+ 未标记 CVEs

May 5 · HIGH

open-source-securityeol-softwaresca-tools

Oauth

TOKEN SECURITY

Persistent OAuth Tokens: 攻击者利用的后门

May 5 · HIGH

oauthtoken-securityidentity-threats

Shinyhunters

VIMEO

ShinyHunters 侵入 Vimeo,泄露 119K 用户记录

May 5 · HIGH

shinyhuntersvimeoanodot

Tetra

CRITICAL INFRASTRUCTURE

学生黑客入侵台湾高速铁路TETRA系统,触发

May 5 · HIGH

tetracritical-infrastructuresdr

Trellix

SOURCE CODE BREACH

Trellix 源代码泄露暴露安全产品内部

May 5 · HIGH

trellixsource-code-breachsupply-chain-attack

Cisco

ASTRIX SECURITY

思科收购Astrix Security以保护非人类身份

May 4 · INFO

ciscoastrix-securityidentity-security

Cyber Tax Raises

CYBER TAX

Cyber Tax Raises Consumer Prices After Breaches, Podcast Warns

May 4 · MEDIUM

cyber-taxsmall-businesssupply-chain

Mergers And Acquisitions

CYBERSECURITY INDUSTRY

网络安全并购综述:2026年4月宣布33笔交易

May 4 · INFO

mergers-and-acquisitionscybersecurity-industryairbus

Infrastructure

CANVAS

基础设施入侵:黑客从Canvas平台窃取学生数据

May 4 · HIGH

infrastructurecanvasdata-breach

Instructure

CANVAS

Instructure 泄露:学生数据被盗,服务中断

May 4 · HIGH

instructurecanvasdata-breach

Credit Unions

LOAN FRAUD

贷款欺诈团伙利用信用合作社验证漏洞

May 4 · HIGH

credit-unionsloan-fraudsynthetic-identity

Medtronic

HEALTHCARE

美敦力披露针对企业IT系统的网络攻击

May 4 · HIGH

medtronichealthcaredata-breach

Openai

CHATGPT

OpenAI 强化 ChatGPT 登录安全 新增控制措施

May 4 · MEDIUM

openaichatgptaccount-security

Polymarket

ORACLE MANIPULATION

Polymarket 赌徒因事件验证威胁记者

May 4 · HIGH

polymarketoracle-manipulationprediction-market

Mediaworks

RANSOMWARE

亲奥尔班媒体公司Mediaworks被勒索软件集团入侵

May 4 · HIGH

ransomwaremediaworkshungary

Instructure

SHINYHUNTERS

Instructure 数据泄露:ShinyHunters 声称盗窃

May 3 · HIGH

instructureshinyhuntersdata-breach

Microsoft Defender

DIGICERT

Microsoft Defender 误报将 DigiCert 证书标记为木马

May 3 · MEDIUM

microsoft-defenderdigicertfalse-positive

Instructure

CANVAS

Instructure 探测影响 Canvas 平台的网络事件

May 2 · HIGH

instructurecanvasedtech-breach

Trellix

SOURCE CODE BREACH

Trellix 泄露:源代码库被入侵

May 2 · HIGH

trellixsource-code-breachsupply-chain-security

AI Security

ACCESS CONTROL

AI Agents 破坏生产数据库由于访问控制不当

May 1 · HIGH

ai-securityaccess-controldatabase-security

Incident Response

RANSOMWARE

前事件响应者因勒索软件攻击被判处4年

May 1 · HIGH

ransomwareincident-responseinsider-threat

Blackcat

ALPHV

前勒索软件谈判代表因BlackCat攻击被判4年

May 1 · HIGH

blackcatalphvransomware

Ncsc

AI

英国网络机构警告人工智能将引发'补丁浪潮'紧急修复

May 1 · MEDIUM

ncscaipatch-management

Penetration Testing

BHIS

BHIS 渗透测试数据:2025年组织仍受相同顶级漏洞困扰

Apr 30 · HIGH

penetration-testingbhisvulnerability-trends

Ddos

BOTNET

巴西DDoS公司背后的僵尸网络攻击ISP

Apr 30 · HIGH

ddosbotnetbrazil

Cisa

US COAST GUARD

CISA, USCG 详述在关键基础设施中发现的网络卫生差距

Apr 30 · HIGH

cisaus-coast-guardcritical-infrastructure

Fbi

CARGO THEFT

FBI 警告网络犯罪分子导致 7.25 亿美元货物盗窃激增

Apr 30 · HIGH

fbicargo-thefttransportation

France

DATA BREACH

法国警方逮捕15岁少年,调查ANTS数据泄露事件

Apr 30 · HIGH

data-breachfranceants

Inc Ransom

RANSOMWARE

Sandhills Medical 遭遇 Inc Ransom 勒索软件攻击,暴露了 17 万条记录

Apr 30 · HIGH

inc-ransomransomwarehealthcare-breach

Moldova

HEALTHCARE

摩尔多瓦卫生机构遭入侵:确认可能的数据泄露

Apr 30 · MEDIUM

moldovahealthcaredata-breach

Sms Blaster

OPENEMR

短信轰炸机被破获,OpenEMR漏洞,600K Roblox黑客攻击在ThreatsDay

Apr 30 · HIGH

sms-blasteropenemrroblox

State Department

CYBER DIPLOMACY

特朗普网络大使提名人进入参议院投票

Apr 30 · INFORMATIONAL

state-departmentcyber-diplomacyadam-cassady

Chrome

FIREFOX

Chrome 147, Firefox 150 修补关键代码执行漏洞

Apr 29 · CRITICAL

chromefirefoxbrowser-security

Meta

DIGITAL SERVICES ACT

欧盟指控Meta违反DSA儿童安全规则

Apr 29 · HIGH

metadigital-services-actchild-safety

Virtualbox

PROJECT ZERO

Project Zero 重新审视2017年VirtualBox逃逸草案

Apr 29 · HIGH

virtualboxproject-zerocve-2017-3558

Black Axe

LAW ENFORCEMENT

瑞士警方逮捕10名疑似Black Axe网络犯罪团伙成员

Apr 29 · HIGH

black-axelaw-enforcementcybercrime

AI Security

ZERO DAY

零窗口时代:后神话漏洞利用的NDR剧本

Apr 29 · HIGH

ai-securityzero-dayndr

Cyber Command

ELECTION SECURITY

Cyber Command, NSA Chief Warns Foreign Adversaries Will Target US

Apr 28 · HIGH

election-securitycyber-commandnsa

Medtronic

SHINYHUNTERS

ShinyHunters 侵入 Medtronic,窃取 900 万条记录

Apr 28 · HIGH

medtronicshinyhuntersdata-breach

Cybercrime

ACCOUNT TAKEOVER

乌克兰警方逮捕盗取Roblox账户的黑客

Apr 28 · MEDIUM

cybercrimeaccount-takeoverdigital-theft

Vimeo

ANODOT

Vimeo 泄露与 Anodot 供应商黑客入侵有关,未暴露视频数据

Apr 28 · MEDIUM

vimeoanodotvendor-breach

Adt

SHINYHUNTERS

ADT 泄露:ShinyHunters 窃取 550 万数据

Apr 27 · HIGH

adtshinyhuntersdata-breach

AI

IDENTITY SECURITY

AI助手重塑企业安全优先事项

Apr 27 · HIGH

aiidentity-securityzero-trust

Sms Blaster

PHISHING

加拿大逮捕三名涉及SMS Blaster钓鱼设备人员

Apr 27 · HIGH

sms-blasterphishinglaw-enforcement

Checkmarx

SUPPLY CHAIN ATTACK

Checkmarx 确认 3 月 23 日供应链攻击后 GitHub 数据泄露

Apr 27 · HIGH

checkmarxsupply-chain-attackgithub-breach

Crypto Launderer Gets

CRYPTOCURRENCY

Crypto Launderer Gets 5 Years for $260M Cyber Theft Role

Apr 27 · MEDIUM

cryptocurrencymoney-launderingsentencing

Deepfake

VOICE CLONING

深度伪造声音攻击超越防御,绕过MFA

Apr 27 · HIGH

deepfakevoice-cloningsocial-engineering

Eset

MDR

ESET:SMBs 通过威胁研究和 MDR 获得防御优势

Apr 27 · INFORMATIONAL

esetmdrthreat-research

Ftc

SOCIAL MEDIA SCAMS

FTC: 社交媒体诈骗在2025年使美国人损失21亿美元

Apr 27 · HIGH

ftcsocial-media-scamsinvestment-fraud

Mobile Security

APP PERMISSIONS

移动应用权限仍然暴露用户隐私风险

Apr 27 · MEDIUM

mobile-securityapp-permissionsprivacy

Silk Typhoon

CYBERESPIONAGE

Silk Typhoon 黑客被引渡至美国面临网络间谍指控

Apr 27 · HIGH

silk-typhooncyberespionagechina

Cybercrime

SANCTIONS

美国制裁东南亚网络诈骗打击中的柬埔寨参议员

Apr 27 · HIGH

cybercrimesanctionssoutheast-asia

Vercel

CONTEXT.AI

Vercel 通过 Context.ai OAuth Token 盗窃被入侵

Apr 27 · HIGH

vercelcontext.aioauth

Cloud Security

VIRTUAL MACHINES

ESET:云虚拟机暴露企业关键安全漏洞

Apr 26 · HIGH

cloud-securityvirtual-machineseset

Cyber Resilience

RANSOMWARE

ESET: 2026年3月网络威胁显示弹性差距

Apr 26 · MEDIUM

cyber-resilienceransomwaresupply-chain

Botnet

DDOS

联邦政府破坏了背后记录DDoS攻击的IoT僵尸网络

Apr 26 · HIGH

botnetddosiot

Itron

SEC FILING

Itron 泄露:公用事业公司披露内部IT网络入侵

Apr 26 · HIGH

itronsec-filingcritical-infrastructure

Adt

DATA BREACH

ADT 泄露暴露客户数据在网络入侵

Apr 25 · HIGH

adtdata-breachcustomer-data

Critical Infrastructure

POWER GRID

网络攻击者利用电压波动对抗电网

Apr 25 · HIGH

critical-infrastructurepower-gridcyber-physical-attacks

Elastic

UK MINISTRY OF DEFENCE

Elastic Security 支持英国国防部防御网络 Marvel 2026 演习

Apr 25 · INFORMATIONAL

elasticuk-ministry-of-defencedefence-cyber-marvel

Locked Shields

NATO

Locked Shields 2026: 41个国家参与最大的网络防御演习

Apr 25 · INFO

locked-shieldsnatocyber-exercise

Adt

SHINYHUNTERS

ADT确认数据泄露,ShinyHunters泄露客户数据

Apr 24 · HIGH

adtshinyhuntersdata-breach

AI Agents

ENTERPRISE SECURITY

AI 代理权限差距导致新的企业安全盲点

Apr 24 · HIGH

ai-agentsenterprise-securityidentity-and-access-management

AI Phishing

GENERATIVE AI

AI驱动的网络钓鱼激增,攻击者大规模个性化诱饵

Apr 24 · HIGH

ai-phishinggenerative-aiphishing-campaigns

Copperhelm

AGENTIC AI

Copperhelm 为 Agentic 云安全平台筹集700万美元

Apr 24 · INFO

copperhelmagentic-aicloud-security

Dora

CREDENTIAL MANAGEMENT

DORA要求作为金融风险控制的凭证管理

Apr 24 · HIGH

doracredential-managementfinancial-regulation

Shadow It

SAAS

影子AI和SaaS扩大企业攻击面

Apr 24 · HIGH

shadow-itsaasshadow-ai

Sms Blaster

PHISHING

多伦多警方破获短信爆炸器网络钓鱼行动

Apr 24 · HIGH

sms-blasterphishinglaw-enforcement

AI Security

US CHINA TECH POLICY

美国誓言打击利用美国AI模型的中国公司

Apr 24 · MEDIUM

ai-securityus-china-tech-policymodel-exploitation

Cyberattacks

SUPPLY CHAIN RISK

Cyberattacks on Firms Cascade to Consumers, Malwarebytes Warns

Apr 23 · MEDIUM

supply-chain-riskconsumer-impactdata-breach

Surveillance

GOVERNMENT

ICE 承认使用 Graphite 间谍软件进行监控

Apr 23 · MEDIUM

surveillancegovernmentspyware

Rituals

DATA BREACH

Rituals Cosmetics 泄露暴露客户会员数据

Apr 23 · HIGH

data-breachritualscosmetics

Arrest

DATA BREACH

法国警方逮捕多名数据泄露背后的黑客

Apr 22 · HIGH

data-breacharrestfrance

Ncsc

NATION STATE

英国网络机构每周处理四起重大事件

Apr 22 · HIGH

ncscnation-stateespionage

Pentesting

GARTNER

BreachLock 被 Gartner 市场指南列为对抗性暴露验证代表厂商

Apr 21 · INFO

pentestinggartnerbreachlock

Surveillance

PRIVACY

Grupo Seguritech墨西哥监控公司扩展到美国市场

Apr 21 · INFORMATIONAL

surveillanceprivacyhuman-rights

Fraud Prevention

IDENTITY VERIFICATION

IPQS 结合身份、设备和网络信号实现无摩擦欺诈检测

Apr 21 · INFORMATIONAL

fraud-preventionidentity-verificationrisk-scoring

Telegram

REGULATION

Ofcom 调查 Telegram 涉及 CSAM 分享和加密不合规

Apr 21 · INFORMATIONAL

telegramregulationencryption

Business Continuity

RANSOMWARE

Datto 警告传统备份无法在攻击期间维持业务运营

Apr 20 · HIGH

ransomwarebusiness-continuitybackup

Nist

NVD

NIST放弃全面NVD分析,转向基于风险的优先级排序

Apr 20 · INFORMATIONAL

nistnvdcve

Surveillance

POLICY

参议院将Section 702监控权限延长48小时

Apr 20 · INFORMATIONAL

surveillancepolicyfisa

Asset Management

EXPOSURE MANAGEMENT

Axonius 扩展资产云平台,加入 AI 修复和 OT 安全

Apr 17 · INFORMATIONAL

asset-managementexposure-managementiot-security

Android

PRIVACY

Google 加强 Android 17 隐私规则,2025年拦截83亿广告

Apr 17 · INFORMATIONAL

androidprivacyad-fraud

Nist

NVD

NIST 在提交量激增的情况下限制 CVE 丰富性

Apr 17 · INFORMATIONAL

nistnvdcve

Privacy

SOCIAL MEDIA

社交媒体年龄禁令可能增加儿童的网络安全风险

Apr 17 · MEDIUM

privacysocial-mediaregulation

Critical Infrastructure

REGULATION

美国海岸警卫队规定为OT安全提供蓝图

Apr 17 · INFORMATIONAL

critical-infrastructureregulationoperational-technology

Insider Threat

HUMAN FACTOR

工作压力持续升高,构成持续的内部威胁风险

Apr 17 · MEDIUM

insider-threathuman-factorrisk-management

AI

SOC

AI SOC 工具因自动化分类而受到批评,并未减少分析师工作量

Apr 16 · INFORMATIONAL

aisocautomation

Nist

NVD

NIST 重构国家漏洞数据库,优先处理高风险 CVE

Apr 16 · INFORMATIONAL

nistnvdvulnerability-management

Cloud Security

IDENTITY AND ACCESS MANAGEMENT

未管理的非人类身份导致大多数云安全漏洞

Apr 16 · HIGH

cloud-securityidentity-and-access-managementrisk-management

Wi Fi

AUTHENTICATION

无线宽带联盟发布Wi-Fi漫游安全指南

Apr 16 · INFORMATIONAL

wi-fiauthenticationwireless

Supply Chain

ASIA

亚洲的数字供应链面临独特的安全挑战

Apr 15 · MEDIUM

supply-chainasiaregulation

Email Security

ENDPOINT SECURITY

Bitdefender 在 GravityZone 平台统一终端和电子邮件安全

Apr 15 · INFORMATIONAL

email-securityendpoint-securitybitdefender

Post Quantum Cryptography

ENCRYPTION

密码学专家警告量子风险管理必须立即开始

Apr 15 · HIGH

post-quantum-cryptographyencryptionrisk-management

Vulnerability Disclosure

REGULATION

ENISA 官方警告全球 CVE 基础设施脆弱,欧盟监管中

Apr 15 · INFORMATIONAL

vulnerability-disclosureregulationcve

Surveillance

POLICY

FISA 第702条款重新授权辩论在隐私和安全中加剧

Apr 15 · INFORMATIONAL

surveillancepolicyprivacy

Privacy

TRACKING

科技巨头忽视法律要求的隐私退出信号

Apr 15 · HIGH

privacytrackingregulation

Zero Trust

IDENTITY SECURITY

零信任架构作为防御基于凭证攻击的关键手段

Apr 14 · INFORMATIONAL

zero-trustidentity-securitycredential-theft

Encryption

PRIVACY

WhatsApp的端到端加密声明被质疑为'重大消费者欺诈'

Apr 13 · MEDIUM

encryptionprivacymessaging

Cloudflare

DOCKER

Cloudflare 封锁中断西班牙足球比赛期间的 Docker Hub 访问

Apr 12 · MEDIUM

cloudflaredockercdn

Financial

INTELLIGENCE SHARING

FINRA 启动情报融合中心以对抗金融网络威胁

Apr 12 · INFORMATIONAL

financialintelligence-sharingregulation

Censorship

IRAN

伊朗互联网中断超过1000小时,因国家实施审查

Apr 12 · HIGH

censorshipirannetwork-disruption

Telecom

GENERATIVE AI

Orange Business 将 AI 集成到企业语音中,引发安全问题

Apr 12 · MEDIUM

telecomgenerative-aisupply-chain