网安专项password
icon
URL
type
date
summary
status
slug
tags
category
免责声明:本文章中的信息和观点仅代表引用网站或者原作者,本网站只是引用其观点、内容,不代表本网站、公众号、黑客驰本人的观点或立场。
本文章论述内容仅作为教育参考使用,如有违法行为与本网站和黑客驰无关,国法无情,自行负责。
将我们的公众号内容加星获得隐藏内容。
↘️以下为目录,点击可跳转,右划点击标题跳转到原文
网安新闻
标题
Tags
发布时间
摘要
来源
Apr 28, 2025
新闻速览 工信部CSTIS提醒防范WinRAR安全绕过漏洞的风险 第一季度159个CVE遭到野外利用近
安全牛
Apr 29, 2025
新闻速览 2025年提升全民数字素养与技能工作要点印发提出营造安全有序数字环境 全球能源巨头成为目标
安全牛
Apr 30, 2025
新闻速览 工业和信息化部加快自动驾驶系统安全要求强制性国家标准研制 网络安全标准实践指南个人信息保
安全牛
零日漏洞
Apr 30, 2025
基于多模态学习的混淆隧道流量行为检测方案 by ourren 2024年在野零日漏洞利用分析上 by ourren 软件工厂关键技术分析及启示 by ourren 更多最新文章请访问 SecWiki
SecWiki News
邮件安全
病毒
Apr 28, 2025
企业邮箱如同数字城堡而邮件安全网关则是城墙上的智能哨兵它需精准拦截恶意钓鱼邮件病毒附件等外敌还要
安全牛
数据泄露
DoS攻击
DDoS攻击
Cisco
Verizon
Apr 29, 2025
IoT安全透视DLink DWR932B固件全面逆向分析 by ourren 2024年网络安全产业态势回顾及2025年趋势展望 by ourren 2024年暗网态势研究报告数据泄露趋势与治理挑战 by ourren 基于静态分析的路由器固件二进制漏洞挖掘经验分享 by ourren Verizon2025数据泄漏调查报告网络攻击越来越快准隐狠 by ourren DDoS攻击威胁报告2025版 by ourren Foundationsec Cisco Foundation AIs OpenSource Model by ourren 更多最新文章请访问 SecWiki
SecWiki News
威胁情报
标题
Tags
发布时间
摘要
来源
Apr 29, 2025
AI search service Perplexity AI doesnt just want you using its appit wants to take over your web browsing experience too.
Malwarebytes Labs
Apr 30, 2025
Fake emails pretending to come from the US Social Security Administration try to get targets to install ScreenConnect for remote access.
Malwarebytes Labs
May 1, 2025
These 3 cybersecurity threats may not be the most sophisticated, but theyre the most effectiveand seriousthreats for small businesses.
Malwarebytes Labs
May 2, 2025
Passwords are becoming things of the past. Passkeys are more secure, easier to manage, and speed up the log in process
Malwarebytes Labs
Apr 29, 2025
Advertised on Telegram, Gremlin Stealer is new malware active since March 2025 written in C. Data stolen is uploaded to a server for publication. The post Gremlin Stealer New Stealer on Sale in Underground Forum appeared first on Unit 42 .
Unit 42 by Palo Alto Networks
May 1, 2025
Programs leveraging AI agents are increasingly popular. Nine attack scenarios using opensource agent frameworks show how bad actors target these applications. The post AI Agents Are Here. So Are the Threats. appeared first on Unit 42 .
Unit 42 by Palo Alto Networks
SAP
Apr 28, 2025
CVE202531324 is a maximum severity bug that attackers exploited weeks before SAP released a patch for it.
Dark Reading
NVIDIA
Apr 29, 2025
NVIDIAs DOCA Argus prevents attacks before they compromise AI architectures.
Dark Reading
CISA
Apr 30, 2025
Secretary Noem asks the cybersecurity community to get in touch with CISA to help reshape the agency to focus on finding efficiencies.
Dark Reading
CISA
Apr 30, 2025
Jen Easterly, former director of CISA, discussed the first 100 days of the second Trump administration and criticized the presidents mandate for loyalty during a panel at RSAC 2025.
Dark Reading
Cisco
Apr 30, 2025
Cisco joins the agentic AI wave with the introduction of advanced LLMs to autonomously verify and investigate attacks.
Dark Reading
China
May 1, 2025
The Chinalinked cyberoperations group, better known as Lotus Panda, uses its own custom malware to focus on government agencies and private companies in Hong Kong, the Philippines, Taiwan, and Vietnam.
Dark Reading
Russia
May 1, 2025
Russias cyberattacks on Ukraine have increased dramatically, targeting the countrys government and defense infrastructure.
Dark Reading
Microsoft
May 1, 2025
Microsoft has set May 5 as the deadline for bulk email compliance. In this Tech Tip, we show how organizations can still make the deadline.
Dark Reading
CISA
May 2, 2025
Gutting CISA wont just lose us a partner. It will lose us momentum. And in this game, thats when things break.
Dark Reading
Disney
Apr 29, 2025
A former Disney employee has been sentenced to three years in prison for computer fraud and identity theft.
Malwarebytes Labs
Google
May 1, 2025
Cybercriminals are having less success targeting enduser technology with zeroday attacks, said Googles security team this week.
Malwarebytes Labs
Apple
May 1, 2025
Researchers found a set of vulnerabilities that puts all devices leveraging Apples AirPlay at risk.
Malwarebytes Labs
Trojan
China
Apr 29, 2025
A spearphishing campaign sent Trojanized versions of legitimate wordprocessing software to members of the World Uyghur Congress as part of Chinas continued cyberespionage activity against the ethnic minority.
Dark Reading
Windows
Microsoft
May 1, 2025
Microsofts David Weston describes the new feature as the most significant architectural Windows security change in a generation.
Dark Reading
Cisco
May 1, 2025
Cisco joins the agentic AI wave with the introduction of advanced LLMs to autonomously verify and investigate attacks.
Dark Reading
May 1, 2025
A LevelBlue report looks at what goes into the security postures of a cyberresilient organization, and found that AI is still a blind spot.
Dark Reading
Apr 30, 2025
The chat infrastructure and dataleak site of the notorious ransomwareasaservice group has been inactive since March 31, according to security vendors.
Dark Reading
May 1, 2025
How one unreasonable client got lucky during a cyber incident, despite their unreasonable response to the threat.
Dark Reading
Apr 30, 2025
Leaders at federal research organizations DARPA, ARPAI, and ARPAH discussed the myriad obstacles in addressing critical infrastructure security at RSAC Conference 2025.
Dark Reading
Apr 30, 2025
Opportunistic threat actors targeted Portuguese and Spanish speakers by spoofing Portugals national airline in a campaign offering compensation for delayed or disrupted flights.
Dark Reading
Apr 30, 2025
A SLAACspoofing, adversaryinthemiddle campaign is hiding the WizardNet backdoor malware inside updates for legitimate software and popular applications.
Dark Reading
Apr 30, 2025
While nationstate actors are demonstrating how easily they can infiltrate US networks, government officials dont seem to have a clear vision for what comes next.
Dark Reading
漏洞分析
标题
Tags
发布时间
摘要
来源
Microsoft
Apr 29, 2025
Find out how Reco keeps Microsoft 365 Copilot safe by spotting risky prompts, protecting data, managing user access, and identifying threats all while keeping productivity high. Microsoft 365 Copilot promises to boost productivity by turning natural language prompts into actions. Employees can gene
Hacker News Exploits
India
Apr 30, 2025
A high court in the Indian state of Karnataka has ordered the blocking of endtoend encrypted email provider Proton Mail across the country. The High Court of Karnataka, on April 29, said the ruling was in response to a legal complaint filed by M Moser Design Associated India Pvt Ltd in January 2025.
Hacker News Exploits
Singapore
Apr 30, 2025
Cybersecurity researchers have revealed that RansomHubs online infrastructure has inexplicably gone offline as of April 1, 2025, prompting concerns among affiliates of the ransomwareasaservice RaaS operation. Singaporean cybersecurity company GroupIB said that this may have caused affiliates to migr
Hacker News Exploits
China
Apr 30, 2025
A Chinaaligned advanced persistent threat APT group called TheWizards has been linked to a lateral movement tool called Spellbinder that can facilitate adversaryinthemiddle AitM attacks. Spellbinder enables adversaryinthemiddle AitM attacks, through IPv6 stateless address autoconfiguration SLAAC spo
Hacker News Exploits
SonicWall
May 1, 2025
SonicWall has revealed that two nowpatched security flaws impacting its SMA100 Secure Mobile Access SMA appliances have been exploited in the wild. The vulnerabilities in question are listed below CVE202344221 CVSS score 7.2 Improper neutralization of special elements in the SMA100 SSLVPN manageme
Hacker News Exploits
Microsoft
May 1, 2025
Enterprise data backup platform Commvault has revealed that an unknown nationstate threat actor breached its Microsoft Azure environment by exploiting CVE20253928 but emphasized there is no evidence of unauthorized data access. This activity has affected a small number of customers we have in common
Hacker News Exploits
Russia
May 1, 2025
Russian companies have been targeted as part of a largescale phishing campaign thats designed to deliver a known malware called DarkWatchman. Targets of the attacks include entities in the media, tourism, finance and insurance, manufacturing, retail, energy, telecom, transport, and biotechnology sec
Hacker News Exploits
SOC
May 1, 2025
Security Operations Center SOC teams are facing a fundamentally new challenge traditional cybersecurity tools are failing to detect advanced adversaries who have become experts at evading endpointbased defenses and signaturebased detection systems. The reality of these invisible intruders is drivin
Hacker News Exploits
Microsoft
May 2, 2025
A year after Microsoft announced passkeys support for consumer accounts, the tech giant has announced a big change that pushes individuals signing up for new accounts to use the phishingresistant authentication method by default. Brand new Microsoft accounts will now be passwordless by default, Micr
Hacker News Exploits
United States
May 3, 2025
The U.S. Department of Justice DoJ on Thursday announced charges against a 36yearold Yemeni national for allegedly deploying the Black Kingdom ransomware against global targets, including businesses, schools, and hospitals in the United States. Rami Khaled Ahmed of Sanaa, Yemen, has been charged wit
Hacker News Exploits
Linux
May 3, 2025
Cybersecurity researchers have discovered three malicious Go modules that include obfuscated code to fetch nextstage payloads that can irrevocably overwrite a Linux systems primary disk and render it unbootable. The names of the packages are listed below github.comtruthfulpharmprototransform github
Hacker News Exploits
ZTE
May 1, 2025
ZTE ZXV10 H201L RCE via authentication bypass
Exploit DB
Microsoft
May 1, 2025
Microsoft NTLM Hash Disclosure Spoofing libraryms
Exploit DB
Windows
Microsoft
May 1, 2025
Posted by hyp3rlinx on May 01 Credits John Page aka hyp3rlinx Website hyp3rlinx.altervista.org Source httpshyp3rlinx.altervista.orgadvisoriesMicrosoft_Windows_xrmms_File_NTLMHash_Disclosure.txt x.comhyp3rlinx ISR ApparitionSec Vendor www.microsoft.com Product .xrmms File Type Vulnerability Type
Full Disclosure
Broadcom
CISA
Apr 29, 2025
The U.S. Cybersecurity and Infrastructure Security Agency CISA on Monday added two highseverity security flaws impacting Broadcom Brocade Fabric OS and Commvault Web Server to its Known Exploited Vulnerabilities KEV catalog, citing evidence of active exploitation in the wild. The vulnerabilities in
Hacker News Exploits
SentinelOne
China
Apr 29, 2025
Cybersecurity company SentinelOne has revealed that a Chinanexus threat cluster dubbed PurpleHaze conducted reconnaissance attempts against its infrastructure and some of its highvalue customers. We first became aware of this threat cluster during a 2024 intrusion conducted against an organization p
Hacker News Exploits
RAT
Russia
Apr 30, 2025
Cybersecurity researchers have shed light on a Russianspeaking cyber espionage group called Nebulous Mantis that has deployed a remote access trojan called RomCom RAT since mid2022. RomCom employs advanced evasion techniques, including livingofftheland LOTL tactics and encrypted command and control
Hacker News Exploits
Recorded Future
Shell
May 2, 2025
The malware loader known as MintsLoader has been used to deliver a PowerShellbased remote access trojan called GhostWeaver. MintsLoader operates through a multistage infection chain involving obfuscated JavaScript and PowerShell scripts, Recorded Futures Insikt Group said in a report shared with The
Hacker News Exploits
Windows
Microsoft
May 1, 2025
Microsoft Windows XRMMS File NTLM Information Disclosure Spoofing
Exploit DB
China
GDPR
Frida
May 2, 2025
Irelands Data Protection Commission DPC on Friday fined popular videosharing platform TikTok 530 million 601 million for infringing data protection regulations in the region by transferring European users data to China. TikTok infringed the GDPR regarding its transfers of EEA European Economic Area
Hacker News Exploits
May 2, 2025
暂无内容
SANS Internet Storm Center
May 1, 2025
A friend asked me if my pngdump.py tool can extract individual bits from an image cfr. diary entry Steganography Analysis With pngdump.py.
SANS Internet Storm Center
May 1, 2025
暂无内容
SANS Internet Storm Center
Apr 30, 2025
As the field of artificial intelligence AI continues to evolve at a rapid pace, new research has found how techniques that render the Model Context Protocol MCP susceptible to prompt injection attacks could be used to develop security tooling or identify malicious tools, according to a new report fr
Hacker News Exploits
Apr 30, 2025
How Many Gaps Are Hiding in Your Identity System? Its not just about logins anymore. Todays attackers dont need to hack inthey can trick their way in. Deepfakes, impersonation scams, and AIpowered social engineering are helping them bypass traditional defenses and slip through unnoticed. Once inside
Hacker News Exploits
Apr 30, 2025
Everyone has cybersecurity stories involving family members. Heres a relatively common one. The conversation usually goes something like this The strangest thing happened to my streaming account. I got locked out of my account, so I had to change my password. When I logged back in, all my shows were
Hacker News Exploits
Apr 30, 2025
Meta on Tuesday announced LlamaFirewall, an opensource framework designed to secure artificial intelligence AI systems against emerging cyber risks such as prompt injection, jailbreaks, and insecure code, among others. The framework, the company said, incorporates three guardrails, including PromptG
Hacker News Exploits
网安博客
标题
Tags
发布时间
摘要
来源
华为
英伟达
May 2, 2025
英伟达黄仁勋称华为是全球最强科技公司之一中美在 AI 发展领域的水平非常接近 2025 年五一档首日票房 1.83 亿水饺皇后猎金游戏人生开门红前三
极客公园
勒索软件
日本
Apr 29, 2025
关键词勒索软件日立 Vantara 是日本跨国集团日立的子公司该公司上周末被迫关闭服务器以遏制 Akira
安全圈
英国
勒索软件
Apr 29, 2025
关键词勒索软件英国零售巨头玛莎百货 Marks Spencer 持续的宕机是由勒索软件攻击造成的据
安全圈
微软
Windows
May 1, 2025
关键词Windows7困扰Windows 7用户十余年的系统登录延迟谜团近日由微软官方揭晓答案
安全圈
ESET
黑客
May 2, 2025
关键词IPV6劫持网络安全公司 ESET 昨日4 月 30 日发布博文报道称黑客组织 TheWizard
安全圈
木马
病毒
Apr 29, 2025
近期火绒安全情报中心监测到一款伪装成Clash代理工具的程序正在网络上传播经溯源分析这款恶意软件是由易语言编写的木马其开发者还提供私人定制易语言服务为他人的黑灰产活动提供支持目前火绒安全产品可对上述病毒进行拦截查杀
火绒安全实验室
密码喷洒攻击
黑客
Apr 28, 2025
Storm1977 黑客组织利用 AzureChecker CLI 工具通过密码喷洒攻击教育领域云租户劫持 200 多个容器用于加密货币挖矿
看雪学院
英国
黑客
Apr 30, 2025
英国零售巨头玛莎百货遭 Scattered Spider 黑客组织网络攻击致多系统瘫痪线上订单暂停运营受阻
看雪学院
邮件安全
病毒
Apr 28, 2025
企业邮箱如同数字城堡而邮件安全网关则是城墙上的智能哨兵它需精准拦截恶意钓鱼邮件病毒附件等外敌还要保证正常邮件高效流通然而面对硬件网关软件网关云网关三种哨兵形态企业如何精准匹配自身能力和需求并做出正确的选择 答案没有最好只有最合适本文将从形态优势和适用场景两大维度帮助企业找到最合适的邮件安全哨兵 三大形态对比你的企业适合哪种哨兵 1硬件网关本地部署的硬核卫士 优势 一站式安装部署由厂商提供全面的硬件软件和服务支持涵盖从采购到部署的全过程企业无需自行挑选和整合不同组件 数据本地化部署在企业内网数据不出本地满足对数据安全要求极高网络环境复杂的大型企业或涉密机构 适用场 景 适合对数据安全要求严
嘶吼
苹果
iOS
Apr 30, 2025
根据安全研究人员最新发现iOS系统的一个关键漏洞可能允许恶意应用程序仅用一行代码就永久禁用iphone该漏洞被命名为CVE202524091利用操作系统的达尔文通知系统触发无尽的重启周期有效地阻塞设备并需要完整的系统恢复 iOS Darwin通知漏洞 该漏洞利用了Darwin通知这是CoreOS层中的一种低级消息传递机制允许进程通信系统范围的事件 与NSNotificationCenter或NSDistributedNotificationCenter等更常见的通知系统不同Darwin通知是传统API的一部分在苹果操作系统的基础层面上运行 安全研究员Guilherme Rambo发现了这一漏洞
嘶吼
谷歌
苹果
小米
Apr 28, 2025
雷军回应小米手机重回第一人车家全生态 古尔曼苹果 Vision Pro 轻量版最早有望今年末上市 全球访问量最大网站 TOP20谷歌位居榜首YouTube 访问时长最长
极客公园
微软
苹果
英伟达
May 3, 2025
苹果遭评级下调市值被微软超越英伟达 CEO 黄仁勋 2025 财年薪酬达 4990 万美元GTA 6跳票彭博社记者称早已注定玩家直呼好歹来张截图
极客公园
数据泄露
韩国
黑客
May 2, 2025
关键词黑客据报道韩国第一大电信运营商SK Telecom近日遭遇黑客攻击导致大量用户USIM卡数据泄露引
安全圈
美国
黑客
迪士尼
May 2, 2025
关键词黑客据 CNN美国有线电视新闻网当地时间 4 月 28 日报道一名迪士尼前员工因黑客攻击公司服务器
安全圈
中国
中国移动
中国电信
Apr 29, 2025
4月28日在第八届数字中国建设峰会期间第二届长城杯信息安全铁人三项赛防护赛总决赛在福建福州举办本届大赛由中央网络安全和信息化委员会办公室教育部国家市场监督管理总局国家数据局指导中国信息安全测评中心北京师范大学中国电信集团有限公司中国移动通信集团有限公司联合主办第十二届全国政协副主席国家电子政务专家委员会主任王钦敏出席活动并致闭幕辞 第十二届全国政协副主席国家电子政务专家委员会主任王钦敏致辞 本届大赛以智能防护开启数字安全新时代为主题经过线上初赛半决赛的激烈角逐来自84所高校的100支参赛队伍近400名参赛学生会师总决赛 总决赛现场 福建省委常委常务副省长王永礼专程到比赛现场看望大赛组委会同志和
嘶吼
意大利
移动安全
社会工程学
Apr 29, 2025
一种名为SuperCard X的新型恶意软件即服务MaaS平台已经出现该平台通过NFC中继攻击安卓设备使销售点和ATM交易能够使用受损的支付卡数据 SuperCard X是由移动安全公司Cleafy发现的该公司报告称在意大利发现了利用这种安卓恶意软件的攻击这些攻击涉及多个具有细微差异的样本表明分支机构可以根据区域或其他特定需求定制构建 SuperCard X攻击是如何展开的 攻击开始时受害者会收到一条假冒银行的假短信或WhatsApp消息声称他们需要拨打一个号码来解决可疑交易引起的问题 接电话的是一名冒充银行客服人员的骗子他利用社会工程学欺骗受害者确认他们的卡号和密码然后他们试图说服用户通过他
嘶吼
网络钓鱼
钓鱼攻击
MFA
Microsoft
Apr 30, 2025
一种名为CookieBite的概念验证攻击利用浏览器扩展程序从 Azure Entra ID 中窃取浏览器会话 Cookie以绕过多因素身份验证MFA保护并保持对 Microsoft 365Outlook 和 Teams 等云服务的访问 此次攻击由 Varonis 安全研究人员设计他们分享了一种概念验证PoC方法涉及一个恶意的和一个合法的 Chrome 扩展程序然而窃取会话 cookie 并非新鲜事因为信息窃取程序和中间人网络钓鱼攻击通常都会将其作为目标 虽然通过窃取 Cookie 来入侵账户并非新手段但CookieBite技术中恶意 Chrome 浏览器扩展程序的使用因其隐秘性和持久性而值得
嘶吼
数据泄露
DoS攻击
DDoS攻击
Cisco
Verizon
Apr 29, 2025
IoT安全透视DLink DWR932B固件全面逆向分析 by ourren 2024年网络安全产业态势回顾及2025年趋势展望 by ourren 2024年暗网态势研究报告数据泄露趋势与治理挑战 by ourren 基于静态分析的路由器固件二进制漏洞挖掘经验分享 by ourren Verizon2025数据泄漏调查报告网络攻击越来越快准隐狠 by ourren DDoS攻击威胁报告2025版 by ourren Foundationsec Cisco Foundation AIs OpenSource Model by ourren 更多最新文章请访问 SecWiki
SecWiki News(国内外安全资讯)
Kali Linux
Linux
May 3, 2025
在Kali Linux中处理更新时遇到系统崩溃,错误提示显示dpkg被锁定且存在损坏包,导致关键工具无法使用,中断了当天的CTF挑战准备
不安全
U.S. CISA adds Yii Framework and Commvault Command Center flaws to its Known Exploited Vulnerabilities catalog
远程代码执行
CISA
美国
May 3, 2025
美国网络安全与基础设施安全局CISA将Yii框架和Commvault Command Center的高危漏洞加入已知被利用的漏洞目录这些漏洞可能导致路径遍历和远程代码执行攻击者已利用这些漏洞进行链式攻击以入侵服务器并上传恶意文件CISA要求联邦机构在2025年5月23日前修复这些漏洞以防范风险
不安全
微软
勒索软件
美国
May 3, 2025
美国司法部起诉一名也门男子涉嫌利用Black Kingdom勒索软件攻击全球目标包括美国企业学校和医院并通过微软Exchange Server漏洞部署 ransomware受害者需支付比特币赎金同时勒索软件攻击持续增加但赎金支付率下降
不安全
远程代码执行
文件包含漏洞
HP
May 3, 2025
该文章探讨了文件包含漏洞的高级利用技术包括路径遍历本地文件包含LFI和远程文件包含RFI并详细介绍了如何通过PHP会话日志中毒及包装器链式攻击实现远程代码执行文章强调了负责任的安全实践和遵守法律的重要性
不安全
英国
数据泄露
勒索软件
May 3, 2025
DragonForce勒索软件团伙近期针对英国零售商发起攻击利用钓鱼邮件漏洞和被盗凭证入侵系统并通过白标服务和RansomBay数据泄露网站扩大业务
不安全
DDoS攻击
Kali Linux
Linux
DoS攻击
May 3, 2025
一位用户希望在自己的网络上进行DDoS攻击测试并寻求帮助他使用Kali Linux和Wlan0接口并提到自己是新手此外他在尝试登录路由器时遇到密码问题
不安全
意大利
钓鱼攻击
网络钓鱼
Tesla
May 3, 2025
CERTAGID报告称在最近一周内检测到59起网络钓鱼和恶意软件活动其中27起直接针对意大利目标攻击者利用支付罚款订单等主题诱骗用户点击恶意链接或下载有害附件恶意软件如FormBookAgentTesla等被广泛使用而钓鱼攻击则利用PagoPA等可信服务增加可信度CERTAGID提供了818个指标以帮助防御这些威胁
不安全
GitHub
Hacker
May 3, 2025
这篇文章介绍了HackerNoon平台上的热门技术内容涵盖GitHub Copilot提升开发效率Go语言实现负载均衡AIML模型部署优化AI搜索提升电商竞争力Web3与AI结合等主题并涉及技术趋势分析及产品管理策略
不安全
微软
MFA
May 2, 2025
微软的应用专用密码用于不支持通行密钥和MFA验证的软件或设备它随机生成且无法自定义用户需在账户中心创建并为每个应用单独设置以提高安全性
不安全
奔驰
Google
May 2, 2025
安全研究人员随机选中奔驰网站作为新目标在未查看漏洞披露政策的情况下展开渗透测试通过Google Dorks发现Swagger UI接口后测试常用payload成功发现漏洞并最终提交给奔驰安全团队修复
不安全
GitHub
特斯拉
May 2, 2025
xAI员工在GitHub泄露私钥允许他人访问其私有大型语言模型两个月这些模型用于处理马斯克旗下公司如SpaceX特斯拉和推特X的内部数据GitGuardian发现后通知xAI最终移除泄露仓库
不安全
微软
MFA
May 2, 2025
微软为庆祝世界密码日5月4日计划更改账户注册流程默认不再需要设置传统密码而是使用通行密钥或MFA身份验证器进行验证现有用户也可删除账户密码默认登录时优先使用通行密钥或MFA
不安全
勒索软件
现代
May 2, 2025
PollyLocker是一款由DarkWire团队开发的定制勒索软件模拟工具专为教育和研究设计它帮助网络安全专业人士了解现代勒索软件的工作原理包括有效载荷部署加密逻辑勒索便条生成及网络行为等该工具不含破坏性代码旨在促进信息安全领域的深入讨论与防御策略开发
不安全
GitHub
数据泄露
May 2, 2025
微信开始打击利用本地数据打造 AI 分身或数据分析类的应用提醒开发者注意法律风险GitHub 上的开源项目可能被第三方改造并获取用户数据微信公告指出部分第三方工具绕过安全措施获取数据并给出两种违规类型案例提醒用户谨慎使用此类工具以防数据泄露
不安全
Dec 29, 2100
渗透攻击超十年由于年龄身体原因自己感觉快要退出一线渗透攻击了遂打算把毕生所学用文字表写出来因为文章涉及到敏感的攻击行为所以好多需要打马赛克或者是本地以demo的形式表现出来当这个行业做久了你也终有一天发现原来事物的本质是如此重要比如内网渗透的本质是信息搜集当年某大佬把这条经验传递给我同样今天变成老家伙的我也希望把这条经验传递下去 文中一定会出现笔误或者不对的地方请大家多多包涵提前向各位说声对不起所有课程从基础开始包括工具的介绍应用等这样以后新来的同学或者想要自我从头学习的同学也可以避开一些弯路在写的过程中我深深体会到分享者才是学习中的最大受益者由于需要成文章所以需要查阅大量的资料在整个过程中又
专注APT攻击与防御
工业系统
标题
Tags
发布时间
摘要
来源
物联网
标题
Tags
发布时间
摘要
来源
Apr 30, 2025
Our friends at Beecham Research will be holding a webinar on Wednesday 7th May. The post Securing Enterprise IoT Blind Spots You Cant Afford appeared first on IoT Security Foundation .
IoT Security Foundation
企业安全
标题
Tags
发布时间
摘要
来源
Cisco
Apr 28, 2025
Foundation AI is a Cisco organization dedicated to bridging the gap between the promise of AI and its practical application in cybersecurity.
Cisco Security Blog
Apr 28, 2025
Foundation AIs first release Llama3.1FoundationAISecurityLLMbase8B is designed to improve response time, expand capacity, and proactively reduce risk.
Cisco Security Blog
XDR
Cisco
Apr 28, 2025
Clear verdict. Decisive action. AI speed. Cisco XDR turns noise into clarity and alerts into actionenabling confident, timely response at scale.
Cisco Security Blog
SOC
XDR
Cisco
Apr 29, 2025
Discover how Cisco XDRs Instant Attack Verification brings realtime threat validation for faster, smarter SOC response.
Cisco Security Blog
Apr 28, 2025
新闻速览 工信部CSTIS提醒防范WinRAR安全绕过漏洞的风险 第一季度159个CVE遭到野外利用近
安全牛
邮件安全
病毒
Apr 28, 2025
企业邮箱如同数字城堡而邮件安全网关则是城墙上的智能哨兵它需精准拦截恶意钓鱼邮件病毒附件等外敌还要
安全牛
Apr 29, 2025
新闻速览 2025年提升全民数字素养与技能工作要点印发提出营造安全有序数字环境 全球能源巨头成为目标
安全牛
Apr 30, 2025
新闻速览 工业和信息化部加快自动驾驶系统安全要求强制性国家标准研制 网络安全标准实践指南个人信息保
安全牛
Tenable
Apr 28, 2025
Each Monday, the Tenable Exposure Management Academy provides the practical, realworld guidance you need to shift from vulnerability management to exposure management. In this post, Tenable CIO Patricia Grant looks at how the CIOCSO relationship is key to a successful exposure management program. Yo
Tenable Blog
Apr 30, 2025
Traditional approaches to cloud access rely on static, permanent permissions that are often overprivileged. Learn how justintime access completely changes the game. The access challenge in modern cloud environments As cloud adoption accelerates, organizations are grappling with a fundamental securit
Tenable Blog
Apr 30, 2025
MCP tools are implicated in several new attack techniques. Heres a look at how they can be manipulated for good, such as logging tool usage and filtering unauthorized commands. Background Over the last few months, there has been a lot of activity in the Model Context Protocol MCP space, both in term
Tenable Blog
May 2, 2025
In this special edition of the Cybersecurity Snapshot, were highlighting some of the most valuable guidance offered by the U.S. Cybersecurity and Infrastructure Security Agency in the past 12 months. Check out best practices, recommendations and insights on protecting your cloud environments, OT sys
Tenable Blog
邮件安全
病毒
Apr 28, 2025
企业邮箱如同数字城堡而邮件安全网关则是城墙上的智能哨兵它需精准拦截恶意钓鱼邮件病毒附件等外敌还要
安全牛
移动安全
标题
Tags
发布时间
摘要
来源
- 作者:黑客驰
- 链接:https://hackerchi.top/article/HackerNews
- 声明:本文采用 CC BY-NC-SA 4.0 许可协议,转载请注明出处。
相关文章
