科技爱好者周刊(第 364 期):最难还原的魔方
本文汇总每周科技动态与工具推荐,探讨魔方还原难度标准及跨境营销软件 GeeLark 的功能亮点。同时分享了全息警察、咖啡机电脑等创新案例,并介绍了多种实用工具与 AI 应用。
Aggregator
【2026合作伙伴巡礼】“拓界科技·为实战而生”——具有侦查思维的综合电子数据取证厂商
3 months 1 week ago
具有侦查思维的综合电子数据取证厂商
新版《国家密码管理局商用密码行政检查事项清单》生效
3 months 1 week ago
商用密码监管进一步走向规范化、精细化。
传 DeepSeek AI 代理新模型年底发布;马斯克「金色擎天柱」首曝;比亚迪不回应销量下调传闻 | 极客早知道
3 months 1 week ago
字节为 Seed 部门员工发放每月最高 13.5 万元期权津贴;雷军:今年小米集团 7000 名应届生已全部报到;人形机器人学会用洗碗机,Figure 放出最新演示
Accelerated Polling
3 months 1 week ago
Product Update: Version 5.1 This release is all about helping you move faster, see more, and manage your infrastructure with greater ease. From real-time polling and smarter layout tools to expanded support for DC power and new visual enhancements in rack views, this update is packed with practical improvements. Plus, with French ...
The post Accelerated Polling appeared first on Hyperview.
The post Accelerated Polling appeared first on Security Boulevard.
Rajan Sodhi
Breach Roundup: Scattered Lapsus$ Hunters Behind Jaguar Hack
3 months 1 week ago
Also, Disney Pays $10M to Settle Child Privacy Case, Spain Scraps Huawei Deal
This week, Jaguar hack, Disney settled a child privacy case, Texas sued PowerSchool and federal prosecutors sued a toy maker. Spain voided a Huawei contract, Pennsylvania AG confirmed a ransomware attack. U.S. immigration enforcement resumed a spyware contract and Baltimore lost $1.5 million to BEC.
This week, Jaguar hack, Disney settled a child privacy case, Texas sued PowerSchool and federal prosecutors sued a toy maker. Spain voided a Huawei contract, Pennsylvania AG confirmed a ransomware attack. U.S. immigration enforcement resumed a spyware contract and Baltimore lost $1.5 million to BEC.
Shift5 Gets $75M for Cyber Push in Defense and Transit
3 months 1 week ago
Startup to Expand Dual-Use Tech, Tackle GPS Jamming Threats With Series C Funding
With a $75 million Series C raise, Shift5 plans to scale its operational intelligence platform across military and commercial transportation. Its focus includes enhanced threat detection, predictive maintenance and data-driven safety measures amid rising cyberthreats to infrastructure.
With a $75 million Series C raise, Shift5 plans to scale its operational intelligence platform across military and commercial transportation. Its focus includes enhanced threat detection, predictive maintenance and data-driven safety measures amid rising cyberthreats to infrastructure.
HHS Says It's 'Cracking Down' on Health Information Blocking
3 months 1 week ago
Feds Ramp Up Enforcement of 21st Cures Act Regs Including Fines up to $1 Million
The Department of Health and Human Services says it's "cracking down" on healthcare providers, health IT developers and health information networks that "block" the exchange, access and use of patients' electronic health data. Info blocking regulations have been on the books for years, so why now?
The Department of Health and Human Services says it's "cracking down" on healthcare providers, health IT developers and health information networks that "block" the exchange, access and use of patients' electronic health data. Info blocking regulations have been on the books for years, so why now?
Another Risk From Agentic AI Payments - First-Party Fraud
3 months 1 week ago
ACI Worldwide's Cleber Martins on Why Banks Need to Lead on AI Identity Governance
The rise of agentic commerce is forcing the financial sector to reconsider traditional fraud controls. Automated transactions may follow all technical authorizations, but agentic AI tools lack an understanding of user intent. That disconnect could lead to a surge in first-party fraud.
The rise of agentic commerce is forcing the financial sector to reconsider traditional fraud controls. Automated transactions may follow all technical authorizations, but agentic AI tools lack an understanding of user intent. That disconnect could lead to a surge in first-party fraud.
软件测试顶会ISSTA 2025 论文清单与摘要
3 months 1 week ago
Daily Dose of Dark Web Informer - 4th of September 2025
3 months 1 week ago
This daily article is intended to make it easier for those who want to stay updated with my regular Dark Web Informer and X/Twitter posts.
Dark Web Informer
Desolator
3 months 1 week ago
You must login to view this content
cohenido
CVE-2025-54309
3 months 1 week ago
Currently trending CVE - Hype Score: 1 - CrushFTP 10 before 10.8.5 and 11 before 11.3.4_23, when the DMZ proxy feature is not used, mishandles AS2 validation and consequently allows remote attackers to obtain admin access via HTTPS, as exploited in the wild in July 2025.
SDL 89/100问:如何推动业务方修复开源组件漏洞?
3 months 1 week ago
在这个问题上,想必很多同业人员都会遇到。其中最理想的就是把修复开源组件漏洞定位为公司级要求,避免陷入与业务方证明漏洞危害性的对抗局面。
然而要推动成为公司标准,也绝非易事,此处我将介绍自己亲身推动的、较为理想的过程 - - 客户驱动或业务驱动。在我们服务的客户里面,有漏洞修复标准非常高的客户,曾要求CVSS≥4.0都需要修复或给出不修的理由。从侧面来看,客户的要求帮我们在内部推动产线修漏洞。
另外还可以借助公司的大事件来推动漏洞修复,又一例子是我们进行冬奥网络安全保障时,要求所有部署到现场的产品都要足够安全。于是我们趁机将SCA的扫描结果修复,安排成为其中一个专项,在大事件面前产线配合的非常好,此后我们就把这个专项纳入到日常安全测试流程中、并写成规范常态化运行。
------------更多内容,请访问-------------
1、SDL 100问
SDL100问:我与SDL的故事
SAST误报太高,如何解决?
SDL需要哪些人参与?
大家都有哪些SDL运营指标?
业务系统是否可以带漏洞上线?
日常的漏洞运营,也应该是SDL团队来做吗?
关于开发安全BP,对开展SDL有哪些帮助?
SDL 87/100问:哪个厂商做SDL咨询服务和建设比较强?
SDL 88/100问:源代码扫描,是做仓库的全量扫描还是增量扫?
2、SDL创新实践
首发!“ 研发安全运营 ” 架构研究与实践
DevSecOps实施关键:研发安全团队
DevSecOps实施关键:研发安全流程
DevSecOps实施关键:研发安全规范
DevSecOps实施关键:研发安全工具
从安全视角,看研发安全
数字化转型下研发安全痛点
一个思考:安全测试驱动产品安全?
3、SDL最初实践
【SDL最初实践】开篇
【SDL最初实践】安全培训
【SDL最初实践】安全需求
【SDL最初实践】安全设计
【SDL最初实践】安全开发
【SDL最初实践】安全测试
【SDL最初实践】安全审核
【SDL最初实践】安全响应
4、安全运营实践
基于实践的安全事件简述
安全事件运营SOP:钓鱼邮件
安全事件运营SOP:网络攻击
安全事件运营SOP:蜜罐告警
安全事件运营SOP:webshell事件
安全事件运营SOP:接收漏洞事件
应急能力提升:实战应急困境与突破
应急能力提升:挖矿权限维持攻击模拟
Sitecore Zero-Day Sparks New Round of ViewState Threats
3 months 1 week ago
The vulnerability marks the latest example of threat actors weaponizing exposed ASP.NET machine keys for remote injection and deserialization attacks.
Rob Wright
Threat Attack Daily - 4th of September 2025
3 months 1 week ago
Threat Attack Daily - 4th of September 2025
Dark Web Informer
Ransomware Attack Update for the 4th of September 2025
3 months 1 week ago
Ransomware Attack Update for the 4th of September 2025
Dark Web Informer
Russian APT28 Deploys “NotDoor” Backdoor Through Microsoft Outlook
3 months 1 week ago
APT28 hackers deploy NotDoor backdoor via Microsoft Outlook macros, using OneDrive sideloading to steal data and evade detection.
Waqas
Response to CISA Advisory (AA25-239A): Countering Chinese State-Sponsored Actors Compromise of Networks Worldwide to Feed Global Espionage System
3 months 1 week ago
In response to the CISA Advisory (AA25-239A), AttackIQ has updated the assessment template that emulates the various post-compromise Tactics, Techniques, and Procedures (TTPs) associated with the Chinese adversary Salt Typhoon and released a new attack graph emulating the behaviors exhibited during the SparrowDoor and ShadowPad campaign in March 2025.
The post Response to CISA Advisory (AA25-239A): Countering Chinese State-Sponsored Actors Compromise of Networks Worldwide to Feed Global Espionage System appeared first on AttackIQ.
The post Response to CISA Advisory (AA25-239A): Countering Chinese State-Sponsored Actors Compromise of Networks Worldwide to Feed Global Espionage System appeared first on Security Boulevard.
Ayelen Torello
Osaki Medical Falls Victim to Qilin Ransomware
3 months 1 week ago
Osaki Medical Falls Victim to Qilin Ransomware
Dark Web Informer