Aggregator

模型越狱是指通过各种手段突破人工智能模型内置的安全性和内容政策，迫使模型执行一些原本被禁止的操作或生成敏感、违法及不当的内容。这类越狱行为通常会涉及绕过模型的过滤系统、道德规范或安全限制，使模型生成对用户有害或违反伦理规范的回应。

Law enforcers in Germany have taken down dark web marketplace Crimenetwork and arrested a suspected administrator

3月10日起，每周日13点～18点直播授课

Hydra Market曾是全球最大的暗网黑市，提供黑客雇佣、数据窃取、洗钱、毒品交易等多种犯罪行为。

看雪论坛作者ID：是气球呀

贴近业务的情报才是好情报

Kepler-51 位于天鹅座，距地球约 2,615 光年，年龄约 5 亿年。此前它已知有 3 颗类似土星大小，但质量数倍于地球，密度如同棉花糖般超蓬松的系外行星，分别是 Kepler-51b、c 和 d，其公转周期分别为 45 天、85 天和 130 天，呈现 1:2:3 的比例，拥有氢/氦的大气层。天文学家利用了包括韦伯、Apache Point 天文台望远镜和宾州州立大学 Davey 实验室望远镜等不同设施，收集横跨 14 年间的大量数据集，发现了第 4 颗行星 Kepler-51e 的证据。目前尚不清楚它是否也是一颗超蓬松行星。Kepler-51e 的轨道稍大于金星，正好位于这颗恒星的宜居带内。

Cybersecurity researchers are alerting to a software supply chain attack targeting the popular @solana/web3.js npm library that involved pushing two malicious versions capable of harvesting users' private keys with an aim to drain their cryptocurrency wallets. The attack has been detected in versions 1.95.6 and 1.95.7. Both these versions are no longer available for download from the npm

Fortinet announced FortiAppSec Cloud, a new cloud-delivered platform that integrates key web application security and performance management tools into a single offering. The platform streamlines web and API security, advanced bot defense, and global server load balancing, among other capabilities, so customers can confidently secure and manage their hybrid and multi-cloud environments. “Web applications are foundational to the success of modern enterprises, but they are extremely challenging to secure, leaving businesses with a substantial attack … More →

The post FortiAppSec Cloud simplifies web application security management appeared first on Help Net Security.

这个可以夸：小米计划在2025年实现每个月都提供至少1次安卓更新

Data Analysis: The Unsung Hero of Cybersecurity Expertise [Guest Diary], (Wed, Dec 4th)

Web3 漏洞赏金平台 Immunefi 的一份新报告显示，2024 年迄今已记录了近 14.9 亿美元的加密货币损失，主要是由于黑客事件。

Неправильно выданный цифровой документ стал причиной бурного обсуждения правил корпорации.

Google has released a significant security update for its Chrome browser, aiming to address several vulnerabilities and enhance user safety. The Stable channel has been updated to version 131.0.6778.108/.109 for Windows, and Mac, and version 131.0.6778.108 for Linux. These updates will be gradually rolled out to users over the coming days and weeks. According to […]

The post Google Chrome Security Update, Patch for High-severity Vulnerability appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

火狐浏览器调整安卓平板版浏览策略 现在默认情况下以桌面模式加载网页

From Cash to Crypto: A Product Manager’s Role in Fintech’s Transformation of Digital Payments

JNDI高版本注入可以说是java安全大集合了。涉及了许多框架漏洞的组合使用，当分析完JNDI高版本时，我认为也算是正式入门JAVA安全了

A vulnerability was found in Lorex 2K Indoor Wi-Fi Security Camera. It has been classified as critical. This affects an unknown part of the component Code Signing Handler. The manipulation leads to insufficient verification of data authenticity. This vulnerability is uniquely identified as CVE-2024-52548. Attacking locally is a requirement. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in InfoDom Performa 365 4.0.1 and classified as critical. This issue affects some unknown processing of the file /documentCache/upload of the component SVG File Handler. The manipulation leads to unrestricted upload. The identification of this vulnerability is CVE-2024-46625. The attack may be initiated remotely. There is no exploit available.

A vulnerability classified as problematic has been found in Hodoku 2.3.0/2.3.1/2.3.2. Affected is an unknown function. The manipulation leads to deserialization. This vulnerability is traded as CVE-2024-51363. The attack can only be done within the local network. Furthermore, there is an exploit available.