Aggregator

文章探讨了AI智能体的安全运行标准及测试方法，提出了风险评估和性能优化方案，旨在确保智能体在实际应用中的稳定性和合规性。

7月30日，《国家信息化发展报告（2024年）》（以下简称《报告》）发布会在京召开。

逆向入门参考

Cybersecurity researchers at the Cofense Phishing Defense Center (PDC) have uncovered a fresh surge in credential harvesting attacks that leverage the reputable cloud-based email service SendGrid to distribute phishing emails. Attackers are exploiting SendGrid’s trusted status, commonly used for transactional and marketing communications, to craft messages that evade standard email security gateways. By spoofing sender […]

The post Hackers Exploit SendGrid to Steal User Login Credentials in Latest Attack appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

逆向入门参考

Ваше видео больше не принадлежит только вам — скрытые эксперименты YouTube вызвали вопросы.

7月22日，智启新程 能见未来——国投智能股份新总部暨数字立方大厦媒体开放日活动顺利举办。这是国投智能股份入驻数字立方大厦以来首次向媒体集中开放。

中新社、人民日报、新华网、中国经济网、福建日报、福建电视台等中央、省市主流媒体及财经媒体合作伙伴20余人走进国投智能股份，通过实地参观、高管座谈等形式开展调研采访。公司董事长滕达，副总经理、董事会秘书高碧梅及品牌负责人吴芸娟等陪同接待。

媒体团合影

在国投智能股份展厅，媒体记者一行体验了公司AI多场景创新突破的产品：在装备端，“天擎”大模型一体机、Qiko智能本在10余个地市部署，提升电子数据取证效率；在平台端，“星火”电子数据智能分析平台落地40多个省市，在反诈专项中线索挖掘效率提升显著；在应用层，“小美”警务助手、智能办公系统等G/B端产品需求旺盛，便民服务如智能问讯试点效果良好。

人工智能成果展示区，美亚“鉴真”平台正在解析一段国际热点视频。国投智能股份的慧眼视频图像鉴真工作站、美亚鉴真微信小程序等“鉴真”系列产品，可有效识别近500种伪造手段，精度超94.6%，目前已接入全国13个省级、100余地市反诈及政务平台，成为中央网信办“清朗行动”的技术中坚。

经美亚鉴真平台小程序鉴定，该视频为伪造

通过企业文化区、产品体验区、解决方案区等多维场景，媒体记者一行系统了解了公司发展历程与最新动态，直观感受国投智能股份在电子数据取证、人工智能等领域的技术硬实力与产业影响力。展厅内的互动演示环节，让抽象的技术成果转化为可触可感的体验，赢得媒体代表的一致关注。

展厅参观

在高管座谈环节，与会嘉宾就国投智能股份新总部暨数字立方大厦的建设及入驻情况、公司战略布局、AI 安全等核心议题进行深入交流。

滕达热情欢迎媒体记者团莅临指导，他表示，数字立方大厦是国投智能股份以“数字为魂、公式为骨、实验为脉”铸就的科技图腾。数字是信仰——从二进制本源到股票代码300188，每一组数字都镌刻着企业与科技规律共振的基因；公式是哲学——22层空间嵌入欧拉恒等式、广义相对论等数学思想，将抽象规律转化为业务创新的“底层算法”；实验室是使命——ISEC实验室、“原点”实验室等高能级平台沿数学主轴分布，以梅森素数、图灵理论为指引，将15项“卡脖子”技术转化为自主成果。

数字立方大厦科研设施

截至目前，共有国投集团AI万链实验室、工信部协同攻关和体验推广中心等17个实验室项目集群落户数字立方大厦，构成强大的创新孵化核心平台，形成了浓厚的创新氛围与产业集聚效应。

滕达表示，数字立方大厦是国投智能股份将"数字基因"与"数学哲学"融入建筑设计的科技地标，既是公司"第三次创业"的里程碑，也标志着人工智能、公共安全、数字经济等领域的战略升级。这座建筑不仅是物理空间，更是企业创新的精神象征：数字是发展的底层逻辑，公式是探索科技本质的方法论，实验室是技术突破的核心阵地。国投智能股份将以敬畏规律的态度坚守创新，在数字浪潮中稳步前行，与中国科技企业共同开创未来。

座谈交流会现场

未来，国投智能股份将扎根数字立方大厦，以人工智能安全为重要发展方向。一方面，借大厦内先进实验室集群探索前沿技术、突破瓶颈，构建完善高效的安全防护体系，为数字社会稳定运行筑牢防线；另一方面，推动成果转化，与多行业深度合作，将安全方案应用于金融、政务等关键领域，助力行业数字化转型与安全升级。同时，发挥大厦产业集聚效应，吸引人才与企业汇聚，搭建开放创新平台，促进交流合作，激发创新活力，推动人工智能安全技术发展，为构建安全可信数字世界贡献力量。

滕达表示，目前公司已启动“十五五”规划编制工作，持续推动战略的前瞻性谋划与落地。下一步，公司将围绕“All in AI”战略，持续加大在AI安全、大数据治理及信创领域的投入，持续深耕电子数据取证、公共安全大数据、新网络空间安全、数字政务与企业数字化四大板块，深化技术成果转化与战略协同赋能，为国家数字经济发展筑牢安全底座。

国投智能股份举办媒体开放日活动，在新总部数字立方大厦展示AI产品和技术成果，并介绍大厦设计理念及未来战略方向。

/r/netsec 是一个由社区管理的技术信息安全内容聚合平台，旨在为安全从业者、学生、研究人员和黑客提供有价值的信息资源。

A vulnerability was found in Tenda AC10 16.03.10.13. It has been classified as problematic. Affected is an unknown function of the file /etc_ro/shadow of the component MD5 Hash Handler. Performing manipulation results in hard-coded credentials. This vulnerability was named CVE-2025-9309. The attack needs to be approached locally. In addition, an exploit is available.

A vulnerability was found in markdown-it 14.1.0. It has been declared as problematic. This impacts an unknown function in the library lib/renderer.mjs. Executing manipulation can lead to cross site scripting. This vulnerability is handled as CVE-2025-7969. The attack can be executed remotely. There is not any exploit available.

A vulnerability has been found in YiFang CMS up to 2.0.5 and classified as problematic. Affected by this vulnerability is the function exportInstallTable of the file app/utils/base/database/Migrate.php. The manipulation leads to information disclosure. This vulnerability is listed as CVE-2025-9398. The attack may be initiated remotely. In addition, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in YiFang CMS up to 2.0.5 and classified as critical. Affected by this issue is some unknown functionality of the file app/logic/L_tool.php. The manipulation of the argument new_url results in sql injection. This vulnerability is cataloged as CVE-2025-9399. The attack may be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in YiFang CMS up to 2.0.5. It has been classified as critical. This affects the function mergeMultipartUpload of the file app/utils/base/plugin/P_file.php. This manipulation of the argument File causes unrestricted upload. This vulnerability is registered as CVE-2025-9400. Remote exploitation of the attack is possible. Furthermore, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in HuangDou UTCMS 9. It has been declared as problematic. This vulnerability affects unknown code of the file app/modules/ut-frame/admin/login.php of the component Login. Such manipulation of the argument code leads to incorrect comparison. This vulnerability is documented as CVE-2025-9401. The attack can be executed remotely. Additionally, an exploit exists. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in HuangDou UTCMS 9. It has been rated as critical. This issue affects some unknown processing of the file app/modules/ut-frame/admin/update.php of the component Config Handler. Performing manipulation of the argument UPDATEURL results in server-side request forgery. This vulnerability is reported as CVE-2025-9402. The attack is possible to be carried out remotely. Moreover, an exploit is present. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability identified as problematic has been detected in Scada-LTS up to 2.7.8.1. The affected element is an unknown function of the file /pointHierarchySLTS of the component Folder Handler. The manipulation of the argument Title leads to cross site scripting. This vulnerability is traded as CVE-2025-9404. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability marked as critical has been reported in xuhuisheng lemon up to 1.13.0. This affects the function uploadImage of the file CmsArticleController.java of the component com.mossle.cms.web.CmsArticleController.uploadImage. This manipulation of the argument Upload causes unrestricted upload. This vulnerability is handled as CVE-2025-9406. The attack can be initiated remotely. Additionally, an exploit exists.

A vulnerability identified as critical has been detected in Tenda M3 1.0.0.12. Affected by this vulnerability is the function formGetMasterPassengerAnalyseData of the file /goform/getMasterPassengerAnalyseData. The manipulation of the argument Time leads to stack-based buffer overflow. This vulnerability is listed as CVE-2025-9299. The attack may be initiated remotely. In addition, an exploit is available.

专属厂商中秋福利加码！限时获得额外赏金！