Aggregator

美国网络司令部通过“稳健基础设施”计划全面支撑网络空间攻防作战

漏洞利用成最流行攻击手段，去年至少导致6800起数据泄露事件

基于 Chromium 的浏览器 Vivaldi 释出了 8.0 版本。Vivaldi 由 Opera 联合创始人谭咏文（Jon von Tetzchner）创办。Vivaldi 8.0 的新特性包括：被称为 Unified 的新外观，所有元素都统一在一个视觉平面上；提供了六种预设布局，其中之一是垂直标签，用户可选择垂直左侧、垂直右侧两种垂直标签布局，其它还有经典、简洁、自动隐藏以及底部四种布局。

A dangerous piece of malware known as BadIIS has been actively targeting Internet Information Services (IIS) web servers, quietly hijacking them and redirecting unsuspecting visitors to illegal gambling sites, adult content platforms, and other illicit destinations. The attacks have been going on for years across the Asia-Pacific region and beyond, placing thousands of legitimate websites […]

The post BadIIS Malware Turns Hijacks IIS Servers and Redirect Users to Illicit Sites appeared first on Cyber Security News.

Личная связь получила новый слой приватности, но привычный сценарий общения остался прежним.

某oa存在任意文件读取漏洞，第一个log文件中泄露了部分加密过的用户的登录密码等信息，对其密码进行分析破解。

致力于第一时间为企业级用户提供权威漏洞情报和有效解决方案。

Cisco has disclosed a critical security vulnerability in its Secure Workload platform that could allow unauthenticated attackers to gain unauthorized access to sensitive resources via internal APIs. The flaw, tracked as CVE-2026-20223, carries a maximum CVSS score of 10.0 and is categorized under CWE-306 (Missing Authentication for Critical Function). The issue stems from improper authentication […]

The post Critical Cisco Secure Workload Vulnerability Enables Unauthorized API Access appeared first on Cyber Security News.

A highly critical security vulnerability in Drupal core is set to impact websites worldwide, with the official security release scheduled for May 20, 2026. The vulnerability has been assigned a “Highly Critical” severity rating (20/25), indicating potential risks to confidentiality and integrity across affected systems. While technical details remain undisclosed until the official release window, […]

The post Critical Drupal Core Security Vulnerability Exposes Websites to Cyberattack appeared first on Cyber Security News.

Mozilla закрыла проблемы, которые слишком легко недооценить по сухому описанию.

背景介绍2026年5月7日，XLab监测到一起针对重要客户Ghost CMS的投毒事件。

ИИ-модель OpenAI опровергла гипотезу Эрдёша о единичных расстояниях.

没有什么护城河是一定存在的，能构建的壁垒只有两个：速度和 AI 人才密度。

SpaceX 周三晚上向美国证券交易委员会（SEC）递交了招股说明书，首次披露了其财务状况。根据招股说明书，在合并了马斯克（Elon Musk）旗下的 xAI 和 X/Twitter 之后，SpaceX 最大的收入来源就是今年五月与 Anthropic 达成的为期三年的数据中心交易，租用 Colossus 1 园区的算力，每月支付 12.5 亿美元。但这笔交易并非是保障性，任何一方都可以提前 90 天通知终止交易。其它数据包括：2025 年营收 187 亿美元，营业亏损 26 亿美元，净亏损 49 亿美元。其中卫星宽带 Starlink / Connectivity 业务营收 114 亿美元营业利润 44 亿美元，太空发射业务营收 41 亿美元运营亏损 6.57 亿美元，AI 以及社媒业务营收 32 亿美元营业亏损 64 亿美元。招股书数百次提及 AI。马斯克持有 12.3% 的 A 类股和 93.6% 的 B 类股，B 类股投票权十倍于 A 类股，马斯克总共控制着公司 85.1% 的投票权。如果他出售任何 B 类股，它们将自动转换为 A 类股。

Organizations that handle sensitive data consistently face a dilemma: lock data down and lose productivity, or share it freely and lose control. Virtru unveiled Virtru Collaborate, a new offering that eliminates that tradeoff, a FedRAMP authorized space where sensitive files are encrypted and protected by the Trusted Data Format (TDF), and where that protection travels seamlessly with the data as teams work together across organizational boundaries. Virtru Collaborate is the first solution built on the … More →

The post Virtru centers file collaboration around data-level protection appeared first on Help Net Security.

A vulnerability was found in Mattermost up to 10.11.13/11.4.3/11.5.1. It has been classified as problematic. Impacted is an unknown function of the component Run Creation API. The manipulation leads to incorrect authorization. This vulnerability is referenced as CVE-2026-4055. Remote exploitation of the attack is possible. No exploit is available. Upgrading the affected component is recommended.

ASAPP has launched Continuous Red Teaming, a new capability that integrates adversarial AI testing directly into ASAPP’s model evaluation framework. The new capability is built on Promptfoo, an AI security platform that helps enterprises detect and address vulnerabilities in AI systems during development. Promptfoo continuously runs automated tests across ASAPP’s AI systems, screening for more than 50 vulnerability types to give enterprise customers the real-time data they need to trust their AI in production. As … More →

The post ASAPP expands adversarial testing for enterprise AI systems appeared first on Help Net Security.

Производителей техники хотят обязать раскрывать сервисную документацию.

Tenable has announced the general availability of Tenable Hexa AI, the agentic AI engine of the Tenable One Exposure Management Platform. Tenable Hexa AI is an advanced agentic AI for cybersecurity solution, equipped with advanced multi-step reasoning and Model Context Protocol (MCP) support, enabling custom agent building and workflows that accelerate risk reduction at machine speed. LLMs and AI frontier models, such as Anthropic’s Mythos Preview, are accelerating the discovery of previously unknown vulnerabilities at … More →

The post Tenable Hexa AI automates remediation across attack surfaces appeared first on Help Net Security.