Aggregator

连续六年领跑，彰显安全+AI综合创新实力

聚焦“AI+安全”人才缺口，全国信息安全产教融合共同体年会谋破局之策

夜间无人值守重新定义智能安全运营

洞挖掘有时候挖不到洞并不是你比别人差,可能是因为这个点你没有发现而已,适应的利用插件武装自身,用工具更好的发现问题才能让渗透事倍功半,企业SRC站点存在WAF选择性开启凭运气捡漏,安服渗透项目建议全部装载武装到牙齿。

Потеря сбережений — лишь верхушка айсберга, ведь под ударом оказывается вся частная жизнь.

China’s Ink Dragon is using European government networks to hide its espionage activity

点击蓝字，关注+星标⭐精彩内容不迷路~尊敬的用户，您好！

Kerberos Overhaul Will Disable RC4 by Default in Windows
Microsoft will disable RC4 by default in Windows Kerberos, pushing organizations to uncover and eliminate longstanding cryptographic weaknesses hidden in legacy authentication systems - particularly within large domains where fallback to RC4 has quietly persisted for decades.

Cybercrime Gang Rhysida Still Lists the Practice on Its Leak Site Among Its Victims
A Kansas medical group will pay $1.2 million to settle proposed class action litigation involving an attack that compromised the sensitive data of nearly 256,000 individuals. The Rhysida ransomware operation claimed responsibility and said it stole 3 terabytes.

AI Is Now the Top Focus for Modernization to Relieve Budget, Staffing Pressures
According to the National Association of State CIOs, this year AI tech - including generative and agentic AI - is the top strategic initiative for state CIOs - marking an "unprecedented" shift in IT priorities, said NASCIO Executive Director Doug Robinson. In fact, AI first appeared on the organization's annual survey of state and territory CIOs just three years ago.

Secure-by-Design Startup Uses AI Agents to Safeguard Containers, VMs and Libraries
Cloud security startup Echo has closed a $35 million Series A funding round to boost development of its AI-native OS. The platform starts with secure container images and aims to extend to VMs and libraries, helping enterprises minimize risk from open-source software.

蓝箭航天本月初执行了朱雀三号火箭的首飞任务，火箭发射成功但回收失败。朱雀三号的外形模仿了 SpaceX 的 Falcon 9 火箭。SpaceX 正在开发它的新一代重型火箭 Starship，因此越来越多的中国火箭初创公司也在开发外形类似 Starship 的火箭，当然不太可能第一步就开发重型火箭，它们开发的是 Starship 的缩小版本。名叫上海大航跃迁的火箭公司宣布正在开发中大型可重复使用运载火箭，使用了类似 Starship 的用两根金属筷子夹住火箭的回收技术；北京宇石空间也表示在研发甲烷燃料火箭，使用类似夹火箭回收技术，它对于模仿 SpaceX 的火箭毫不掩饰，称其技术方案与马斯克的 SpaceX 公司完全一致；北京领航星箭公司将其正在研发的火箭命名为星舰一号。这些火箭初创企业能否成功研制出缩小版 Starship 还是未知之数。

美国政府正在填补美国网络司令部和国家安全局领导空缺

响应措施误伤用户，部分遭到屏蔽

Programmatic Tool Calling 将是智能体未来的架构分水岭

Визуально обнаружить ловушку было крайне сложно даже при ручной проверке.

A vulnerability was found in WebKitGTK and WPE WebKit up to 2.50.3 and classified as problematic. The impacted element is an unknown function of the component Web Handler. Executing manipulation can lead to type confusion. This vulnerability is registered as CVE-2025-43541. It is possible to launch the attack remotely. No exploit is available. It is suggested to upgrade the affected component.

A vulnerability has been found in WebKitGTK and WPE WebKit up to 2.50.3 and classified as critical. The affected element is an unknown function of the component Web Handler. Performing manipulation results in use after free. This vulnerability is cataloged as CVE-2025-43536. It is possible to initiate the attack remotely. There is no exploit available. The affected component should be upgraded.