Aggregator

​既是旗舰，也是普惠。

再一次，巨头喊出「智能眼镜首先要是一个好眼镜」。

ISC Stormcast 播客讨论周四网络威胁情况，值班处理员Guy Bruneau报告绿色威胁级别。用户即将参加拉斯维加斯的应用安全课程（9月22日至27日）。提供DShield传感器、DNS Looking Glass等工具及隐私政策链接。

A new AI-powered clinical decision support system developed by Google and NASA aims to help astronauts diagnose and treat medical issues during space missions - even when real-time communication with Earth is unavailable, said Chris Hein, field CTO of Google Public Sector.

JavaScript Repository Contends With Wormable Malicious Code
An apparent "Dune" aficionado is responsible for the first self-propagating attack on the npm JavaScript repository in what one security company has called one of the most severe JavaScript supply-chain attacks so far. A malicious script exfiltrated data to GitHub repositories named "Shai-Hulud."

New Safeguards Follow Teen Suicides Linked to ChatGPT and Other AI Chatbots
OpenAI is rolling out new safeguards in ChatGPT to protect younger users by adding age estimation tools and, in some cases, requiring ID verification for those claiming to be over 18. The move follows growing scrutiny over the impact of chatbots on teenagers.

AP2 Protocol Introduces 'Mandates' to Keep Agent-Led Spending Accountable
Artificial intelligence agents can now shop so consumers don't have to - but the non-human shoppers will need a signed permission slip first. Google on Wednesday announced the launch of an "agent payments protocol," which creates a framework for AI-driven purchases.

Startup Plans Unified Remediation for Misconfigurations and Patching, Compliance
Remedio has landed $65 million in funding to develop tools that go beyond detection and automate secure remediation. CEO Tal Kollender says the goal is faster growth, a bigger U.S. sales footprint, and delivering a platform that closes the gap between risk visibility and action.

近期科恩威胁情报团队发现Odyssey大盗正通过推特等渠道投放虚假AI工具广告，诱导用户下载伪装为AI工具客户端的恶意软件。最新变种除常规的后门，窃取加密货币钱包等能力外，新增加了持久化后门的功能。

本文描述了通过分析上传到 honeypot 服务器的文件来识别恶意软件和攻击模式的过程。使用 upload-stats 工具枚举文件信息，并结合日志数据发现针对 IoT 设备的 botnet 蠕虫活动。研究揭示了攻击者利用默认密码（如 pi/raspberry）传播恶意软件，并通过 IRC 通道控制受感染设备的行为模式。

在数字化浪潮席卷全球的今天，网络安全已从技术领域的“幕后角色”跃升为国家安全、社会稳定和经济发展的“关键防线”

当前环境异常,需完成验证后继续访问.

A vulnerability has been found in Linux Kernel up to 6.9.2 and classified as critical. This affects the function rb_get_reader_page of the file kernel/trace/ring_buffer.c. The manipulation leads to buffer overflow. This vulnerability is referenced as CVE-2024-38601. The attack needs to be initiated within the local network. No exploit is available. The affected component should be upgraded.

A vulnerability has been found in Liferay Portal and DXP and classified as critical. This vulnerability affects unknown code of the component Attachment Field Handler. This manipulation causes unrestricted upload. This vulnerability is registered as CVE-2025-43750. Remote exploitation of the attack is possible. No exploit is available.

A vulnerability was found in PHPGurukul Online Discussion Forum 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/admin_forum/search_result.php. Executing manipulation of the argument Search can lead to sql injection. This vulnerability is tracked as CVE-2025-10603. The attack can be launched remotely. Moreover, an exploit is present.