Aggregator

文章探讨了人工智能的普及及其背后的计算机制，解释了人工神经网络的工作原理及其与生物神经系统的区别，并提出用“高级推理”重新定义AI以更准确地反映其能力。

Ook Nederland is doelwit geweest van de wereldwijde cyberspionagecampagne van de Chinese hackorganisatie Salt Typhoon. Dat melden de Nederlandse inlichtingen- en veiligheidsdiensten MIVD en AIVD vandaag.

印度新德里法庭上周批准了三大期刊出版商 Elsevier、Wiley 和 American Chemical Society 的请求，命令电信公司在三天内在印度屏蔽访问 Sci-Hub 和 Sci-Net。此后印度网民将只能通过 VPN 等工具访问 Sci-Hub。Sci-Hub 创始人 Alexandra Elbakyan 解释了该平台自 2022 年停止发布新论文的原因：多数大学图书馆推行了双因素身份验证，它无法再使用学生或研究人员的共享用户名和密码自动登录图书馆下载新论文。为了获取新论文，她创建了基于区块链的新平台 Sci-Net，2025 年 4 月上线，但该项目很快遭到了期刊出版商的投诉。她谴责了印度司法机构会为了少数富有外国公司的利益而忽视印度学生和研究人员的需求。

黑客利用Salesloft平台窃取OAuth令牌，进而访问Drift AI聊天机器人相关数据。威胁组织UNC6395通过这些令牌从Salesforce获取大量信息，包括AWS和Snowflake凭证。Google Threat Intelligence Group和Mandiant已介入调查，并建议受影响组织撤销API密钥并轮换凭证以应对潜在风险。

Hackers breached Salesloft to steal OAuth/refresh tokens for Drift AI chat; GTIG and Mandiant link the campaign to threat actor UNC6395. Google Threat Intelligence Group and Mandiant researchers investigate a large-scale data theft campaign carried out to hack the sales automation platform Salesloft to steal OAuth and refresh tokens associated with the Drift artificial intelligence (AI) chat […]

Common Mark Certificates (CMC) and Verified Mark Certificates (VMC) both enable brand logos in email inboxes via BIMI, boosting trust, security, and deliverability. The key difference? VMCs require trademark validation and show a blue checkmark in Gmail, while CMCs are faster and more affordable but have limited support. Learn which option fits your email security and branding goals.

The post What’s the difference between CMC and VMC certification? appeared first on Security Boulevard.

Common Mark Certificates (CMC)和Verified Mark Certificates (VMC)通过BIMI标准在邮箱中显示品牌Logo，增强信任和安全性。VMC需商标验证并在Gmail显示蓝色勾选标记，而CMC更快速、经济但支持有限。选择取决于品牌目标、商标状态及预算。

NetScaler has issued an urgent advisory warning administrators of three newly discovered vulnerabilities in NetScaler ADC and NetScaler Gateway—one of which is already being actively exploited. Updates are now available, and the vendor strongly...

The post CVE-2025-7775: NetScaler Zero-Day Is Under Active Attack appeared first on Penetration Testing Tools.

Mozilla Firefox发布v142.0.1错误修复版，解决标签拖动、文本光标、游戏手柄崩溃等问题。用户可通过关于页面、离线安装或微软商店更新，并根据处理器选择64位或Arm64版本。

A newly discovered critical vulnerability in Docker Desktop has placed Windows users at significant risk. Tracked as CVE-2025-9074 and rated 9.3 out of 10 on the CVSS scale, the flaw enables attackers to bypass...

The post Critical Docker Desktop Flaw Allows Attackers to Escape Containers and Hijack the Host appeared first on Penetration Testing Tools.

MathWorks, the developer of the widely used software MATLAB and SIMULINK, has disclosed a major ransomware attack that has impacted thousands of its users. The incident occurred in the spring of 2025, but its...

The post Ransomware Attack on MathWorks Exposes Data of Over 10,000 Users appeared first on Penetration Testing Tools.

企业引入AI代理提升生产力的同时面临新风险：传统安全模型无法应对这些智能实体的动态行为和潜在威胁。零信任架构存在局限性，需引入Agentic Identity and Security Platforms（AISP）实时监控和管理AI代理的权限与行为，以应对新兴威胁。

Drift has disclosed details of a security incident involving its Salesforce integration. Between August 8 and August 18, 2025, an unknown actor exploited OAuth credentials to extract data from customer Salesforce instances. According to...

The post Data Theft Alert: Salesforce Instances Breached via Third-Party App OAuth Tokens appeared first on Penetration Testing Tools.

闪迪推出WD Blue SN5100固态硬盘，继续使用WD品牌名称。该产品采用PCIe 4.0接口和无缓存设计，搭载铠侠BiCS8 QLC闪存颗粒。提供500GB至4TB容量选项，1TB版本售价约572元人民币。尽管性能较前代提升25%-30%，但QLC颗粒和价格可能让部分用户犹豫。

In August of this year, specialists from Israel’s National Digital Agency uncovered a large-scale campaign known as ShadowCaptcha, designed to compromise users through more than a hundred hacked WordPress websites. These sites had been...

The post ShadowCaptcha: A New Malware Campaign Uses Fake CAPTCHAs to Steal Data appeared first on Penetration Testing Tools.

双方将携手探索区块链安全融合方案，引领行业标准，助力生态安全发展。

Researchers at Check Point Research have uncovered a new targeted campaign, dubbed ZipLine, which leverages the malicious tool MixShell against industrial and high-tech companies. The hallmark of this operation lies in its unorthodox delivery...

The post ZipLine: New Campaign Triggers Victims to Call Hackers appeared first on Penetration Testing Tools.

A cyberattack against the Israeli “kosher internet” provider Internet Rimon, which serves religious and ultra-Orthodox communities, disrupted its services on the evening of August 23. The Iranian group Promised Revenge has claimed responsibility. The...

The post Cyberattack on Israeli “Kosher Internet” Provider Disrupts Service appeared first on Penetration Testing Tools.

Nevada’s network of state institutions was left paralyzed following an incident that occurred in the early hours of August 24. As a result of the attack, the state’s IT infrastructure ceased functioning, forcing most...

The post Cyberattack Paralyzes Nevada, Forcing Government Offices to Close appeared first on Penetration Testing Tools.

Researchers have unveiled ONEFLIP, a groundbreaking attack technique that introduces a novel method of covertly modifying neural networks, marking a major advance in hardware-level threats against AI. Unlike traditional backdoors that rely on tampering...

The post ONEFLIP: A Single Bit Can Hijack an AI, Redefining Hardware-Level Threats appeared first on Penetration Testing Tools.