Aggregator

Нобелевский лауреат объясняет, почему мы стоим на пороге «радикального изобилия».

美国网络安全机构CISA将三个影响D-Link路由器的旧安全漏洞加入已知被利用漏洞目录。这些高危漏洞包括远程密码泄露、命令注入等风险，其中部分仍无补丁可用。

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added three old security flaws impacting D-Link Wi-Fi cameras and video recorders to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation in the wild. The high-severity vulnerabilities, which are from 2020 and 2022, are listed below - CVE-2020-25078 (CVSS score: 7.5) - An

JetBrains 推出基于 AI 的无代码平台 Kineto，帮助非技术人员通过简单提示快速构建网站和应用程序。该平台目前处于抢先体验阶段，用户可报名参与并根据生成的原型进行调整。

特朗普政府为应对中美贸易谈判及地缘政治威胁，收紧对先进半导体的出口管制。然而，依赖私营企业执行的管制效果有限，违规现象频发。需通过加大违规处罚、推动企业投资合规机制及加强监管力度来应对挑战。

Most security teams believe they can act quickly when a threat emerges. But many don’t trust the very data they rely on to do so, and that’s holding them back. A new Axonius report, based on a survey of 500 U.S.-based IT and security leaders, shows a disconnect between perceived readiness and actual performance in vulnerability and exposure management. While 90% of respondents said their organization is prepared to act when a threat is found, … More →

The post CISOs say they’re prepared, their data says otherwise appeared first on Help Net Security.

inettool.com 是一个完全客户端运行的 Web 工具集合网站，提供匿名 P2P 文件共享、屏幕共享、浏览器指纹测试等工具，并注重隐私保护（无 cookies 和跟踪）。

闪迪推出256TB QLC固态硬盘DC SN670，采用BiCS 8技术提升存储密度，优化性能以满足数据中心及AI应用需求。

本文链接

百度作为一家业务复杂的大型互联网企业，同时又是关键基础设施，随着网络安全威胁的日益加剧，传统的安全运营手段在效率和效果上都面临巨大挑战。本次分享将介绍百度如何基于大模型构建深度安全推理智能体框架，实现运营效率和效果的双重提升，并展示包括告警自动研判和漏洞事件分析在内的实践经验，希望能给听众带来一些大模型安全领域应用最佳实践的启示。

演讲提纲

1. 背景和挑战

大模型开始逐步应用于安全运营场景 百度安全运营面临的双效（效率+效果）提升需求 2. 架构设计

设计目标：基于深度安全推理智能体框架，实现双效提升 设计考虑：人机协同的工作流设计（运营流程梳理、质量标准定义、人机交互模式）、模型能力边界与拓展（模型结果可信度和可解释性、知识和工具依赖）、实施成本 整体架构（自底向上）： 底座模型的知识补充 RAG、CoT、Function calling 流程编排 智能体 Review 机制 3. 实践案例

告警自动/辅助研判 + 事件处置 漏洞事件自动分析 + 处置 4. 未来展望

大模型原生的安全运营中心 实践痛点

明确目标，围绕安全运营场景的风险偏好，制定更贴合实际的落地目标，避免直接盲目追求大而全的零职守无人干预 以数据驱动能力迭代，缺少可用数据时应当从实际场景中提升标准化和自动化水平，引入业务的数据活水，避免直接使用脱离业务的合成数据 演讲亮点

从架构设计层面剖析安全运营场景双效提升应遵循的必要准则，提供构建深度安全推理智能体框架的完整视角 细粒度展现告警研判、漏洞分析处置等实际场景的双效提升最佳实践 听众收益

了解互联网大厂的安全运营需求痛点与大模型实践经验 了解规模化且对效果要求较高的安全运营场景下，大模型智能体设计考虑与整体架构

A vulnerability was found in CleverReach WP Plugin up to 1.5.20 on WordPress. It has been classified as critical. Affected is an unknown function. The manipulation of the argument Title leads to sql injection. This vulnerability is traded as CVE-2025-7036. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in Flex Guten Plugin up to 1.2.5 on WordPress. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation of the argument thumbnailHoverEffect leads to cross site scripting. This vulnerability is known as CVE-2025-6256. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in esri-map-view Plugin up to 1.2.3 on WordPress. It has been rated as problematic. Affected by this issue is the function esri-map-view of the component Shortcode Handler. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2025-6259. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as problematic has been found in WP Tournament Registration Plugin up to 1.3.0 on WordPress. This affects an unknown part of the component Registration Handler. The manipulation of the argument Field leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-6690. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in FileBird Plugin up to 6.4.8 on WordPress. It has been declared as critical. This vulnerability affects unknown code. The manipulation of the argument Search leads to sql injection. This vulnerability was named CVE-2025-6986. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in WPBakery Page Builder Plugin up to 8.5 on WordPress. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2025-7502. The attack may be initiated remotely. There is no exploit available.

A vulnerability, which was classified as critical, was found in Foxit Reader 5.4.4.1128. This affects an unknown part in the library npFoxitReaderPlugin.dll. The manipulation leads to memory corruption. This vulnerability is uniquely identified as CVE-2013-10068. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

8月9日杭州·明豪voco酒店，我们不见不散！

90% of cyber leaders find managing cyber risks harder today than five years ago, mainly due to the explosion of AI and expanding attack surfaces, according to BitSight. These threats are also fueling high rates of burnout, with 47% of cybersecurity and cyber risk professionals reporting exhaustion. Another key factor in the burnout crisis is the lack of threat visibility. Those who work at organizations with the tools to regularly map threats across their environments … More →

The post Why 90% of cyber leaders are feeling the heat appeared first on Help Net Security.

Ransomware, Data Thefts, Other Attacks Continue to Plague Health Sector
Recent hacks on a provider of sleep disorder diagnostic gear and services, a network of medical imaging facilities and a multi-disciplinary cancer care center have affected nearly 800,000 patients. The breaches are among the latest rash of cybercriminal attacks plaguing the healthcare sector.

Dutch Servers Restored Following Moscow-Led Attack
The Dutch Public Prosecution Service on Monday began phased restoration of its networks after a cyberattack last month forced the agency to take down its services offline. The agency confirmed that hackers exploited a vulnerability in a Citrix device.