Aggregator

关键词Tik Tok2025 年 1 月起，《保护美国人免受外国对手控制应用法案》（Protecting Am

关键词国家安全国家安全部7月10日通报，近期破获多起境外间谍情报机关针对我国公职人员的渗透策反案件，现披露三起

Generative AI is not arriving with a bang, it’s slowly creeping into the software that companies already use on a daily basis. Whether it is video conferencing or CRM, vendors are scrambling to integrate AI copilots and assistants into their SaaS applications. Slack can now provide AI summaries of chat threads, Zoom can provide meeting summaries, and office suites such as Microsoft 365 contain

生成式AI正逐步融入企业日常使用的软件中，如视频会议和CRM系统。虽然提升了生产力，但也带来了数据安全、隐私和合规性等风险。企业需建立有效的AI治理框架以应对这些挑战，并通过工具如Reco简化管理流程。

文章介绍了英国国家网络安全中心（NCSC）发布的API安全最佳实践指南，涵盖了安全开发、认证授权、数据保护等七个核心支柱，并结合Wallarm平台的功能说明如何实现这些安全措施。

Cybersecurity researchers have discovered new artifacts associated with an Apple macOS malware called ZuRu, which is known to propagate via trojanized versions of legitimate software. SentinelOne, in a new report shared with The Hacker News, said the malware has been observed masquerading as the cross‑platform SSH client and server‑management tool Termius in late May 2025. "ZuRu malware

苹果macOS恶意软件ZuRu通过伪装成Termius等合法软件传播，利用Khepri工具实现远程控制，并通过动态链接库注入和修改应用签名绕过检测。

GitLab has released critical security patches addressing four vulnerabilities, including a high-severity cross-site scripting flaw that could enable attackers to execute malicious actions on behalf of users through content injection. The company has issued patch releases 18.1.2, 18.0.4, and 17.11.6 for both Community Edition (CE) and Enterprise Edition (EE), urging immediate upgrades for all self-managed […]

The post GitLab Vulnerabilities Allow Execution of Malicious Actions via Content Injection appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

近日，网络安全研究人员发现一款名为“SparkKitty”的新型木马程序，该木马程序自2024年初以来持续活跃

This post first appeared on blog.netwrix.com and was written by Jeremy Moskowitz.
The endpoint is no longer just a device—it’s the new battleground. As remote work, BYOD (Bring-Your-Own-Device), and cloud-first strategies redefine the modern enterprise, traditional perimeter defenses are crumbling. Attackers know this, and they’re targeting endpoints as the easiest way in. That’s why Zero Trust must begin where the risk is greatest: at the device level. … Continued

The shift to agentic AI isn’t just a technical challenge — it’s a leadership opportunity for CISOs to redefine their role from control enforcer to strategic enabler.

The post The Rise of Agentic AI: A New Frontier for API Security appeared first on Security Boulevard.

人工智能快速发展，生成式AI和自主代理广泛应用。API成为关键数据接口，但也面临安全威胁。攻击者利用AI技术发起更复杂的攻击，如操纵RAG模型或误导输入。企业需加强API安全防护，采用行为分析和动态防御机制，并由CISO推动安全策略转型以应对新兴风险。

Сказал «я сдаюсь» — получил ключи Windows. Что дальше? Сказал «спасибо» — ИИ включил Pro-версию?

Semiconductor company AMD is warning of a new set of vulnerabilities affecting a broad range of chipsets that could lead to information disclosure. The flaws, collectively called Transient Scheduler Attacks (TSA), manifest in the form of a speculative side channel in its CPUs that leverage execution timing of instructions under specific microarchitectural conditions. "In some cases, an attacker

AMD警告新的漏洞TSA影响其多款处理器,属于推测执行侧信道攻击,可能导致信息泄露。已发布微代码更新修复。

在AI编码浪潮中，如何守住安全底线？

Multiple critical vulnerabilities discovered in Ruckus Wireless management products pose severe security risks to enterprise networks, with issues ranging from authentication bypass to remote code execution that could lead to complete system compromise. The vulnerabilities affect Virtual SmartZone (vSZ) and Network Director (RND) software used to manage large-scale wireless deployments across schools, hospitals, and smart […]

The post Critical Ruckus Wireless Flaws Threaten Enterprise Wi‑Fi Security appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

单点故障（SPOF）指系统中若某关键部分失效将导致整体瘫痪的情况。常见于服务器、网络设备或关键人员等环节。其危险性在于引发停机、数据丢失等问题。通过冗余备份、负载均衡及文档共享等方法可有效识别并减少SPOF风险。

Он не чувствует вкус, но сочиняет уникальные гастрономические шедевры.

美国网络司令部拟在2026财年开展网络作战人工智能试点项目