Aggregator

用 AI 解决经营问题，关键在于把商家的需求落地。

Google has released a security update for Chrome to address a zero‑day vulnerability (CVE-2025-6554) that its Threat Analysis Group (TAG) discovered and reported last week. “Google is aware that an exploit for CVE-2025-6554 exists in the wild,” the company said. About CVE-2025-6554 CVE-2025-6554 is a type confusion vulnerability in V8, the JavaScript and WebAssembly engine at the heart of Chrome and Chromium-based browsers. Remote, unauthenticated attackers can exploit this flaw by serving crafted HTML pages … More →

The post Google patches actively exploited Chrome (CVE‑2025‑6554) appeared first on Help Net Security.

Что будет, если хакеры выключат Америку?

Europol busted a crypto scam ring that laundered €460M from 5,000+ victims. Operation Borrelli involved Spain, the U.S., France, and Estonia. Europol has taken down a massive cryptocurrency fraud ring that scammed over 5,000 people worldwide, laundering around €460 million ($540 million). The international operation, dubbed Operation Borrelli, began in 2023 and was led by […]

It’s Content Independence Day: Cloudflare, along with a majority of the world's leading publishers and AI companies, is changing the default to block AI crawlers unless they pay creators for content.

手机已经成为日常生活的一部分，它储存了用户大量的敏感私密信息，而针对手机的攻击也日益常见，其中一种攻击方法被称为 Stingrays，利用假基站引诱手机连接，从而泄漏用户私人通信信息。假基站还可以发动降级攻击，引诱手机使用低安全性的通信方式如 2G，攻击者能拦截通话和消息。Google 已经在 Android 16 中尝试解决该安全，问题主要在于缺乏硬件支持。要识别假基站，Android 手机需要搭载 Google IRadio 硬件抽象层的 v3.0 版本，即使是 Google 最新的 Pixel 系列手机也不支持该功能。今年晚些时候推出的 Android 16 手机如 Pixel 10 将能识别假基站，能向用户发出警告。

Bots can start authenticating to Cloudflare using public key cryptography, preventing them from being spoofed and allowing origins to have confidence in their identity.

From May 2024 to May 2025, crawler traffic rose 18%, with GPTBot growing 305% and Googlebot 96%.

Pay per crawl is a new feature to allow content creators to charge AI crawlers for access to their content. 

Cloudflare is making it easier for publishers and content creators of all sizes to prevent their content from being scraped for AI training by managing robots.txt on their behalf.

Cloudflare Radar now shows how often a given AI model sends traffic to a site relative to how often it crawls that site. This helps site owners make decisions about which AI bots to allow or block.

一次付费：终身学习 + 持续更新

Linux Sudo 被曝高危漏洞，无特权用户可借此提权至 root，主流发行版均受波及。

看雪论坛作者ID：ngiokweng

从治理流程全闭环到效能整体大提升

A critical remote code execution (RCE) vulnerability affecting Django web applications, demonstrating how seemingly benign CSV file upload functionality can be weaponized for complete server compromise.  Summary1. Django RCE exploit chains directory traversal with CSV parser abuse to compromise servers through file uploads.2. Attackers use unsanitized username input (../../../../../../app/backend/backend/) to target Django's wsgi.py file.3. Malicious […]

The post Django App Vulnerabilities Chained to Execute Arbitrary Code Remotely appeared first on Cyber Security News.

Trustwave SpiderLabs has uncovered a chilling cyber threat targeting Latin American organizations, particularly in the financial sector, with a focus on Colombian institutions. The threat cluster, linked to the notorious Proton66 OOO infrastructure, employs a cunning mix of open-source Remote Access Trojans (RATs) and advanced obfuscation techniques to bypass static detection mechanisms. Unmasking a Sophisticated […]

The post Blind Eagle Hackers Leverage Open-Source RATs and Ciphers to Evade Static Detection appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Editor’s note: The current article is authored by Mauro Eldritch, offensive security expert and threat intelligence analyst. You can find Mauro on X.  New ransomware strains continue to surface frequently, and many of them are loosely built on or repackaged from existing families. One such case involves a sample resembling DragonForce ransomware, yet bearing several […]

The post DEVMAN Ransomware: Analysis of New DragonForce Variant  appeared first on ANY.RUN's Cybersecurity Blog.

愿心中的火永不熄灭！