【安全圈】恶意 npm 包修改本地 ethers 库以发起反向 Shell 攻击
关键词恶意软件网络安全研究人员在 npm 注册表中发现了两个恶意软件包,旨在感染另一个本地安装的软件包,这凸显
Aggregator
【安全圈】YouTube 创作者因品牌合作者请求使用 Clickflix 技术而遭受攻击
4 months 1 week ago
关键词网络钓鱼一种被称为“Clickflix 技术”的复杂网络钓鱼活动已经出现,它通过看似合法的品牌合作请求瞄
【安全圈】Telegram惊现公开群组聊天索引机器人 抓取8.6亿名用户的560亿条发言记录
4 months 1 week ago
关键词数据泄露即时通讯应用Telegram近期出现了一款名为Funstatgrtbot的监控机器人,该服务引发
High-Severity Cloud Security Alerts Tripled in 2024
4 months 1 week ago
Attackers aren't just spending more time targeting the cloud — they're ruthlessly stealing more sensitive data and accessing more critical systems than ever before.
Nate Nelson, Contributing Writer
CVE-2024-45356 | Xiaomi Phone Framework missing authentication
4 months 1 week ago
A vulnerability was found in Xiaomi Phone Framework. It has been rated as critical. This issue affects some unknown processing. The manipulation leads to missing authentication.
The identification of this vulnerability is CVE-2024-45356. It is possible to launch the attack on the local host. There is no exploit available.
vuldb.com
Clickflix 攻击:YouTube 创作者面临的品牌合作钓鱼危机
4 months 1 week ago
安全客
Видеозвонок от курьера? За ним может скрываться цифровая афера
4 months 1 week ago
Мошенники масштабируют атаки с ИИ.
Business Email Compromise, ACH Transactions, and Liability
4 months 1 week ago
Business Email Compromise (BEC) fraud represents one of the most insidious threats facing businesses and individuals today.
The post Business Email Compromise, ACH Transactions, and Liability appeared first on Security Boulevard.
Mark Rasch
法治 | “AI帮你一分钟搞定问诊开药”被叫停!如何为人工智能应用划红线?
4 months 1 week ago
当前,多家医院引入人工智能,并将其应用于临床、科研等多个场景。甚至,有营销宣传声称——“AI帮你一分钟搞定问诊、开药”。近期,湖南省医保局印发通知明确规定:“严禁使用 AI人工智能等自动生成处方”,引发网络热议。
国际 | 瑞典政府发布《国家网络安全战略2025-2029年》
4 months 1 week ago
3月20日,瑞典政府正式向议会提交了《国家网络安全战略2025-2029年》,对未来五年的国家网络安全建设进行了整体谋划,以应对日益复杂的网络安全威胁,提升国家整体网络安全水平。
评论 | 筑牢人脸信息安全防线
4 months 1 week ago
近日,国家互联网信息办公室、公安部联合公布了《人脸识别技术应用安全管理办法》,对应用人脸识别技术处理人脸信息的基本要求、处理规则、应用安全规范、监督管理职责等作出规定,旨在进一步扎紧人脸信息保护的“篱...
评论 | 给AI生成内容加标识的治理启示
4 months 1 week ago
近日,国家网信办、工业和信息化部、公安部、国家广播电视总局联合发布《人工智能生成合成内容标识办法》,将于今年9月1日起施行。
通知 | 北京市网信办等三部门印发《北京市数据跨境流动便利化综合配套改革实施方案》(附全文)
4 months 1 week ago
近日,北京市互联网信息办公室等三部门印发《北京市数据跨境流动便利化综合配套改革实施方案》。
发布 | 《工业和信息化领域人工智能安全治理标准体系建设指南(2025)(征求意见稿)》公开征求意见(附全文)
4 months 1 week ago
意见反馈截止日期为2025年4月15日前。
关于第二届“长城杯”铁人三项赛(防护赛)决赛入围队伍名单公示的通知
4 months 1 week ago
关于第二届“长城杯”铁人三项赛(防护赛)决赛入围队伍名单公示的通知
SectopRAT:作为武器化 Cloudflare Turnstile Challenge 向 Windows 用户发起攻击
4 months 1 week ago
安全客
FamousSparrow resurfaces to spy on targets in the US, Latin America
4 months 1 week ago
Once thought to be dormant, the China-aligned group has also been observed using the privately-sold ShadowPad backdoor for the first time
大模型安全警报:你的AI客服正在泄露客户银行卡号
4 months 1 week ago
本研究旨在系统性分析Prompt注入的类型、攻击方式及防御策略,以提升大模型的安全性。
CVE-2011-4595 | Pretty Links Plugin up to 1.5.5 on WordPress URL Parameter cross site scripting (EDB-36408)
4 months 1 week ago
A vulnerability was found in Pretty Links Plugin up to 1.5.5 on WordPress. It has been classified as problematic. Affected is an unknown function of the component URL Parameter Handler. The manipulation leads to cross site scripting.
This vulnerability is traded as CVE-2011-4595. It is possible to launch the attack remotely. Furthermore, there is an exploit available.
It is recommended to upgrade the affected component.
vuldb.com
Бессмертные бэкдоры: новая тактика атак на экосистему npm
4 months 1 week ago
Инновационный метод позволяет хакерам навсегда сохранить доступ к скомпрометированным системам.