Aggregator

从web3安全角度解析Uniswap V2源码，阐述AMM机制与防重入。重点剖析swap验证、mint铸造及最小流动性防御，理清架构逻辑，理解实现以及安全问题。

如何在不影响功能的情况的基础上不上漏洞

Binary Defense has announced the launch of NightBeacon Detect, a new module within NightBeacon, the company’s AI-driven SOC platform. The first capability released is Detection Coverage Index, a confidence-based view of how well an organization is covered against specific threat actors, their tactics, techniques, and sub-techniques, and how that coverage changes over time. NightBeacon Detect solves the problem with how detection coverage is measured Security teams invest heavily in detection tools, rules, and telemetry, yet … More →

The post Binary Defense expands NightBeacon with threat-aligned Detection Coverage Index appeared first on Help Net Security.

当 AI Agent 拥有了读写文件、执行命令、访问网络的能力，如何用平台自身的扩展机制构建安全防线？

在`nf_tables`架构中，内核允许用户自定义设置过滤规则，用户可以通过设定规则来决定数据包的处理方式（这个处理方式由`verdicts code`决定），而规则是由一系列表达式组成的，中有一种表达式叫 `nft_immediate`（立即数表达式）。它的作用是：“如果匹配成功，就将某个值设置到`NFT_REG_VERGICT`中（一个用来存放verdict的值的寄存器）”。每条 rule 执

108 malicious Chrome extensions steal sessions, Google data, inject ads via single C2 infrastructure

Booking.com confirms a data breach exposing customer details to hackers. No payment data accessed, but users face risk of targeted phishing scams now!

腾讯云安全监测：3月10个高危安全漏洞，涉及青龙面板、DB-GPT、OpenClaw、BentoML、Nginx-UI、Langflow、n8n、F5 BIG-IP等，多个可致RCE，请立即排查修复。

5000 лет одомашнивания, ноль послушания и один провальный эксперимент.

360以AI智能体助力亚太数字经济发展

Modern phishing campaigns increasingly abuse legitimate services. Cloud platforms, file-sharing tools, trusted domains, and widely used SaaS applications are now part of the attacker’s toolkit. Instead of breaking trust, attackers borrow it.  This shift creates a dangerous asymmetry. Security controls often whitelist or inherently trust these services, while users are far less likely to question them. The […]

The post When Trust Becomes a Weapon: Google Cloud Storage Phishing Deploying Remcos RAT appeared first on ANY.RUN's Cybersecurity Blog.

Leak of 8.1GB data tied to Rockstar Games includes anti-cheat code, game data, analytics and more, reportedly exposed by ShinyHunters. An 8.1GB data leak reportedly linked to Rockstar Games has surfaced, with files shared by ShinyHunters after being obtained via Anodot. The dataset includes anti-cheat source code, player analytics, game assets, Zendesk support tickets and […]

关键词黑客据外媒 The Guardian 报道，全球最大的在线旅游公司 Booking.com 昨日确认公司

关键词漏洞安全研究人员 Patrick Saif（@weezerOSINT）昨日（4 月 13 日）在 X 平

Если в препринте написано «всё выдумано», а ИИ всё равно верит — кто виноват: модель или система?

第三方 SDK 重大漏洞曝光：超 3000 万加密

迷雾中的航行：Fog 勒索软件关联攻击者

本文提出KNOWHOW，一种面向在线溯源分析的CTI知识驱动方法，旨在自动将CTI报告中的高层攻击知识应用到底层系统事件检测中。