Aggregator

01伏魔挑战赛从 2020 年开始,得益于广大白帽对技术的热情,在恶意文件检测领域，阿里云已经连续四年，举办了超过七届挑战赛。随着 AI的兴起，大模型技术的出现与成熟，网络空间的安全对抗日益激烈，无论

01阅读须知此文所提供的信息只为网络安全人员对自己所负责的网站、服务器等（包括但不限于）进行检测或维护参考，未经授权请勿利用文章中的技术资料对任何计算机系统进行入侵操作。利用此文所提供的信息而造成的直

A vulnerability has been found in Hummingbird Enterprise Collaboration up to 5.21 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to an unknown weakness. This vulnerability was named CVE-2006-0173. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability classified as critical was found in MihanTools 1.33. This vulnerability affects unknown code of the file product.php. The manipulation of the argument id leads to sql injection. This vulnerability was named CVE-2011-1048. The attack can be initiated remotely. Furthermore, there is an exploit available.

OpenAI 已讨论开发一款人形机器人12 月 25 日，据 The Information 报道，在过去的一年里，OpenAI 对机器人重新产生了兴趣：投资于开发机器人硬件和软件的初创公司，如 Fi

AMD AI 芯片被指软件有缺陷，难以挑战 NVIDIA； 谷歌就反垄断案提出新方案：苹果 iPhone 与 iPad 可采用不同默认搜索引擎； 周鸿祎：人类命运已被改变 AI 某些方面已超越 99% 人类

JPCERT/CCは、「近年の水飲み場攻撃事例 Part1」を公開しました。本記事では、攻撃者の攻撃手法の中で、近年あまり注目されることがない水飲み場攻撃の事例を国内で発生した事例をもとに2回に分けて紹介します。

2025年1月1日，网络数据安全管理强合规时代来临！

✦✦前  言✦“点击查看您家孩子的成绩单”“您需要办理贷款吗？”……这些看似稀松平常的诈骗或骚扰短信，实则是数据滥用和泄露引发的连锁反应。作为个体我们似乎对此毫无办法，实际上国家早已启动了数据立法工程

Washington and Nevada were among states enacting new data privacy laws in 2024, and that trend among states will likely continue into 2025 as the next presidential administration comes into office promising to reduce federal regulations, said attorney Melissa Crespo of law firm Morrison Foerster.

Blackpoint Cyber CEO Jon Murchison on MSP Cloud Identity Risks
With a 30-to-1 ratio of cloud to on-premises attacks, Blackpoint Cyber CEO Jon Murchison stresses the importance of enhanced identity detection and AI-driven solutions. He also outlines strategic moves for managed service providers to align with Microsoft’s ecosystem.

Cybercriminals Say They Hacked 66 Companies
The Clop cybercriminal group is threatening to make public the companies swept up by its mass hacking of managed file-transfer software built by Cleo Communications. In a Dec. 24 update to its dark web leak site, Clop asserted it has "data of many companies who use Cleo."

New Framework in o3 Models Aims to Better Align With Human Safety Values
OpenAI says its latest o3 series is the most advanced and safest of its "reasoning" AI models yet. The company says the new models take a fresh approach to safety via the deliberative alignment framework, rely more on synthetic data and outperform peers in resisting jailbreaking efforts.

基于图模型的行为分析与匹配的NPM恶意软件包检测技术

研究背景：恶意代码威胁软件供应链安全开源软件已成为现代软件生态中不可或缺的一部分。然而，随着开源软件的普及，软件供应链安全问题日益突出，给开源软件生态系统带来了重大威胁[1]。在软件供应链安全风险中，

PagesAboutDidier Stevens SuiteLinksMy Python TemplatesMy SoftwareProfession

你可能错过的新鲜事OPPO A5 Pro 发布12 月 24 日，OPPO 发布主打「耐用」特性的 OPPO A5 Pro。OPPO A5 Pro 在上一代产品 IP6X 级防水等级的基础上，针对

A vulnerability has been found in Anibal Monsalve Salaz sSMTP 2.61/2.62 and classified as problematic. This vulnerability affects the function standardise. The manipulation leads to improper input validation. This vulnerability was named CVE-2008-7258. Attacking locally is a requirement. Furthermore, there is an exploit available. The real existence of this vulnerability is still doubted at the moment. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Ruby 1.8.6/1.8.7/1.9. Affected is the function REXML. The manipulation leads to improper input validation. This vulnerability is traded as CVE-2008-3790. It is possible to launch the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.