Aggregator

Claude Code 突然收紧使用限制,影响付费订阅用户,Anthropic 未提前通知且配额混乱,导致开发者项目受阻,尽管尝试其他模型但效果不如 Claude Code,用户呼吁更透明的定价政策和沟通。

Leviton Manufacturing Co., Inc.が提供する複数の製品には、クロスサイトスクリプティングの脆弱性が存在します。

Security researchers recently revealed that the personal information of millions of people who applied for jobs at McDonald's was exposed after they guessed the password ("123456") for the fast food chain's account at Paradox.ai, a company that makes artificial intelligence based hiring chatbots used by many Fortune 500 companies. Paradox.ai said the security oversight was an isolated incident that did not affect its other customers, but recent security breaches involving its employees in Vietnam tell a more nuanced story.

McDonald’s招聘系统因Paradox.ai账户密码泄露导致6400万用户数据暴露，同时越南员工设备感染恶意软件导致更多安全问题。

作者自称好奇心强，近期因缺乏专注目标而感到无聊，但对YouTube上的网络安全案例深感兴趣。

OpenAI推出ChatGPT智能体功能，整合Operator和深度研究能力，通过虚拟机和浏览器帮助用户完成复杂任务如购物、制作演示文稿等。该功能目前仅限于付费订阅用户使用，其中Plus订阅每月可使用50次。

APT组织Lazarus 在Rootkit（获取内核权限）攻击中使用了微软的0day漏洞;APT组织Kimsuky利用软件公司产品安装程序进行伪装展开攻击;NoName057(16)组织DDoSia项目持续更新;

Chinese threat actors have turned to cyberattacks as a way to undermine and destabilize Taiwan's most important industrial sector.

OpenAI推出ChatGPT Agent，具备多步骤任务处理能力；Wacom发布高分辨率便携绘图平板MovinkPad；AMD推出锐龙AI 5 330处理器；Google将于8月20日发布Pixel 10系列等新品；索尼结束PlayStation Stars忠诚计划；苹果或在iPhone 17 Pro中应用新型抗反射涂层。

Amid the accelerating tide of digital transformation, Windows Hello for Business (WHfB) continues to be championed by Microsoft as a modern, passwordless solution for enterprise authentication. Yet, beneath this progressive façade lies an architectural...

The post Windows Hello for Business Flaw: Biometric Bypass Exposes Enterprise Authentication appeared first on Penetration Testing Tools.

In an era defined by the rapid evolution of generative AI systems, the notion of security has transcended traditional vulnerabilities. A recent precedent demonstrated that remote code execution can be achieved without relying on...

The post Beyond Bugs: How Generative AI Ecosystems Can Be Hacked Without Exploits appeared first on Penetration Testing Tools.

前言安服累，渗透狂，一入网安破大防，莫说勤奋自然强；挤地铁，上HW，渗透工位坐机房，意淫桃谷伴身旁；电脑背，

当前环境出现异常状态，需完成验证后方可继续访问相关服务或网站。

攻击者通过将恶意代码注入WordPress数据库中的wp_options和wp_posts表，利用Google Tag Manager（GTM）加载远程JavaScript脚本，导致网站在4-5秒后重定向至spam域名spelletjes[.]nl。该攻击隐蔽性强，难以通过文件扫描检测，并对网站信任度、SEO及转化率造成严重影响。修复需移除可疑GTM标签并进行全面扫描。

Air Serbia has fallen victim to a cyberattack that has significantly disrupted the company’s internal operations. The digital crisis began in the early days of July 2025 and persists to this day. One of...

The post Air Serbia Hit by Major Cyberattack: Internal Systems Disrupted, Active Directory Compromised appeared first on Penetration Testing Tools.

银狐最新攻击样本行为特征与威胁情报

当前环境出现异常，需完成验证后才能继续访问。