Aggregator

行业首家！360漏洞挖掘智能体率先完成在野0-day漏洞根因分析与复现

360数字安全

2 weeks 2 days ago

360漏洞挖掘智能体完成Adobe Reader在野0day漏洞根因分析与复现

Google Chrome Rolls Out Protection Against Infostealers Targeting Session Cookies

Information Security Magazine

2 weeks 2 days ago

Chrome’s Device Bound Session Credentials is designed to block infostealers from harvesting session cookie

CVE-2023-30845

CVE Trends

2 weeks 2 days ago

Currently trending CVE - Hype Score: 7 - ESPv2 is a service proxy that provides API management capabilities using Google Service Infrastructure. ESPv2 2.20.0 through 2.42.0 contains an authentication bypass vulnerability. API clients can craft a malicious `X-HTTP-Method-Override` header value to bypass JWT ...

CVE-2025-20255

CVE Trends

2 weeks 2 days ago

Currently trending CVE - Hype Score: 3 - A vulnerability in client join services of Cisco Webex Meetings could allow an unauthenticated, remote attacker to manipulate cached HTTP responses within the meeting join service. This vulnerability is due to improper handling of malicious HTTP requests to the affected ...

Три главных тренда анонимности и кибербезопасности в 2026

Securitylab.ru

2 weeks 2 days ago

DeepFake-личности, защита крипты после ФЗ-38 и активные атаки на злоумышленников: что нужно знать уже сейчас

关注 | 2026年3月全国受理网络违法和不良信息举报1728.4万件

中国信息安全

2 weeks 2 days ago

2026年3月全国受理网络违法和不良信息举报1728.4万件

关注 | 近期集中爆发多起供应链投毒攻击事件

中国信息安全

2 weeks 2 days ago

国家通报中心监测发现，近期集中爆发多起供应链投毒攻击事件，攻击目标包括API研发工具Apifox、Python开发库LiteLLM以及JavaScript HTTP库Axios，涉及开源软件仓库和商用工具两大核心供应链场景。

专家解读 | 以登记制度创新破局数据产权确权难题——《数据产权登记工作指引（试行）》解读

中国信息安全

2 weeks 2 days ago

为落实数据产权制度、构建全国统一的数据产权登记体系，《数据产权登记工作指引（试行）》聚焦实践需求，为数据产权登记工作开展提供了清晰路径。

CNNVD | 关于Apache ActiveMQ安全漏洞的通报

中国信息安全

2 weeks 2 days ago

近日，国家信息安全漏洞库（CNNVD）收到关于Apache ActiveMQ安全漏洞（CNNVD-202604-1392、CVE-2026-34197）情况的报送。

专题·具身智能安全 | 构建全链路防御护航具身智能范式跨越与安全落地

中国信息安全

2 weeks 2 days ago

在大模型时代，具身智能正面临智能范式重塑与物理边界急剧扩张的双重挑战。在多模态大模型能力持续提升的背景下，具身智能系统的落地应用既催生了跨域攻击、多模态越狱攻击等新型安全风险，也推动了学术与产业界构建防范新型风险的全链路安全防御体系。

【安全圈】Adobe Acrobat Reader 零日漏洞已被黑客利用

安全圈

2 weeks 2 days ago

关键词漏洞据科技媒体 Bleeping Computer 昨天报道，安全研究员 Haifei Li 最近发现，

【安全圈】国家网络安全通报中心：近期集中爆发多起供应链投毒攻击事件

安全圈

2 weeks 2 days ago

【安全圈】老板倒卖26万条客户信息获利600万

安全圈

2 weeks 2 days ago

关键词黑产像汇报业绩一样，每天在公司工作群里汇报客户信息销售数据……一家正规化妆品公司，竟将倒卖客户隐私做成了

Why Managed Agents Needs Distributed Infrastructure

The Akamai Blog

2 weeks 2 days ago

Robert Blumofe

Browser Extensions Are the New AI Consumption Channel That No One Is Talking About

The Hackers News

2 weeks 2 days ago

While much of the discussion on AI security centers around protecting ‘shadow’ AI and GenAI consumption, there's a wide-open window nobody's guarding: AI browser extensions. A new report from LayerX exposes just how deep this blind spot goes, and why AI extensions may be the most dangerous AI threat surface in your network that isn't on anyone's

The Hacker News

Google rolls out Gmail end-to-end encryption on mobile devices

Bleeping Computer.

2 weeks 2 days ago

Google says Gmail end-to-end encryption (E2EE) is now available on all Android and iOS devices, allowing enterprise users to read and compose emails without additional tools. [...]

Sergiu Gatlan