Aggregator

4月28日，在第八届数字中国建设峰会期间，第二届“长城杯”信息安全铁人三项赛（防护赛）总决赛在福建福州举办。

勒索软件攻击正日趋精密且无孔不入，给全球企业带来了严峻挑战。

阿里巴巴宣布了 Qwen 系列最新模型 Qwen3。阿里称 Qwen3 是其首个具备快思考与慢思考能力的混合推理大模型，采用混合专家（MoE）架构，能模仿人类思考问题的方式，对复杂问题可多步骤“深度思考”，对简单需求可低算力“秒回”答案，极大节省算力消耗。阿里称，旗舰模型 Qwen3-235B-A22B 在代码、数学、通用能力等基准测试中，与 DeepSeek-R1、o1、o3-mini、Grok-3 和 Gemini-2.5-Pro 等顶级模型相比，表现出极具竞争力的结果。小型 MoE 模型 Qwen3-30B-A3B 的激活参数数量是 QwQ-32B 的 10%，表现更胜一筹，甚至像 Qwen3-4B 这样的小模型也能匹敌 Qwen2.5-72B-Instruct 的性能。阿里巴巴开源了两个 MoE 模型的权重：Qwen3-235B-A22B，一个拥有 2350 多亿总参数和 220 多亿激活参数的大模型，以及Qwen3-30B-A3B，一个拥有约 300 亿总参数和 30 亿激活参数的小型 MoE 模型。此外，六个 Dense 模型也已开源，包括 Qwen3-32B、Qwen3-14B、Qwen3-8B、Qwen3-4B、Qwen3-1.7B 和 Qwen3-0.6B，均在 Apache 2.0 许可下开源。

Oasis Security launched Oasis NHI Provisioning, a capability that automates the creation, governance, and security of non-human identities (NHIs) from their inception. Built into the Oasis NHI Security Cloud, this solution addresses the critical challenges of fragmented processes, ungoverned sprawl, and manual workflows that plague NHI provisioning today. According to ESG research, NHIs, such as service accounts, service principals, managed accounts, secrets, keys, and access tokens, are growing 20% year-over-year, powering automation across legacy, cloud, … More →

The post Oasis NHI Provisioning automates the provisioning of NHIs and their credentials appeared first on Help Net Security.

挖矿木马来袭，你的设备安全吗？揭秘全方位防御与应急攻略，守护数字资产，从这里开始！

挖矿木马来袭，你的设备安全吗？揭秘全方位防御与应急攻略，守护数字资产，从这里开始！

Qwen3 性能全面超越 R1、OpenAI-o1 等全球顶尖模型，旗舰型号的参数量仅为 DeepSeek-R1 的 1/3。

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Qualitia Active! Mail, Broadcom Brocade Fabric OS, and Commvault Web Server flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Qualitia Active! Mail, Broadcom Brocade Fabric OS, and Commvault Web Server flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are […]

联合发射联盟(ULA)使用 Atlas V 火箭成功发射了亚马逊 27 颗互联网卫星，标志着亚马逊低轨卫星互联网服务迈出了重要一步。亚马逊的 Project Kuiper 宽带卫星星座将是 SpaceX 的 Starlink 星座的直接竞争对手，Starlink 已经发射了数千颗卫星，但一家独大的局面以及马斯克的政治立场正促使越来越多的政府寻找替代。亚马逊计划到 2026 年前发射计划中的 3,236 颗卫星中的半数。

Lumu released Lumu SecOps Platform, a fully integrated Security Operations (SecOps) platform that unifies threat detection, response, automation, compliance, and intelligence across the network, identities and endpoints—delivering full attack context and enabling security teams to autonomously detect and neutralize complex threats. Lumu SecOps Platform acts as the control center of a security network and allows teams to unify their entire security stack, streamline defenses, enhance their visibility, and reduce security gaps, powered by automated responses … More →

The post Lumu SecOps Platform allows teams to unify their entire security stack appeared first on Help Net Security.

A newly disclosed vulnerability in the Linux kernel, tracked as CVE-2025-21756 and dubbed “Attack of the Vsock,” has sent ripples through the cybersecurity community. The flaw enables attackers to escalate privileges to root, potentially gaining full control over affected Linux systems. According to the Hoefler report, Researchers warn that exploitation is feasible and demonstrated in real-world conditions, […]

The post Critical Linux Kernel Flaw (CVE-2025-21756) Allows Privilege Escalation appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Тысячи «вечных» картинок испарились за ночь.

A vulnerability was found in Calculated Fields Form Plugin up to 5.2.61 on WordPress and classified as problematic. Affected by this issue is some unknown functionality of the component Setting Handler. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2024-12273. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

Desired Effect, if it operates as billed, opens up a world of cutting-edge research to defenders, including zero-day vulnerability data and tailored exploit products.

The post Desired Effect Marketplace: Researchers Get Their Due, Defenders Get Realtime Info on Zero Days  appeared first on Security Boulevard.

Когда твой кавалер — ноутбук и пара приложений.

I’ve never quite seen anything like this in my two decades of working in the Internet of Things (IoT) space. In just a few years, devices at home and work started including cameras to see and microphones to hear. Now, with new lines of vacuums and emerging humanoid robots, devices have appendages to manipulate the world around them. They’re not only able to collect information about their environment but can touch, “feel”, and move it. … More →

The post Eyes, ears, and now arms: IoT is alive appeared first on Help Net Security.

Yuchen Yang 现正招收博士生（2026年秋季入学）、科研实习生与访问学者（长期）。

Yuchen Yang 现正招收博士生（2026年秋季入学）、科研实习生与访问学者（长期）。