Aggregator

基于大模型安全护栏建设理念，为行业提供了一套系统性的解决方案

为深入贯彻落实习近平总书记重要指示精神，按照全国打击治理电信网络诈骗工作视频会议部署要求，中央宣传部、公安部于6月16日联合启动“全民反诈在行动”集中宣传月活动，进一步加大反诈宣传力度，不断提升群众防骗意识，切实营造全社会反诈浓厚氛围。

5月9日，国务院常务会议审议通过《政务数据共享条例（草案）》，会议指出，要在确保数据安全的基础上打通数据壁垒，推动公共服务更加普惠便捷。要构建全国一体化政务大数据体系，推动数据资源融合应用，更好赋能社会治理和繁荣产业生态，增强经济发展新动能

新型安全威胁持续涌现，对现有网络安全治理体系、监管框架及应对策略形成全方位挑战。在此背景下，亟需深刻认识生成式人工智能给网络安全带来的新变化、新风险与新挑战，推动构建现代化的网络安全制度体系，为推进国家网络安全能力建设提供坚实支撑。

国家标准GB/T 45654—2025《网络安全技术 生成式人工智能服务安全基本要求》全文

A vulnerability, which was classified as critical, was found in Indexcor ezDatabase 2.1.2. Affected is an unknown function of the file index.php. The manipulation of the argument db_id leads to sql injection. This vulnerability is traded as CVE-2005-4303. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in Andy Mack 35mmslidegallery 6.0. It has been classified as problematic. This affects an unknown part of the file index.php. The manipulation of the argument imgdir leads to basic cross site scripting. This vulnerability is uniquely identified as CVE-2006-3036. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

Analyzing dark web forums to identify key experts on e-crime

Identity-based attacks are on the rise. Attacks in which malicious actors assume the identity of an entity to easily gain access to resources and sensitive data have been increasing in number and frequency over the last few years. Some recent reports estimate that 83% of attacks involve compromised secrets. According to reports such as the Verizon DBIR, attackers are more commonly using stolen

上线半年吸引百万用户的 AI 记账，治好了我的「理财困难症」。

美国网络司令部基于保卫台湾场景实施港口网络防御演习

恶意AI模型带来的威胁正持续上升

美国 CISA 和 NSA 上周发布报告，督促程序员使用内存安全语言。报告称，内存安全的重要性怎样强调都不过分。大型软件项目曝出的大部分漏洞都属于内存安全漏洞，以 Google Android 系统为例，2018 年九成的高危漏洞是内存安全漏洞；Google 另一个开源浏览器项目 Chromium 在 2017 年逾七成的严重漏洞是内存安全漏洞。OpenSSL 著名的 Heartbleed 漏洞就是 C 代码内存安全错误（越界读取）导致的。本月中旬发生的 Google Cloud 宕机事故也被归因于缺乏对空指针的正确错误处理。CISA/NSA 的报告承认，内存安全语言不是解决所有问题的良药，而大型代码库要过渡到内存安全语言如 Rust 面临很多挑战。但其优势是提高可靠性、减少攻击面以及降低长期成本。以 Google 为例，通过采用内存安全语言 2024 年 Android 内存安全漏洞数量减少到总数的 24%。

A vulnerability classified as critical has been found in wp-rss-poster 1.0.0. Affected is an unknown function. The manipulation of the argument ID leads to sql injection. This vulnerability is traded as CVE-2014-4938. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

Introduction Let’s be honest — passwords are kind of a pain. We’re told to create long, complicated ones with numbers, […]

The post What is OTP Authentication? A Simple Guide appeared first on Security Boulevard.

速修复

速修复

Нейросеть умудрилась слить бизнес и поверить в свою человечность.

As cybercriminals and nation-state actors increasingly turn to the Rust programming language for malware development, Microsoft’s Threat Intelligence Center has unveiled a powerful new open-source tool called RIFT to help security analysts combat this growing threat. Rust, renowned for its speed, memory safety, and robustness, is now being exploited for its advantages in creating malware […]

The post RIFT: Open-Source Rust Malware Analyzer Released by Microsoft appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability classified as problematic was found in LiveStreet 0.2. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2009-3260. The attack can be launched remotely. Furthermore, there is an exploit available.