Aggregator

美英权威机构警示Mythos级AI攻击能力倒逼防御体系主动变革

总体支出接近持平，各机构分化明显

Google is broadening its spam policies to crack down on “back button hijacking,” a deceptive practice where websites interfere with browser navigation, blocking users from returning to the page they came from. Instead, users are usually redirected to pages they have not visited or are shown unsolicited recommendations or ads. “Back button hijacking interferes with the browser’s functionality, breaks the expected user journey, and results in user frustration. People report feeling manipulated and less willing … More →

The post Google to penalize sites that hijack the back button appeared first on Help Net Security.

Миллиарды нейронов, 20 лет исследований — и вот она, фундаментальная ошибка.

ViperTunnel is a Python-based backdoor linked to DragonForce ransomware that targets businesses using Windows servers across the US and the UK.

Why Cyber Risk Is Now Shaped as Much by Nations as by Hackers
Wars are becoming more frequent, and are no longer only kinetic. They are just as active in the cyber world, with impacts much larger than can be imagined. This also leads to state-sponsored hacktivists targeting the critical infrastructure of nations.

Veteran Hardware Hacker's Chip Facilitates More Trustworthy and Secure Devices
How can we trust hardware to not betray us? Enter the Baochip-1x, a piece of largely open-source silicon created by Andrew "Bunnie" Huang, which he said is designed to give developers an affordable, security-focused and attestable chip, not least for building high-assurance, embedded devices.

European Governments Grow Suspicious of Silicon Valley
French abandonment of American software for open-source alternatives continues apace, with all government ministries now facing a fall deadline for outlining plans to reduce their dependence on U.S. tech. France must "regain control of our digital destiny," said public action minister David Amiel.

Patients Allege Health Entities Did Not Get Consent to Record Conversations
Proposed federal class action litigation alleges that two California healthcare organizations violated patient privacy in their use of an AI-enabled ambient tool that records, transcribes, and processes sensitive conversations between clinicians and patients without individuals' consent.

Ex-Microsoft CIO: Mythos Could Surface Known Flaws Faster Than Vendors Can Fix Them
Former Microsoft CIO Jim DuBois and IDC's Frank Dickson say Claude Mythos Preview could rapidly surface long-known but unfixed software flaws at scale, forcing vendors and enterprises to strengthen patch validation, orchestration and deployment before attackers exploit the backlog.

SaaS凭证外泄致GTA运营数据裸奔。

看雪论坛作者ID：saulgoodman_

OX Security recently analyzed 216 million security findings across 250 organizations over a 90-day period. The primary takeaway: while raw alert volume grew by 52% year-over-year, prioritized critical risk grew by nearly 400%. The surge in AI-assisted development is creating a "velocity gap" where the density of high-impact vulnerabilities is scaling faster than

With global cyber threats escalating and budget cuts looming, CISA needs a Senate-confirmed director. It’s time to confirm Sean Plankey.

The post Secretary Mullin must help finish the job: Urge the Senate to confirm Plankey appeared first on CyberScoop.

根据发表在《Scientific Reports》期刊上的一项研究，龙虾能感受到疼痛，而人类止痛药也能帮助它止痛。这项研究再次表明需要为甲壳类动物开发出更人道的宰杀方法。新研究发现，当挪威龙虾在水中遭受电击时它们会快速摆动尾巴试图逃脱。但如果用止痛药阿司匹林和利多卡因预先为龙虾镇痛，尾巴摆动会减少甚至消失。论文合作者 Lynne Sneddon 称人类止痛药对挪威龙虾也有效，这表明人类生理功能与龙虾十分相似。人类应像对待鸡和牛一样重视对甲壳类动物的饲养和宰杀方式。

IronPE is a minimal Windows PE manual loader written in Rust for both x86 and x64 PE files.

The post Inside the Windows Loader: Replicating Portable Executable Mapping with IronPE in Rust appeared first on Penetration Testing Tools.

An exposed administrative console, accessible without even the most rudimentary password, has transformed a clandestine operation into a

The post Inside the Master Panel: How an Unprotected Server Exposed a Massive X Hijacking Operation appeared first on Penetration Testing Tools.

APT41 is once again pushing its Linux capabilities forward, this time by quietly turning cloud servers into powerful credential theft platforms. The group’s latest Winnti-family backdoor is a zero‑detection ELF implant designed specifically for Linux workloads running on AWS, Google Cloud, Microsoft Azure, and Alibaba Cloud, with a clear focus on stealing cloud credentials at […]

The post APT41 Turns Linux Cloud Servers Into Credential Theft Targets With New Winnti Backdoor appeared first on Cyber Security News.

A diminutive cluster of servers has managed, in a matter of mere hours, to redraw the conventional cartography

The post The 21 Phantom Servers: How a Tiny Botnet Just Hijacked Global RDP Reconnaissance appeared first on Penetration Testing Tools.