Aggregator

一年一度的“大考”火热进行中，攻防演练期间本公众号会每日更新当天鲜活情报和热点漏洞，欢迎大家对我们进行收藏和关注！

Cybersecurity researchers have unveiled a new attack—dubbed the “C4 Bomb” (Chrome Cookie Cipher Cracker)—that successfully bypasses Google Chrome’s much-touted AppBound Cookie Encryption. This breakthrough exposes millions of users to renewed risks of cookie theft, credential compromise, and potential data breaches, despite Google’s recent efforts to harden Chrome against infostealer malware. AppBound Cookie Encryption In July […]

The post New C4 Bomb Attack Breaks Through Chrome’s AppBound Cookie Protections appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

本次，我们将以53K Star的开源明星项目LLaMA-Factory为战场，详细展示悟空AI Agent如何在实际场景中，精准挖掘高危远程代码执行0day漏洞（CVE-2025-53002），并推动官方修复的技术实战。

用 AI 解决经营问题，关键在于把商家的需求落地。

Google has released a security update for Chrome to address a zero‑day vulnerability (CVE-2025-6554) that its Threat Analysis Group (TAG) discovered and reported last week. “Google is aware that an exploit for CVE-2025-6554 exists in the wild,” the company said. About CVE-2025-6554 CVE-2025-6554 is a type confusion vulnerability in V8, the JavaScript and WebAssembly engine at the heart of Chrome and Chromium-based browsers. Remote, unauthenticated attackers can exploit this flaw by serving crafted HTML pages … More →

The post Google patches actively exploited Chrome (CVE‑2025‑6554) appeared first on Help Net Security.

Что будет, если хакеры выключат Америку?

Europol busted a crypto scam ring that laundered €460M from 5,000+ victims. Operation Borrelli involved Spain, the U.S., France, and Estonia. Europol has taken down a massive cryptocurrency fraud ring that scammed over 5,000 people worldwide, laundering around €460 million ($540 million). The international operation, dubbed Operation Borrelli, began in 2023 and was led by […]

It’s Content Independence Day: Cloudflare, along with a majority of the world's leading publishers and AI companies, is changing the default to block AI crawlers unless they pay creators for content.

手机已经成为日常生活的一部分，它储存了用户大量的敏感私密信息，而针对手机的攻击也日益常见，其中一种攻击方法被称为 Stingrays，利用假基站引诱手机连接，从而泄漏用户私人通信信息。假基站还可以发动降级攻击，引诱手机使用低安全性的通信方式如 2G，攻击者能拦截通话和消息。Google 已经在 Android 16 中尝试解决该安全，问题主要在于缺乏硬件支持。要识别假基站，Android 手机需要搭载 Google IRadio 硬件抽象层的 v3.0 版本，即使是 Google 最新的 Pixel 系列手机也不支持该功能。今年晚些时候推出的 Android 16 手机如 Pixel 10 将能识别假基站，能向用户发出警告。

Bots can start authenticating to Cloudflare using public key cryptography, preventing them from being spoofed and allowing origins to have confidence in their identity.

From May 2024 to May 2025, crawler traffic rose 18%, with GPTBot growing 305% and Googlebot 96%.

Pay per crawl is a new feature to allow content creators to charge AI crawlers for access to their content. 

Cloudflare is making it easier for publishers and content creators of all sizes to prevent their content from being scraped for AI training by managing robots.txt on their behalf.

Cloudflare Radar now shows how often a given AI model sends traffic to a site relative to how often it crawls that site. This helps site owners make decisions about which AI bots to allow or block.

一次付费：终身学习 + 持续更新

Linux Sudo 被曝高危漏洞，无特权用户可借此提权至 root，主流发行版均受波及。

看雪论坛作者ID：ngiokweng

从治理流程全闭环到效能整体大提升

A critical remote code execution (RCE) vulnerability affecting Django web applications, demonstrating how seemingly benign CSV file upload functionality can be weaponized for complete server compromise.  Summary1. Django RCE exploit chains directory traversal with CSV parser abuse to compromise servers through file uploads.2. Attackers use unsanitized username input (../../../../../../app/backend/backend/) to target Django's wsgi.py file.3. Malicious […]

The post Django App Vulnerabilities Chained to Execute Arbitrary Code Remotely appeared first on Cyber Security News.