Aggregator

关保联盟推出AI安全认证培训，本课程旨在通过系统性知识学习，培养实战化AI安全人才，为“AI+”时代关键信息基础设施安全建设提供人才保障。

随着人工智能技术快速发展，高质量数据集已成为推动生成式人工智能创新发展的核心稀缺要素。

在数据要素加速成为驱动经济增长新引擎的时代背景下，构建安全、高效、可信的数据流通共享环境已成为激发数据潜能的关键基石。

This is the first post in a series exploring security vulnerabilities in Windsurf. If you are unfamiliar with Windsurf, it is a fork of VS Code and the coding agent is called Windsurf Cascade. The attack vectors we will explore today allow an adversary during an indirect prompt injection to exfiltrate data from the developer’s machine. These vulnerabilities are a great example of Simon Willison’s lethal trifecta pattern. Overall, the security vulnerability reporting experience with Windsurf has not been great.

文章揭示了Windsurf（VS Code分支）中的安全漏洞，包括通过间接提示注入利用`read_url_content`工具窃取数据及渲染不受信任图片的风险。这些漏洞可能导致敏感信息泄露。尽管已负责任地披露问题，但修复进展未明。文章呼吁采取措施如加强人机交互和限制受信任域以缓解风险。

美国CDN提供商Fastly发布2025Q2威胁报告称，80%的网站流量来自AI爬虫，但真正威胁来自AI聊天机器人推理阶段的即时查询。高峰期每分钟对同一网站的并发请求高达3.9万次，远超普通爬虫，并可能引发类似DDoS攻击的效果。

Currently trending CVE - Hype Score: 31 - A vulnerability in the remote access VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct a brute force attack in an attempt to identify valid username and ...

Currently trending CVE - Hype Score: 31 - VMware ESXi contains an authentication bypass vulnerability. A malicious actor with sufficient Active Directory (AD) permissions can gain full access to an ESXi host that was previously configured to use AD for user management ...

Currently trending CVE - Hype Score: 31 - A command injection vulnerability in the IPSec VPN feature of Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50(W) series firmware versions from V4.16 through V5.38, and USG20(W)-VPN series ...

Currently trending CVE - Hype Score: 5 - Deserialization of untrusted data in on-premises Microsoft SharePoint Server allows an unauthorized attacker to execute code over a network. Microsoft is aware that an exploit for CVE-2025-53770 exists in the wild. Microsoft is preparing and fully testing a comprehensive update ...

Currently trending CVE - Hype Score: 1 - Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.

Guardio reveals a new AI take on ClickFix dubbed “PromptFix”

文章指出密码是数字身份的核心，一旦被盗可能引发金融诈骗和数据泄露。2025年数据显示密码盗窃占网络攻击的20%，主要通过钓鱼攻击、恶意软件和数据泄露传播。防范措施包括多因素认证、无密码登录技术及安全意识培训。

​小米，重要的事不止造车。

当前环境出现异常状态，需完成验证后方可继续访问。

The Document Foundation 宣布发布 LibreOffice 25.8。主要新变化包括：增强了用户界面，Welcome/What’s New 对话框能直接访问用户界面选择器和外观选项；改进了打开文档的速度和滚动性能，Writer 和 Calc 打开文档的速度提升了最多 30%；优化内存管理，虚拟桌面和瘦客户端上的操作更流畅；增强了与 Microsoft Office 文件格式的互操作性，能更精确处理 DOCX、XLSX 和 PPTX 文件，减少格式问题；支持导出 PDF 2.0 格式，等等。

微软8月更新KB5063878导致部分Windows 11 24H2用户SSD故障，表现为驱动器消失、分区变RAW等。问题主要发生在高负载写入情况下（如大文件更新），影响Phison控制器SSD及其他型号固态或机械硬盘。微软正与硬件厂商调查修复。建议受影响用户避免安装该更新或卸载以防止数据丢失。

Индексируемые страницы Grok превратились в витрину чужих диалогов.

Separating truth from fiction is the first step towards making better parenting decisions. Let’s puncture some of the most common misconceptions about online harassment.