网安专项password
icon
URL
type
date
summary
status
slug
tags
category
免责声明:本文章中的信息和观点仅代表引用网站或者原作者,本网站只是引用其观点、内容,不代表本网站、公众号、黑客驰本人的观点或立场。
本文章论述内容仅作为教育参考使用,如有违法行为与本网站和黑客驰无关,国法无情,自行负责。
将我们的公众号内容加星获得隐藏内容。
↘️以下为目录,点击可跳转,右划点击标题跳转到原文
网安新闻
标题
Tags
发布时间
摘要
来源
Apr 23, 2025
4月18日由安全牛主办的后量子密码安全主题沙龙成功举办本次活动是继安全牛后量子密码安全能力构建技术指
安全牛
Apr 24, 2025
新闻速览 两部委联合印发国家智能制造标准体系建设指南2024 版 工信部CSTIS提醒防范Out
安全牛
Apr 21, 2025
关键设备中的版本识别技术实践 by ourren 恶意软件自动化分析沙箱平台 by ourren 从大模型工具Ollama互联网暴露态势浅析大模型行业落地的初步画像 by ourren SecWiki周刊第581期 by ourren 更多最新文章请访问 SecWiki
SecWiki News
Apr 24, 2025
基于自编码器的泛化性增强加密代理流量识别方法 by ourren 更多最新文章请访问 SecWiki
SecWiki News
Apr 21, 2025
作者Hcamael知道创宇404实验室 日期2025年4月18日 1. 前言 近些年人类在生成式人工智能的道路上一路狂奔ChatGPT的横空出世多模态模型的发展Agent浪潮开启DeepSeek的发布让我们经历着AI发展史上一个又一个的群星闪耀时当各家模型可以有九种方法查询天气时模型上下文协议MCP却在以一种统一的姿态让模型自主构建理解本身的含义给予模型一种通用的...
安全文摘
Apr 22, 2025
作者Hcamael知道创宇404实验室 日期2025年4月18日 1. Cline的实现原理 1.1 Cline的基础使用指南 Cline是Visual Studio Code的MCP插件所以想要在VSCode上使用Cline我们首先要安装该插件安装完成后在侧边栏可以看到Cline的图标点击该图标就能进入到Cline的界面中如下图所示 在使用前需要根据自身情况对大模...
安全文摘
安全运营
Apr 21, 2025
本文内容摘自为安全牛最新发布的智能化安全运营中心应用指南2025年研究报告 在数字化浪潮席卷全球的今天
安全牛
Windows
Apr 23, 2025
新闻速览 国家网络安全通报中心提醒WinRAR安全漏洞可绕过Windows安全警告执行恶意软件 警惕新型
安全牛
英国
Apr 23, 2025
新闻速览 英国Ofcom禁止全球标题码租赁遏制移动网络犯罪 漏洞研究新突破
安全牛
SOC
安全运营
Apr 22, 2025
本文内容摘自为安全牛最新发布的智能化安全运营中心应用指南2025年研究报告 目前各组织正积极升级SOC
安全牛
威胁情报
标题
Tags
发布时间
摘要
来源
Apr 24, 2025
The creators of the toolkit are advertising it as an educational and ethical resource, but what it promises to provide users if purchased indicates its anything but.
Dark Reading
Apr 24, 2025
暂无内容
Dark Reading
Apr 25, 2025
Recently added artificial intelligence capabilities on the Chineselanguage Darcula phishingasaservice platform make phishing attacks easy for even the least technical hackers.
Dark Reading
Apr 25, 2025
Two kinds of attacks are in high gear ransomware attacks against OEMs and compromised electric vehicle chargers, according to data from Q1 2025.
Dark Reading
Apr 25, 2025
By focusing on prevention, education, and risk transfer through insurance, organizations especially SMEs can protect themselves from the rapidly escalating threats of cyberattacks.
Dark Reading
Apr 25, 2025
An analysis of more than a halfmillion mobile apps find encryption problems, privacy issues, and known vulnerabilities in thirdparty code. What can users and developers do?
Dark Reading
Apr 21, 2025
This week on the Lock and Code podcast, we speak with Sydney Saubestre about DOGE and its access to Americans data.
Malwarebytes Labs
Apr 21, 2025
A list of topics we covered in the week of April 12 to April 18 of 2025
Malwarebytes Labs
Apr 23, 2025
Shopify is facing a class action lawsuit that could change the way globally active companies can be held accountable
Malwarebytes Labs
Apr 25, 2025
After hearing about ChatGPT o3 ability at geoguessing we decided to run some tests and the tested AIs didnt fail to amaze us
Malwarebytes Labs
Apr 21, 2025
North Korean IT workers are reportedly using realtime deepfakes to secure remote work, raising serious security concerns. We explore the implications. The post False Face Unit 42 Demonstrates the Alarming Ease of Synthetic Identity Creation appeared first on Unit 42 .
Unit 42 by Palo Alto Networks
Microsoft
Apr 22, 2025
A proofofconcept PoC attack vector exploits two Azure authentication tokens from within a browser, giving threat actors persistent access to key cloud services, including Microsoft 365 applications.
Dark Reading
Microsoft
Apr 23, 2025
In the latest Secure Future Initiative progress report, Microsoft describes efforts to rebuild its security culture, including making security a core priority for employees during performance reviews and launching a new Secure by Design UX Toolkit.
Dark Reading
Google
Apr 22, 2025
All Google accounts could end up compromised by a clever replay attack on Gmail users that abuses Google infrastructure.
Malwarebytes Labs
Google
Apr 24, 2025
Blue Shield of California said it accidentally leaked the personal data of 4.7 million individuals to Google after a Google Analytics misconfiguration.
Malwarebytes Labs
Android
Apr 24, 2025
A newly discovered malicious program effectively turns Android phones into malicious tap machines that vacuum up payment card data.
Malwarebytes Labs
Zoom
Apr 24, 2025
Attackers are luring victims into a Zoom call and then taking over their PC to install malware, infiltrate their accounts, and steal their assets.
Malwarebytes Labs
Ransomware
Apr 23, 2025
Ransomware leak site data and Unit 42 case studies reveal new trends from Q1 2025, including the most active groups, targeted industries and novel extortion tactics. The post Extortion and Ransomware Trends JanuaryMarch 2025 appeared first on Unit 42 .
Unit 42 by Palo Alto Networks
RAT
Trojan
Apr 21, 2025
The threat actor uses sophisticated social engineering techniques to infect a victims device, either with an infostealer or remote access Trojan RAT.
Dark Reading
Data Breach
Verizon
Apr 23, 2025
Verizons 2025 Data Breach Investigations Report highlights dire but not new trends in the education sector, where faculty and staff continue to fall for social engineering campaigns and make simple security errors.
Dark Reading
Apr 24, 2025
Though already patched, the vulnerability is especially problematic because of the highly privileged access it offers to businesscritical systems, sensitive data, and backups for attackers.
Dark Reading
Apr 24, 2025
Researchers at security vendor Cleafy detailed a malware known as SuperCard X that uses the NFC reader on a victims own phone to steal credit card funds instantly.
Dark Reading
Apr 24, 2025
By proactively embracing emerging trends around encryption, AI security, and platform consolidation, organizations can turn compliance burdens into competitive advantage.
Dark Reading
Apr 24, 2025
The losses are 33 higher than the year before, with phishing leading the way as the mostreported cybercrime last year, and ransomware was the top threat to critical infrastructure, according to the FBI Internet Crime Report.
Dark Reading
Apr 24, 2025
Fraudsters are targeting highturnover workforces and compromising accounts that are associated with frequent payouts.
Dark Reading
Apr 24, 2025
The convergence of cybercrime, financial fraud, and organized crime poses a significant threat, especially where these syndicates excel at operating under the radar.
Dark Reading
Apr 23, 2025
Scalable, effective and best of all, free securing Kubernetes workload identity cuts cyberrisk without adding infrastructure, according to new research from SANS.
Dark Reading
Apr 23, 2025
The cybersecurity landscape confounded expectations in 2024, as anticipated threats and risk didnt materialize and less widely touted attack scenarios shot up.
Dark Reading
Apr 23, 2025
Critics which include the US embassy in Zambia contend the justsigned Cyber Security Act and the Cyber Crime Act allow suppression of dissent and too much concentration of power.
Dark Reading
Apr 23, 2025
In a world where insider threats, nationstate adversaries, and technological evolution create new challenges, companies must prioritize transparency, ethical leadership, and a culture rooted in trust.
Dark Reading
漏洞分析
标题
Tags
发布时间
摘要
来源
Darktrace
Apr 22, 2025
Cybersecurity researchers have detailed a malware campaign thats targeting Docker environments with a previously undocumented technique to mine cryptocurrency. The activity cluster, per Darktrace and Cado Security, represents a shift from other cryptojacking campaigns that directly deploy miners lik
Hacker News Exploits
Google
Apr 23, 2025
Google on Tuesday revealed that it will no longer offer a standalone prompt for thirdparty cookies in its Chrome browser as part of its Privacy Sandbox initiative. Weve made the decision to maintain our current approach to offering users thirdparty cookie choice in Chrome, and will not be rolling ou
Hacker News Exploits
Google
Apr 23, 2025
The Irannexus threat actor known as UNC2428 has been observed delivering a backdoor known as MURKYTOUR as part of a jobthemed social engineering campaign aimed at Israel in October 2024. Googleowned Mandiant described UNC2428 as a threat actor aligned with Iran that engages in cyber espionagerelated
Hacker News Exploits
Linux
Apr 24, 2025
Cybersecurity researchers have demonstrated a proofofconcept PoC rootkit dubbed Curing that leverages a Linux asynchronous IO mechanism called io_uring to bypass traditional system call monitoring. This causes a major blind spot in Linux runtime security tools, ARMO said. This mechanism allows a use
Hacker News Exploits
MFA
Apr 25, 2025
When we talk about identity in cybersecurity, most people think of usernames, passwords, and the occasional MFA prompt. But lurking beneath the surface is a growing threat that does not involve human credentials at all, as we witness the exponential growth of NonHuman Identities NHIs. At the top of
Hacker News Exploits
SAP
Apr 25, 2025
Threat actors are likely exploiting a new vulnerability in SAP NetWeaver to upload JSP web shells with the goal of facilitating unauthorized file uploads and code execution. The exploitation is likely tied to either a previously disclosed vulnerability like CVE20179844 or an unreported remote file i
Hacker News Exploits
Remote Code Execution
Apr 22, 2025
WonderCMS 3.4.2 Remote Code Execution RCE
Exploit DB
YARA
Apr 22, 2025
In diary entry xorsearch.py Searching With Regexes I showed how one can let xorsearch.py generate a YARA rule with a given regular expression.
SANS Internet Storm Center
South Korea
Kaspersky
Apr 24, 2025
Kaspersky GReAT experts uncovered a new campaign by Lazarus APT that exploits vulnerabilities in South Korean software products and uses a watering hole approach.
Kaspersky Securelist
Kaspersky
Trojan
Apr 25, 2025
Kaspersky expert has discovered a new version of the Triada Trojan, with custom modules for Telegram, WhatsApp, TikTok, and other apps.
Kaspersky Securelist
Debian
Logic Flaw
Apr 24, 2025
Posted by Andrey Stoykov on Apr 23 Exploit Title Business Logic Flaw Price Manipulation alegrocartv1.2.9 Date 042025 Exploit Author Andrey Stoykov Version 1.2.9 Tested on Debian 12 Blog httpsmsecureltd.blogspot.com Business Logic Flaw Price Manipulation 1 Steps to Reproduce 1. Visit the store
Full Disclosure
macOS
Apple
Apr 24, 2025
Posted by Apple Product Security via Fulldisclosure on Apr 23 APPLESA041620252 macOS Sequoia 15.4.1 macOS Sequoia 15.4.1 addresses the following issues. Information about the security content is also available at httpssupport.apple.com122400 . Apple maintains a Security Releases page at httpssupport
Full Disclosure
Italy
Android
Apr 21, 2025
A new Android malwareasaservice MaaS platform named SuperCard X can facilitate nearfield communication NFC relay attacks, enabling cybercriminals to conduct fraudulent cashouts. The active campaign is targeting customers of banking institutions and card issuers in Italy with an aim to compromise pay
Hacker News Exploits
Microsoft
Russia
Apr 23, 2025
Multiple suspected Russialinked threat actors are aggressively targeting individuals and organizations with ties to Ukraine and human rights with an aim to gain unauthorized access to Microsoft 365 accounts since early March 2025. The highly targeted social engineering operations, per Volexity, are
Hacker News Exploits
Android
Russia
Apr 23, 2025
Cybersecurity researchers have revealed that Russian military personnel are the target of a new malicious campaign that distributes Android spyware under the guise of the Alpine Quest mapping software. The attackers hide this trojan inside modified Alpine Quest mapping software and distribute it in
Hacker News Exploits
South Korea
Lazarus Group
Apr 24, 2025
At least six organizations in South Korea have been targeted by the prolific North Korealinked Lazarus Group as part of a campaign dubbed Operation SyncHole. The activity targeted South Koreas software, IT, financial, semiconductor manufacturing, and telecommunications industries, according to a rep
Hacker News Exploits
RAT
Ivanti
Apr 25, 2025
Cybersecurity researchers are warning about a new malware called DslogdRAT thats installed following the exploitation of a nowpatched security flaw in Ivanti Connect Secure ICS. The malware, along with a web shell, were installed by exploiting a zeroday vulnerability at that time, CVE20250282, durin
Hacker News Exploits
Windows
Microsoft
Apr 22, 2025
Microsoft Windows 11 23h2 CLFS.sys Elevation of Privilege
Exploit DB
Windows
Microsoft
Apr 22, 2025
Microsoft Windows 11 Kernel Privilege Escalation
Exploit DB
iOS
iPadOS
Apple
Apr 24, 2025
Posted by Apple Product Security via Fulldisclosure on Apr 23 APPLESA041620251 iOS 18.4.1 and iPadOS 18.4.1 iOS 18.4.1 and iPadOS 18.4.1 addresses the following issues. Information about the security content is also available at httpssupport.apple.com122282 . Apple maintains a Security Releases page
Full Disclosure
SAP
Apr 25, 2025
Threat actors are likely exploiting a new vulnerability in SAP NetWeaver to upload JSP web shells with the goal of facilitating unauthorized file uploads and code execution. The exploitation is likely tied to either a previously disclosed vulnerability like CVE20179844 or an unreported remote file i
Hacker News Exploits
Debian
Apr 24, 2025
Posted by Andrey Stoykov on Apr 23 Exploit Title XSS via SVG Image Upload alegrocartv1.2.9 Date 042025 Exploit Author Andrey Stoykov Version 1.2.9 Tested on Debian 12 Blog httpsmsecureltd.blogspot.com XSS via SVG Image Upload Steps to Reproduce 1. Visit http192.168.58.129alegrocartadministrat
Full Disclosure
Debian
Apr 24, 2025
Posted by Andrey Stoykov on Apr 23 Exploit Title Stored XSS in Message Functionality alegrocartv1.2.9 Date 042025 Exploit Author Andrey Stoykov Version 1.2.9 Tested on Debian 12 Blog httpsmsecureltd.blogspot.com Stored XSS 1 Steps to Reproduce 1. Login as demonstrator account and visit Custom
Full Disclosure
Apr 23, 2025
In the last week I ran into some issues that I hadnx2639t anticipated
SANS Internet Storm Center
网安博客
标题
Tags
发布时间
摘要
来源
中国
美国
Apr 23, 2025
近期NIH突然禁止了中国研究人员访问其部分关键数据库美国新兴生物技术国家安全委员会也建议全面禁止与中国的生物技术与数据合作这一系列举措表明美国对华科技打压正迅速扩展至基础性科学数据的掌控与利用科学数据主权问题的战略意义愈发凸显
中国信息安全
数据泄露
后门
Apr 21, 2025
近期火绒安全情报中心监测到一款伪装成具备SMS短信验证码接收服务的程序该程序通过部署持久化后门即僵尸网络节点窃取敏感信息火绒安全提醒广大用户务必从官方或可信渠道下载软件避免因使用来路不明的程序而导致账号被盗或数据泄露
火绒安全实验室
NIST CSF
中国
Apr 22, 2025
目前比较知名的相关模型包括构建安全成熟度模型BSSIM软件保障成熟度模型OWASP SAMM软件安全能力成熟度模型中国信息安全测评中心 SSCMMCMMISAFE卡内基梅隆大学开发作为 CMMIDEV 的扩展NIST CSF框架等 在这些模型中活跃度比较高的是BSSIM一些在安全领域做得好的企业常用于评估或改进软件安全能力的框架企业可以自评确定当前的安全水平及规划提升路径网上早已流传自评表亦可找第三方公司进行评估证明软件安全的能力以帮助业务提升竞争力 更多内容可以访问 1SDL 100问 SDL100问我与SDL的故事 SAST误报太高如何解决 SDL需要哪些人参与 SDL是否适合互联网公司
我的安全视界观
数据泄露
网络钓鱼
Apr 24, 2025
攻击者越来越多地利用基于身份的技术而非软件漏洞如今网络钓鱼以及因网络钓鱼导致的账号被盗已成为数据泄露的主要原因
连续创业的Janky
后门
Linux
Apr 23, 2025
恶意 npm 包伪装成 Telegram 机器人库悄无声息地在 Linux 开发者系统中植入 SSH 后门窃取敏感数据
看雪学院
Windows
Linux
Apr 21, 2025
Linux 内核 IP sets框架漏洞Windows 11中一个严重的DLL劫持漏洞 Mifare 技术及其安全漏洞分析
腾讯玄武实验室
谷歌
黑客
Apr 22, 2025
在一次相当巧妙的攻击中黑客利用了一个漏洞得以发送一封看似来自谷歌系统的虚假电子邮件通过了所有验证但指向了一个用于收集登录信息的欺诈页面 攻击者利用谷歌的基础设施诱骗收件人访问一个看似合法的支持门户该门户要求提供谷歌账户凭证 这条欺诈信息看似来自noreplygoogle.com并且通过了域名密钥识别邮件DKIM验证方法但实际发件人却并非如此 带有谷歌域密钥识别邮件印章的虚假电子邮件 以太坊域名服务ENS的首席开发者尼克约翰逊收到了一封看似来自谷歌的安全警报称执法部门已向谷歌发出传票要求获取他的谷歌账户内容 谷歌甚至将其与其他合法的安全提醒放在一起以至于 几乎所有东西看起来都合情合理 这很可能会
嘶吼
数据泄露
Slack
Apr 23, 2025
数字经济正在高速发展移动应用深度融入用户生活与业务场景但安全威胁也在同步升级 漏洞风险方面 某金融企业因使用存在已知漏洞的开源组件遭投毒攻击导致千万级用户数据泄露 信息泄露方面 某AI平台因在代码库中硬编码API令牌导致超12000个有效凭证泄露涉及AWSSlack等核心服务 代码安全方面 某应用使用了免费加固未进行充分的安全防护导致重要代码泄漏同时被监管部门通报整改 随着安全威胁持续升级从知识产权侵权用户隐私泄露到国家信息安全危机安全事件后果呈链式放大企业亟需系统性发现应用存在的安全隐患在这一过程中也面临着多维度的风险与挑战 监管高压法规收紧与常态化监管 随着网络安全法数据安全法等法律法规的
嘶吼
人工智能安全
中国
Apr 24, 2025
4月23日由武汉市人民政府主办中国网络空间安全协会武汉临空港经济技术开发区管委会承办中国互联网发展基金会支持的第二届武汉网络安全创新论坛正式开幕大会对外发布2024十大优秀网络安全创新成果蚂蚁集团切面融合智能在威胁检测领域的应用入选 据了解此次征集面向人工智能安全智能网联安全云安全开源软件安全从108项征集成果中通过两轮评审最终评出2024十大优秀网络安全创新成果 在创新成果分享环节蚂蚁集团资深算法专家仲震宇对切面融合智能在威胁检测领域的应用做了解读介绍全球数字化转型浪潮下网络空间和数字化业务日益成为经济发展的驱动力但网络风险态势越发严峻复杂恶意攻击手段不断翻新数字化企业庞大且复杂的系统每日产
嘶吼
360
Apple
Apr 25, 2025
随着Apple Vision Pro的全球发布智能VR应用正深度融入金融娱乐教育医疗工业等核心产业领域成为数字世界的全新入口 金融机构打造沉浸式财富管理用户可通过手势交互查看实时金价3D波动模型在虚拟银行大厅完成黄金制品360检视与一键交易全息助手动态解析资产配置策略 文体娱乐产业革新全景交互体验推出VIP视角观赛用户可自由切换球员视角与战术俯瞰模式通过眼动追踪标记明星球员运动轨迹 教育领域构建高精度实训系统医学生可通过毫米级3D血管模型进行虚拟穿刺训练系统实时压力反馈与误差标注 在空间计算技术驱动创新场景落地的同时VR应用承载的高价值交互算法用户隐私数据及沉浸式体验核心代码正面临代码逆
嘶吼
谷歌
网络钓鱼
Google
Apr 24, 2025
关键词网络钓鱼谷歌旗下的在线调查工具Google Forms正成为网络犯罪分子的新型攻击武器
安全圈
百度
360
病毒
Apr 25, 2025
依据网络安全法个人信息保护法等法律法规按照中央网信办工业和信息化部公安部市场监管总局关于开展2025年个人信息保护系列专项行动的公告要求经国家计算机病毒应急处理中心检测67款移动应用存在违法违规收集使用个人信息情况现通报如下 1在App首次运行时未通过弹窗等明显方式提示用户阅读隐私政策等收集使用规则以默认选择同意隐私政策等非明示方式征求用户同意个人信息处理者在处理个人信息前未以显著方式清晰易懂的语言真实准确完整地向个人告知个人信息处理者的名称或者姓名联系方式个人信息的保存期限等涉及11款移动应用如下 客很多版本2.8.9百度手机助手城泊通版本3.2.1360手机助手e万源版本3.5.1应用宝赢
嘶吼
微软
苹果
Apple
Intel
Apr 23, 2025
苹果移除 Apple Intelligence 页面现已可用标签 微软对绩效不佳员工使出一系列组合拳 两年内不得调岗或再聘航旅纵横五一假期国内航线机票预订量同比增长约 33
极客公园
特斯拉
中国
NVIDIA
小米
Apr 24, 2025
中国科技巨头在制裁前订购了超过 120 亿美元的 NVIDIA 芯片特斯拉利润暴跌七成小米辟谣 YU7 推迟发布
极客公园
数据泄露
黑客
网络钓鱼
IBM
Apr 24, 2025
AI 写文案深度伪造语音锁定你最熟悉的品牌与同事2025 年的网络钓鱼比你想象得更懂人性IBM 报告显示钓鱼已成全球第二大数据泄露元凶人均损失 476 万美元问题不在技术而在于人的注意力与情绪被黑客精准利用
数世咨询
GitHub
恶意代码
木马
病毒
Apr 22, 2025
1 概述 近年来利用开源生态的信任在GitHub伪装开源项目进行恶意代码投毒的攻击活动持续存在自2024年底以来安天CERT持续监测到通过此方式投递使用Electron打包的远控木马的攻击活动攻击者通过伪装漏洞利用工具游戏外挂等针对下载开源项目进行编译开发和使用的用户群体将恶意代码植入开源代码的Visual Studio项目编译配置中使项目在编译时先执行隐蔽命令并利用多层不同语言和编译工具链开发的载荷实现混淆加载规避安全检测最终执行使用Electron打包的远控木马相关攻击活动仍在活跃样本中载荷下载URL等基础设施仍可访问 目前相关样本在各类杀毒引擎中检出率较低安天AVL SDK反病毒引擎通过
嘶吼
Proofpoint
俄罗斯
Shell
恶意广告
微软
网络钓鱼
黑客
MuddyWater
威胁情报
Apr 24, 2025
ClickFix攻击在威胁分子中越来越受欢迎来自朝鲜伊朗和俄罗斯的多个高级持续威胁APT组织在最近的间谍活动中采用了这种技术 ClickFix是一种社会工程策略恶意网站冒充合法软件或文档共享平台目标是通过网络钓鱼或恶意广告引诱并显示虚假的错误信息声称文件或下载失败 然后受害者被提示点击修复按钮该按钮指示他们运行PowerShell或命令行脚本从而在他们的设备上执行恶意软件 微软威胁情报团队去年2月报告称朝鲜黑客Kimsuky也将其用作虚假设备注册网页的一部分 点击修复假设备注册页面 来自Proofpoint的一份最新报告显示在2024年底到2025年初之间Kimsuky朝鲜MuddyWater
嘶吼
远程代码执行
恶意代码
Apr 26, 2025
Craft CMS存在严重远程代码执行漏洞CVE202532432CVSS评分10.0分影响旧版本攻击者利用该漏洞结合Yii框架缺陷在服务器上执行恶意代码窃取数据已发布补丁版本修复漏洞并建议用户更新或采取临时措施防范
不安全
Windows
Linux
Apr 26, 2025
文章讲述了通过路径遍历漏洞访问隐藏管理文件和敏感数据的方法并提供了示例如访问Linux和Windows系统文件同时强调了防范此类攻击的重要性
不安全
微软
英特尔
Apr 26, 2025
英特尔承认市场对AI处理器需求平淡消费者更青睐传统CPU微软联合英特尔等推出AI笔记本电脑销量不佳旧款处理器因价格低受欢迎AI处理器成本高售价昂贵台式机Arrow Lake系列性能不足影响销售
不安全
微软
Windows
Apr 26, 2025
微软计划于2025年10月发布Windows 11 25H2版本更新但预计为小型更新版本号为26200当前正式版为26100差距较小暗示此版本可能无显著新功能微软近年来倾向于滚动更新模式在正式版中逐步推送新功能
不安全
黑客
Google
Apr 26, 2025
一位程序员希望扩展在道德黑客方面的知识以保护正在开发的前后端系统并询问try hack me是否值得尝试他主要使用AIGoogle Cloud和数据分析技术PythonJavaScript为主并了解C和ASM他寻求推荐的学习资源并倾向于实践型学习方式
不安全
Windows
微软
Microsoft
Apr 26, 2025
微软宣布停止维护并删除Windows 11内置的地图应用UWP版因使用率低该应用将在2025年7月获得最终更新后无法运行并从Microsoft Store中移除同时相关API和控件也被弃用开发者需迁移到Azure Maps平台
不安全
Virus
VirusTotal
Apr 26, 2025
文章描述了一种通过PNG图像嵌入恶意软件的方法作者使用pngdump.py分析PNG结构发现异常尺寸和嵌入的PE文件通过工具提取并识别为.NET文件在VirusTotal上检测到49次恶意行为
不安全
勒索软件
黑客
LockBit勒索软件
Apr 25, 2025
布鲁斯施耐尔是一位公共利益的技术专家在安全与技术交叉领域工作他从2004年开始在博客上撰写安全问题并于1998年创办月刊文章涉及朝鲜黑客窃取加密货币及LockBit勒索软件等案例并探讨加密价值与NSA威胁等主题
不安全
中国
美国
黑客
Apr 25, 2025
FBI寻求公众帮助识别盐旋风黑客组织成员及其活动线索该组织被指入侵美国及全球多国电信公司网络并窃取敏感通信数据FBI悬赏1000万美元收集相关信息并已对涉事中国网络安全公司实施制裁
不安全
RSAC 2025 Innovation Sandbox | Aurascape: Reconstructing the Intelligent Defense Line of AI Interactive Visibility and Native Security
亚马逊
美国
Palo Alto Networks
Google
Apr 25, 2025
Aurascape是一家专注于AI原生安全的网络安全初创公司总部位于美国加州圣何塞该公司由来自Palo Alto NetworksGoogle和亚马逊的安全专家创立于2023年并于2024年完成1280万美元种子轮融资其先进平台旨在帮助企业应对生成式AI带来的安全挑战并已入选RSAC 2025创新沙盒决赛
不安全
GreyNoise
RAT
中国
Ivanti
零日漏洞
日本
Apr 25, 2025
文章描述了一种名为DslogdRAT的新恶意软件通过零日漏洞CVE20250282传播的情况该漏洞曾被用于攻击日本组织并由与中国有关的网络间谍组织UNC5337分发Ivanti已修复该漏洞此外GreyNoise报告称针对Ivanti设备的可疑扫描活动激增
不安全
微软
Windows
Apr 25, 2025
微软为修复系统漏洞在C盘根目录创建空文件夹inetpub但该方法存在安全缺陷非管理员用户可利用此漏洞创建符号链接阻止安全更新安装该问题影响所有受支持版本的Windows系统微软尚未回应修复
不安全
恶意代码
供应链攻击
Apr 25, 2025
随着生成式人工智能工具在编码中的广泛应用一种名为slopsquatting的新型供应链攻击逐渐浮现该攻击通过创建并推广不存在的软件包名称来欺骗开发人员安装恶意代码研究表明AI模型频繁生成虚假包名称且具有可重复性和语义合理性为降低风险建议手动验证包名称并采用依赖扫描器锁文件和哈希验证等安全措施
不安全
GitLab
现代
Apr 25, 2025
文章介绍了如何使用GitLab CICD自动化Python项目的测试代码验证和部署流程通过配置.gitlabci.yml文件开发者可以实现代码测试构建环境隔离以及代码风格检查等功能
不安全
防火墙
Cloudflare
Apr 25, 2025
本文介绍了Cloudflare错误代码521的原因及解决方法该错误通常发生在Cloudflare服务器与源服务器通信失败时常见原因包括源服务器过载防火墙设置错误或网络连接问题用户可通过检查源服务器状态优化配置或联系技术支持来解决问题
不安全
特斯拉
美国
Apr 25, 2025
Alphabet旗下Waymo每周提供逾25万次付费无人驾驶出租车服务在美国旧金山洛杉矶凤凰城和奥斯汀运营特斯拉计划于6月底前将Model Y改装为自动驾驶出租车在奥斯丁提供服务
不安全
Dec 29, 2100
渗透攻击超十年由于年龄身体原因自己感觉快要退出一线渗透攻击了遂打算把毕生所学用文字表写出来因为文章涉及到敏感的攻击行为所以好多需要打马赛克或者是本地以demo的形式表现出来当这个行业做久了你也终有一天发现原来事物的本质是如此重要比如内网渗透的本质是信息搜集当年某大佬把这条经验传递给我同样今天变成老家伙的我也希望把这条经验传递下去 文中一定会出现笔误或者不对的地方请大家多多包涵提前向各位说声对不起所有课程从基础开始包括工具的介绍应用等这样以后新来的同学或者想要自我从头学习的同学也可以避开一些弯路在写的过程中我深深体会到分享者才是学习中的最大受益者由于需要成文章所以需要查阅大量的资料在整个过程中又
专注APT攻击与防御
工业系统
标题
Tags
发布时间
摘要
来源
物联网
标题
Tags
发布时间
摘要
来源
企业安全
标题
Tags
发布时间
摘要
来源
Apr 24, 2025
新闻速览 两部委联合印发国家智能制造标准体系建设指南2024 版 工信部CSTIS提醒防范Out
安全牛
安全运营
Apr 21, 2025
本文内容摘自为安全牛最新发布的智能化安全运营中心应用指南2025年研究报告 在数字化浪潮席卷全球的今天
安全牛
Windows
Apr 23, 2025
新闻速览 国家网络安全通报中心提醒WinRAR安全漏洞可绕过Windows安全警告执行恶意软件 警惕新型
安全牛
英国
Apr 23, 2025
新闻速览 英国Ofcom禁止全球标题码租赁遏制移动网络犯罪 漏洞研究新突破
安全牛
Tenable
Apr 21, 2025
Each Monday, the Tenable Exposure Management Academy provides the practical, realworld guidance you need to shift from vulnerability management to exposure management. In this post, Tenable CSO Robert Huber shares practical advice on using an exposure management program to focus on risks that have b
Tenable Blog
SAP
Apr 25, 2025
SAP has released outofband patch to address CVE202531324, a critical zeroday vulnerability in SAP NetWeaver that has been exploited by threat actors. Organizations are strongly encouraged to apply patches as soon as possible. Background On April 22, ReliaQuest published details of their investigatio
Tenable Blog
Tenable
Apr 25, 2025
Timely vulnerability remediation is an ongoing challenge for organizations as they struggle to prioritize the exposures that represent the greatest risk to their operations. Existing scoring systems are invaluable but can lack context. Heres how Tenables Vulnerability Watch classification system can
Tenable Blog
Cisco Secure
Cisco
Apr 23, 2025
Enterprises face several challenges to secure access to AI models and chatbots. Cisco Secure Access extends the security perimeter to address these challenges.
Cisco Security Blog
SOC
Cisco
Apr 24, 2025
Cisco is the Security Cloud Provider to the Black Hat conferences. Learn about the latest innovations for the SOC of the Future.
Cisco Security Blog
SOC
安全运营
Apr 22, 2025
本文内容摘自为安全牛最新发布的智能化安全运营中心应用指南2025年研究报告 目前各组织正积极升级SOC
安全牛
Tenable
Google
Apr 22, 2025
Tenable Research discovered a privilegeescalation vulnerability in Google Cloud Platform GCP that is now fixed and which we dubbed ConfusedComposer. The vulnerability could have allowed an identity with permission composer.environments.update to edit a Cloud Composer environment to escalate privileg
Tenable Blog
Tenable
Microsoft
Apr 22, 2025
U.S. government agencies are required to bring their Microsoft 365 cloud services into compliance with a recent Binding Operational Directive. Heres how Tenable can help. Overview Malicious threat actors are constantly targeting cloud environments. The risk of compromise can be reduced by enforcing
Tenable Blog
CSPM
Tenable
Apr 23, 2025
In the first installment of Tenables Stronger Cloud Security in Five blog series, we covered cloud security posture management CSPM, which focuses on protecting your multicloud infrastructure by detecting misconfigurations. Today, we turn to securing cloud workloads, which are the applications and s
Tenable Blog
Tenable
Microsoft
Apr 24, 2025
Microsoft synchronization capabilities for managing identities in hybrid environments are not without their risks. In this blog, Tenable Research explores how potential weaknesses in these synchronization options can be exploited. Synchronizing identity accounts between Microsoft Active Directory AD
Tenable Blog
Cybersecurity Snapshot: Verizon DBIR Finds Attackers Feast on Vulnerability Exploits for Initial Access, While MITRE ATT&CK Adds Mobile, Cloud, ESXi Threat Intel
Tenable
Verizon
Apr 25, 2025
Check out highlights from this years Verizon DBIR, including a surge in zeroday exploits targeting edge devices and VPNs. Plus, find out whats new in the latest version of MITRE ATTCK. Also, see what Tenable webinar attendees said about AI security. And get the latest on ransomware preparedness for
Tenable Blog
Data Breach
Tenable
Verizon
Apr 23, 2025
The 2025 Verizon Data Breach Investigations Report DBIR reveals that vulnerability exploitation was present in 20 of breaches a 34 increase yearoveryear. To support the report, Tenable Research contributed enriched data on the most exploited vulnerabilities. In this blog, we analyze 17 edgerelated
Tenable Blog
Apr 23, 2025
4月18日由安全牛主办的后量子密码安全主题沙龙成功举办本次活动是继安全牛后量子密码安全能力构建技术指
安全牛
移动安全
标题
Tags
发布时间
摘要
来源
- 作者:黑客驰
- 链接:https://hackerchi.top/article/HackerNews
- 声明:本文采用 CC BY-NC-SA 4.0 许可协议,转载请注明出处。
相关文章
