Aggregator

国家支持的网络威胁组织CL-STA-0969在2024年针对东南亚电信公司发起攻击，利用多种工具和漏洞，目标为关键基础设施。

State-backed group CL-STA-0969 hit Southeast Asian telecoms in 2024, targeting critical infrastructure, says Palo Alto Networks’ Unit 42. Palo Alto Networks reported that a nation-state actor, tracked as CL-STA-0969, targeted telecom firms in Southeast Asia, with attacks on critical infrastructure from February to November 2024. Threat actor CL-STA-0969 overlaps with the China-linked cyber espionage group […]

当前环境异常，需完成验证后方可继续访问。

GitHub 发言人披露，微软的 AI 编程助手 GitHub Copilot 目前有 2000 万“历史用户（all-time users）”。2025 年 4 月该公司披露 GitHub Copilot 的用户有 1500 万，这意味着过去三个月增加了 500 万新用户。但用户在试用之后就放弃还是一直高频使用，微软没有对此做出进一步说明。微软称，GitHub Copilot 是目前最受欢迎的 AI 辅助编程工具之一，被九成的财富百强企业使用。该产品在企业客户中的使用率比上季度增长了约 75%。

A vulnerability, which was classified as problematic, has been found in elunez eladmin up to 2.7. Affected by this issue is some unknown functionality of the file eladmin-system\src\main\resources\config\application-prod.yml of the component Druid. The manipulation of the argument login-username/login-password leads to use of default credentials. This vulnerability is handled as CVE-2025-8530. The attack may be launched remotely. Furthermore, there is an exploit available.

CERT-AGID监测到77次恶意活动，其中45次针对意大利；828个妥协指标被提供给授权机构；涉及AgentTesla等恶意软件及钓鱼攻击；攻击主题包括银行、罚款、支付等；主要通过邮件传播。

Meta снова изобретает будущее. Надеемся, не как с метавселенной.

Submit #622177 / VDB-318656

A2A сводит разрозненные экосистемы в одну шину общения — от Box AI до крупных облаков.

OpenAI移除对话搜索功能；特朗普政府推动医疗数据自愿上传；佛州监狱泄露访客信息；骗子利用错误短信诱骗；苹果修复29个安全漏洞。

2025年8月21日，CSOP 北京站议程公开！

A significant security breach has compromised Microsoft’s PlayReady Digital Rights Management (DRM) system, exposing critical certificates that protect premium streaming content across major platforms including Netflix, Amazon Prime Video, and Disney+. The leak, which surfaced on GitHub through an account named “Widevineleak,” has triggered immediate responses from both Microsoft and affected streaming services, highlighting the […]

The post Microsoft PlayReady DRM Used by Netflix, Amazon, and Disney+ Leaked Online appeared first on Cyber Security News.

文章描述了AI代码编辑器Cursor中的一个数据外泄漏洞：通过Mermaid图表渲染功能，攻击者可窃取用户记忆或API密钥。作者展示了两个演示案例，并最终修复了该问题（CVE-2025-54132）。

Cursor is a popular AI code editor. In this post I want to share how I found an interesting data exfiltration issue, the demo exploits built and how it got fixed.

When using Cursor I noticed that it can render Mermaid diagrams.

Cursor Renders Mermaid Diagrams

If you are not familiar with Mermaid, it has a simple syntax:

graph TD User --> Computer

This will create a diagram as follows:

NIS 2指令通过整合网络安全与数据保护要求，推动企业从分散合规转向整体治理策略。结合GDPR、AI Act和Cyber Resilience Act等法规，企业需优化资源管理、提升风险评估能力，并构建统一框架以应对多法规挑战。

Threat hunters saw North Korean operatives almost daily, reflecting a 220% year-over-year increase in activity, CrowdStrike said in a new report.

The post CrowdStrike investigated 320 North Korean IT worker cases in the past year appeared first on CyberScoop.

当前环境异常，需完成验证后方可继续访问。

为减少噪音,社区关闭自我发帖,改为每周统一问题线程,并建议特定工具或目标相关问题转至StackExchange或r/AskReverseEngineering.

文章探讨了专业美术背景者在幼儿美育启蒙中的挑战与反思。指出专业美术注重技法与结果，而启蒙更关注孩子的想象力、表达与情感体验。强调父母应支持孩子自由创作，避免用成人标准干预其创作过程，并通过引导帮助孩子发现与表达对世界的认知与感受。