Aggregator

文章描述了一个技术问题：当访问某个网站时出现错误代码521（Web Server Is Down）。该错误通常由Cloudflare引发，表示目标服务器暂时无法处理请求。常见原因是服务器过载、配置错误或网络连接问题。

Google has released an emergency security update for its Chrome web browser to address a high-severity zero-day vulnerability that is being actively exploited in the wild. Users are strongly urged to update their browsers immediately to protect against potential attacks. The vulnerability, tracked as CVE-2025-10585, is the latest in a series of zero-days discovered and […]

The post Google Chrome 0-Day Vulnerability Actively Exploited in the Wild – Patch Now appeared first on Cyber Security News.

9月15日，一场针对npm生态系统的大规模供应链攻击开始爆发，这种被命名为"Shai-Hulud"的蠕虫以其自我复制能力迅速引起安全研究人员的关注。截至目前，已有约150个npm包被感染，包括CrowdStrike公司的多个软件包。

​既是旗舰，也是普惠。

再一次，巨头喊出「智能眼镜首先要是一个好眼镜」。

ISC Stormcast 播客讨论周四网络威胁情况，值班处理员Guy Bruneau报告绿色威胁级别。用户即将参加拉斯维加斯的应用安全课程（9月22日至27日）。提供DShield传感器、DNS Looking Glass等工具及隐私政策链接。

A new AI-powered clinical decision support system developed by Google and NASA aims to help astronauts diagnose and treat medical issues during space missions - even when real-time communication with Earth is unavailable, said Chris Hein, field CTO of Google Public Sector.

JavaScript Repository Contends With Wormable Malicious Code
An apparent "Dune" aficionado is responsible for the first self-propagating attack on the npm JavaScript repository in what one security company has called one of the most severe JavaScript supply-chain attacks so far. A malicious script exfiltrated data to GitHub repositories named "Shai-Hulud."

New Safeguards Follow Teen Suicides Linked to ChatGPT and Other AI Chatbots
OpenAI is rolling out new safeguards in ChatGPT to protect younger users by adding age estimation tools and, in some cases, requiring ID verification for those claiming to be over 18. The move follows growing scrutiny over the impact of chatbots on teenagers.

AP2 Protocol Introduces 'Mandates' to Keep Agent-Led Spending Accountable
Artificial intelligence agents can now shop so consumers don't have to - but the non-human shoppers will need a signed permission slip first. Google on Wednesday announced the launch of an "agent payments protocol," which creates a framework for AI-driven purchases.

Startup Plans Unified Remediation for Misconfigurations and Patching, Compliance
Remedio has landed $65 million in funding to develop tools that go beyond detection and automate secure remediation. CEO Tal Kollender says the goal is faster growth, a bigger U.S. sales footprint, and delivering a platform that closes the gap between risk visibility and action.

近期科恩威胁情报团队发现Odyssey大盗正通过推特等渠道投放虚假AI工具广告，诱导用户下载伪装为AI工具客户端的恶意软件。最新变种除常规的后门，窃取加密货币钱包等能力外，新增加了持久化后门的功能。

本文描述了通过分析上传到 honeypot 服务器的文件来识别恶意软件和攻击模式的过程。使用 upload-stats 工具枚举文件信息，并结合日志数据发现针对 IoT 设备的 botnet 蠕虫活动。研究揭示了攻击者利用默认密码（如 pi/raspberry）传播恶意软件，并通过 IRC 通道控制受感染设备的行为模式。

在数字化浪潮席卷全球的今天，网络安全已从技术领域的“幕后角色”跃升为国家安全、社会稳定和经济发展的“关键防线”

当前环境异常,需完成验证后继续访问.