Aggregator

AI 漏洞挖掘开始交付"工程化结果" 从音频解码到工业 CAD，从车端 CAN 帧到企业 Java 中间件——这一次，AI 红队没有靠"灵感"。

Websites have spent years collecting information about visitors through browser fingerprinting, tracking scripts, and other techniques designed to identify devices and monitor behavior. Researchers have demonstrated another method that relies on something most users would never expect a website to observe: activity on their SSD (Solid-State Drive), the storage device where applications and files are stored. Dubbed FROST, short for Fingerprinting Remotely using OPFS-based SSD Timing, the technique allows a website to infer information about … More →

The post Websites can spy on user activity by analyzing SSD behavior appeared first on Help Net Security.

A researcher dropped 6 Windows zero-days with no warning. Three are now exploited in the wild. Microsoft is angry. The researcher says Microsoft ignored them first. Over the past month, a researcher going by Chaotic Eclipse, also known as Nightmare-Eclipse, publicly released details of six unpatched vulnerabilities in Windows components including Defender and BitLocker. No […]

有影响的中国游客可能在数万至十万人级别

Разработчик-одиночка потратил целых восемь месяцев для переноса ReactOS на ARM64.

Shadow AI used to mean employees pasting things they shouldn't into ChatGPT. It now means something bigger: employees building full applications with AI, wiring them into production systems, and publishing them on the open internet. Without Security or IT in the loop. The artifact moved from a prompt to a product. The risk surface moved with it. In The Shadow Builders report (get it here), a

根据发表在《自然》期刊上的一项研究，苏黎世联邦理工学院的研究人员利用量子贝尔测试装置首次生成了经过证明的完美随机性。这一随机性是基于量子物理的非确定性。研究人员使用了两个冷却到绝对零度附近的超导芯片装置，。每个芯片代表一个量子比特，它可以处于 0 或 1 或者两者的叠加态。两个芯片使用一个 30 米长的冷却管连接。微波光子在两芯片之间传播，形成量子纠缠。这意味着对一个量子比特进行量子测量，随机得到 0 或 1 的值，会自动且远距离影响另一个量子比特的测量结果。30 米的距离确保了在测量过程中，即使以光速传播，量子比特之间不会交换任何信息。任何信息交换都会破坏这种完美的随机性。研究人员称，测量获得的 0 或 1 的序列是真正完美的随机序列，他们可以证明。

【火绒安全周报】“银狐”木马病毒出现新变种/黑客借“破解版”游戏传播恶意软件

火绒小问答——「企业版」暴破攻击防护如何使用

毒霸静默安装升级：内核驱动绕过安全防护

用框架约束发散，换工程极致稳定

A Google security engineer was charged with insider trading after winning $1.2 million using confidential company data to place bets on the cryptocurrency-based Polymarket decentralized prediction market. [...]

2026年5月29日，深瞳漏洞实验室监测到一则Linux Kernel组件存在权限提升漏洞的信息，漏洞威胁等级：高危。

2026年5月29日，深瞳漏洞实验室监测到一则Apache PyFory组件存在反序列化漏洞的信息，漏洞编号：CVE-2026-48207，漏洞威胁等级：高危。

A newly documented phishing campaign is targeting professionals with fake LinkedIn business emails and abusing a trusted service operated by Adobe. The attack from the victim’s perspective The attack starts with an email that looks, at first glance, like a routine business inquiry: someone wants to do business with you through LinkedIn and has attached a signed contract for your review. The phishing email (Source: Malwarebytes) The message is short and professional and the sender … More →

The post LinkedIn-themed phishing abuses Adobe’s A/B testing platform appeared first on Help Net Security.

多轮钓鱼攻击，瞄准军方与政企机构

技术岗直投