Aggregator

美称将允许英伟达向中国出售 H200 人工智能芯片；阿里巴巴成立千问 C 端事业群；《阿凡达 3》导演卡梅隆称 AI 永远替代不了人类创作

当前环境异常，需完成验证后才能继续访问。

Array Networksが提供するArray AGシリーズのDesktopDirect機能には、コマンドインジェクションの脆弱性があります。JPCERT/CCは、本脆弱性を悪用した攻撃の被害を受けたという報告を国内の組織から受領しています。この問題は、当該製品を修正済みのバージョンに更新することで解決します。詳細は、開発者が提供する情報を参照してください。

嗯，用户让我用中文总结一下这篇文章的内容，控制在一百个字以内，而且不需要用“文章内容总结”或者“这篇文章”这样的开头。直接写描述就行。 首先，我需要仔细阅读这篇文章。看起来是关于Google Gemini Enterprise的一个高危漏洞，叫做GeminiJack。这个漏洞属于零点击攻击，也就是说攻击者不需要用户点击任何东西就能窃取数据。 文章提到这个漏洞是架构设计上的缺陷，而不是普通的漏洞。攻击者通过共享包含隐藏提示的文档、日历邀请或邮件来实施攻击。当员工使用Gemini进行搜索时，AI系统会检索这些恶意内容，并通过伪装成图片请求的方式外传数据。 这个漏洞利用了RAG（检索增强生成）架构，攻击者植入间接提示，诱使模型查询敏感信息。数据泄露包括邮件、日历、文档等，影响非常大。 最后，Google已经采取措施修复了这个问题，但事件揭示了AI系统带来的新安全风险，企业需要重新评估AI的信任边界。 现在我要把这些信息浓缩到100字以内。要突出漏洞名称、攻击类型、影响范围以及修复情况。 可能的结构：Google Gemini Enterprise存在高危零点击漏洞GeminiJack，攻击者可窃取企业敏感数据。该漏洞源于架构设计缺陷，利用RAG机制绕过传统安全措施。Google已修复问题，事件凸显AI安全风险。 Google Gemini Enterprise存在高危零点击漏洞GeminiJack，攻击者可窃取企业敏感数据。该漏洞源于架构设计缺陷，利用RAG机制绕过传统安全措施。Google已修复问题，事件凸显AI安全风险。

立即查看详情 →

当前环境出现异常问题，需完成验证后才能继续访问相关内容或服务。

Enterprise 2025 introduces the first full cloud adversary emulation and expanded multi-platform testing, focusing on two advanced threat areas: Scattered Spider’s cloud-centric attacks and Mustang Panda’s long-term espionage operations.

CVE-2025-55182 is a CVSS 10.0 pre-authentication RCE affecting React Server Components. Amid the flood of fake Proof-of-concept exploits, scanners, exploits, and widespread misconceptions, this technical analysis intends to cut through the noise.

The integration between Trend Vision One and Security Hub CSPM is exactly that, two powerful platforms enhancing each other to keep your AWS infrastructure protected.

The Apache Software Foundationが提供するApache Struts 2には、サービス運用妨害（DoS）の脆弱性が存在します。

Ransomware actors have targeted manufacturers, retailers, and the Japanese government, with many organizations requiring months to recover.

诚邀行业强者，共拓万亿市场🚀

This daily article is intended to make it easier for those who want to stay updated with my regular Dark Web Informer and X/Twitter posts.

Microsoft today pushed updates to fix at least 56 security flaws in its Windows operating systems and supported software. This final Patch Tuesday of 2025 tackles one zero-day bug that is already being exploited, as well as two publicly disclosed vulnerabilities.

Threat Attack Update for the 9th of December 2025

Ransomware Attack Update for the 9th of December 2025

SAP has released its December security updates addressing 14 vulnerabilities across a range of products, including three critical-severity flaws. [...]

Proof-of-concept exploit code is publicly available for two other flaws in this month's Patch Tuesday. In total, the company issued patches for more than 1,150 flaws this year.

Varonis threat analysts warn about Spiderman, a dangerous new kit that automates attacks against European banks and crypto customers, stealing a victim’s full identity profile.