Aggregator

一款帮助开发者选择颜色并获得 Google 验证徽章的取色器 (color pickers) 扩展看似无害，但安全研究人员称它会劫持浏览器会话、追踪网络活动，在受害者浏览器上植入后门。这款名为 Geco 扩展的下载量逾 10 万次，有 800 条评论，获得 4.2/5 星评价，安全公司 Koi Security 的研究人员称这是名为 RedDirection 的劫持浏览器的网络攻击行动的一部分，该行动涉及 18 个恶意扩展，逾 230 万 Chrome 和 Edge 用户受到影响。研究人员称，这些扩展最初不包含恶意代码，因此能获得 Google 的认证，它们是在后续更新中加入恶意代码的。

多模态知识处理黑科技，360 AI企业知识库加速数字化升级

360发布6月勒索软件流行态势报告，揭示双重勒索攻击格局重构

速修复

速修复

In the previous parts of this series, we've explored the exciting new ways Large Language Models (LLMs) can integrate with APIs and act as intelligent As we integrate LLMs deeper into our applications, the attack surface naturally expands.

Всего несколько тапов — и вы сами дали хакерам все разрешения.

Currently trending CVE - Hype Score: 4 - Next.js is a React framework for building full-stack web applications. From versions 15.0.4-canary.51 to before 15.1.8, a cache poisoning bug leading to a Denial of Service (DoS) condition was found in Next.js. This issue does not impact customers hosted on Vercel. Under certain ...

Zero Data Retention offers a new path forward. One that enables intelligent automation, deep integrations and real-time workflows — without the baggage of persistent data storage

The post What is Zero Data Retention and Why it May Be the Future of Secure Automation appeared first on Security Boulevard.

检测业务是否受到此漏洞影响，请联系长亭应急服务团队！

Militairen hebben de afgelopen 2 weken 106 drones onschadelijk gemaakt boven marinekazerne Suffisant op Curaçao. De beveiliging van het luchtruim was nodig vanwege de spraakmakende Themis-strafzaak die daar plaatsvond. Een overzicht van Defensieoperaties in de week van 2 tot en met 8 juli 2025.

The addition of a backdoor to the Atomic macOS Stealer marks a pivotal shift in one of the most active macOS threats, said Moonlock

Apache Tomcat has addressed three critical denial-of-service (DoS) vulnerabilities that could allow malicious actors to disrupt web applications and services.  These security flaws, tracked as CVE-2025-52434, CVE-2025-52520, and CVE-2025-53506, affect all Apache Tomcat versions from 9.0.0.M1 to 9.0.106.  The vulnerabilities exploit different attack vectors, including HTTP/2 protocol weaknesses, file upload mechanisms, and stream handling capabilities.  […]

The post Multiple Apache Tomcat Vulnerabilities Let Attackers Trigger DoS Attacks appeared first on Cyber Security News.

两行代码致 VS Code 扩展遭供应链攻击

看雪论坛作者ID：asciibase64