Aggregator

今日暂未更新资讯~
更多最新文章，请访问SecWiki

Software AG 的一项研究发现有多达五成员工使用未批准的 AI 工具。今天的 AI 工具非常容易获得，而企业也日益鼓励员工使用 AI 工具提高工作效率。无论是总结会议记录、起草客户邮件、探索代码还是创建内容，企业员工正在快速普及 AI。即使企业出于安全担忧内部限制员工使用 AI 工具，他们也可以通过浏览器访问 AI 工具的 Web 版本。分析显示最流行的 AI 工具是 ChatGPT，还有部分员工会使用中国公司开发的 AI 工具如 DeepSeek、Baidu Chat 和 Qwen。

A new malware-as-a-service (MaaS) platform named 'SuperCard X' has emerged, targeting Android devices via NFC relay attacks that enable point-of-sale and ATM transactions using compromised payment card data. [...]

Cybersecurity researchers have uncovered three malicious packages in the npm registry that masquerade as a popular Telegram bot library but harbor SSH backdoors and data exfiltration capabilities. The packages in question are listed below - node-telegram-utils (132 downloads) node-telegram-bots-api (82 downloads) node-telegram-util (73 downloads) According to supply chain

根据内外部测试，OpenAI 最新推理模型 o3 和 o4-mini 比该公司之前的模型出现幻觉的概率更高。在 OpenAI 的 PersonQA 测试中，o3 出现幻觉的概率高达 33%，两倍于旧模型 o1（16%）和 o3-mini（14.8%）。o4-mini 更糟糕出现幻觉的概率高达 48%。斯坦福大学兼职教授 Kian Katanforoosh 指出他的团队发现 o3 常生成无效网址。OpenAI 表示需要更多研究去理解为什么随着推理模型规模的扩大，幻觉现象会加剧。

Author/Presenter: James Ringold

Our sincere appreciation to BSidesLV, and the Presenters/Authors for publishing their erudite Security BSidesLV24 content. Originating from the conference’s events located at the Tuscany Suites & Casino; and via the organizations YouTube channel.

Permalink

The post BSidesLV24 – Common Ground – Quantum Computing: When Will It Break Public Key Cryptography? appeared first on Security Boulevard.

今日 7 时 30 分，北京亦庄半程马拉松暨人形机器人半程马拉松在南海子公园南门开跑。这是全球首个人形机器人半程马拉松，20 支人形机器人赛队与跑步爱好者一起冲出起跑线，在 21.0975 公里长的赛道上挑战极限。目前的机器人技术显然与人类相去甚远。最快的人类马拉松运动员在 1 小时 2 分钟内完成比赛，而最好的人类辅助控制机器人在多次摔倒和三次更换电池后以 2 小时 40 分 42 秒完成比赛。该机器人被称为“天工Ultra”。

A sophisticated new Android malware strain called “Gorilla” has emerged in the cybersecurity landscape, specifically designed to intercept SMS messages containing one-time passwords (OTPs). This malicious software operates stealthily in the background, exploiting Android’s permission system to gain access to sensitive information on infected devices. Initial analysis suggests that Gorilla primarily targets banking customers and […]

The post New Gorilla Android Malware Intercept SMS Messages to Steal OTPs appeared first on Cyber Security News.

In today’s digital landscape, maintaining secure and efficient IT systems is critical for organizations. Patch management tools play a vital role in achieving this by automating the process of identifying, testing, and deploying software updates and security patches across various devices and applications. These tools help mitigate vulnerabilities, improve system performance, and ensure compliance with […]

The post 10 Best Patch Management Tools 2025 appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

In today’s digital era, businesses are increasingly adopting cloud computing to store data, run applications, and manage infrastructure. However, as organizations shift to the cloud, they face new security challenges such as cyber threats, data breaches, and compliance risks. This is where cloud security solutions come into play. These solutions are designed to protect sensitive […]

The post 10 Best Cloud Security Solutions 2025 appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Security researchers have identified a concerning trend in the cyber threat landscape as state-sponsored hackers from multiple countries have begun adopting a relatively new social engineering technique called “ClickFix” in their espionage operations. The technique, which emerged in early March 2024 in cybercriminal circles, has rapidly gained popularity among advanced persistent threat (APT) groups due […]

The post State Sponsored Hackers Now Widely Using ClickFix Attack Technique in Espionage Campaigns appeared first on Cyber Security News.

A vulnerability, which was classified as problematic, was found in SourceCodester Web-based Pharmacy Product Management System 1.0. This affects an unknown part of the file add-supplier.php. The manipulation of the argument txtsupplier_name/txtaddress leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-3826. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as problematic, has been found in SourceCodester Web-based Pharmacy Product Management System 1.0. Affected by this issue is some unknown functionality of the file add-category.php. The manipulation of the argument txtcategory_name leads to cross site scripting. This vulnerability is handled as CVE-2025-3825. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability classified as problematic was found in SourceCodester Web-based Pharmacy Product Management System 1.0. Affected by this vulnerability is an unknown functionality of the file add-product.php. The manipulation of the argument txtprice/txtproduct_name leads to cross site scripting. This vulnerability is known as CVE-2025-3824. The attack can be launched remotely. Furthermore, there is an exploit available.