人工智能重要安全漏洞通报Ollama安全漏洞
近日,国家信息安全漏洞库(CNNVD)收到关于Ollama安全漏洞(CNNVD-202605-502、CVE-2026-7482)情况的报送。攻击者通过漏洞可获取环境变量、API密钥、系统提示和并发用户的对话数据。Ollama 0.17.1之前版本均受此漏洞影响。
Aggregator
Palo Alto 提醒注意严重的 PAN-OS RCE漏洞
1 week 3 days ago
速修复
Progress 提醒注意严重的 MOVEit 自动化认证绕过漏洞
1 week 3 days ago
速修复
比 OpenClaw 更火的 「Agent 员工」赛道,杀出一个新王者|AI 上新
1 week 3 days ago
给天选打工人准备的利器。
AI热潮助推三星电子市值突破1万亿美元
1 week 3 days ago
AI热潮助推三星电子市值突破1万亿美元在AI概念股热潮推动下,三星电子市值突破一万亿美元,成为继台积电之后第二家跻身这一俱乐部的东亚公司。周三,这家韩国存储芯片巨头股价一度飙升12%,创下历史新高,推
Геймеры? Нет, шпионы. Хакеры придумали, как прятать серверы там, где их никогда не найдут
1 week 3 days ago
Группа UAT-8302 взламывала госструктуры двух континентов незаметно.
Is Your Organization Ready to Scale AI Securely
1 week 3 days ago
Kochava Will Stop Selling 'Sensitive Location' Info
1 week 3 days ago
Litigation Initiated by the US FTC Leads to Settlement Restricting Data Broker
The Federal Trade Commission has banned an Idaho-based data broker from selling sensitive location data gathered from "hundreds of millions" of individuals' mobile devices without their knowledge or consent. The proposed order ends several years of legal sparring between Kochava and the FTC.
The Federal Trade Commission has banned an Idaho-based data broker from selling sensitive location data gathered from "hundreds of millions" of individuals' mobile devices without their knowledge or consent. The proposed order ends several years of legal sparring between Kochava and the FTC.
CISA 'CI Fortify' Aims to Keep Services Running Under Attack
1 week 3 days ago
Critical Infrastructure Operators Urged to Fortify Against Nation-State Attacks
The Cybersecurity and Infrastructure Security Agency launched CI Fortify, urging critical infrastructure operators to adopt isolation and rapid recovery capabilities to maintain essential services under cyberattacks, amid warnings that nation-state actors are already embedded in operational systems.
The Cybersecurity and Infrastructure Security Agency launched CI Fortify, urging critical infrastructure operators to adopt isolation and rapid recovery capabilities to maintain essential services under cyberattacks, amid warnings that nation-state actors are already embedded in operational systems.
Skills Gap Top CISO Concern, Says New SANS Survey
1 week 3 days ago
Security Leaders Face Gaps, Not in Their Org Charts, But in Their Team's Skills
Concerns about the skills and capabilities of cybersecurity teams have for the first time overtaken worries about headcount and unfilled vacancies among CISOs, according to a new SANS survey.
Concerns about the skills and capabilities of cybersecurity teams have for the first time overtaken worries about headcount and unfilled vacancies among CISOs, according to a new SANS survey.
BlueVoyant Prepares SaaS Push Under New CEO John Hernandez
1 week 3 days ago
BlueVoyant Seeks to Expand Beyond MDR Clients Into Firms With Mature In-House SOCs
BlueVoyant named John Hernandez - the former leader of Quest's Microsoft security business - as its next CEO to drive an agentic AI SaaS platform that expands the vendor beyond managed services and helps customers accelerate detection, response and supply-chain risk management.
BlueVoyant named John Hernandez - the former leader of Quest's Microsoft security business - as its next CEO to drive an agentic AI SaaS platform that expands the vendor beyond managed services and helps customers accelerate detection, response and supply-chain risk management.
效率提升10倍!高版本VMP逆向+插件开发全流程
1 week 3 days ago
从0到1开发x32/x64Dbg插件,搞定高版本VMP
Palo Alto PAN-OS 高危漏洞已遭在野利用:可获root权限,官方下周发补丁
1 week 3 days ago
暂无正式补丁,务必限制门户访问或立即禁用
VMProtect 3.8.1 混淆策略大揭秘
1 week 3 days ago
看雪论坛作者ID:阿强
【AI安全】Claude Code使用教程&免费白嫖token&渗透测试/CTF Skills提示词& MCP使用
1 week 3 days ago
这篇文章总字数:10795个,写到这里这篇关于Claude Code相关操作以及一些自己总结的学习思路方法都已经汇总了,这篇文章主要是给大家介绍目前主流的Claude Code在我们本地搭建部署,我们配合CC-Switch可以很便捷的使用AI大模型,包括后面的各种AI Agents skills编写、claude提示词相关作用和后面的MCP服务器管理。主要还是根据自己的一个需求进行调配使用。
第一届 Polaris CTF-web题解
1 week 3 days ago
WEBbabydc网络 桥接靶机:10.190.20.23Workgroup/Domain Name: XMCVEHostnames: CASTLEVANIADomain Controllers: XMCVEActive Directory(活动目录)的 Windows 域环境内网1 台 DC 域控(核心,存所有账号、哈希、权限)多台 成员服务器(Web、邮件、数据库等)一堆 Win10/Win1
【AI安全】OpenClaw多阶段网页诱导绕过防护的RCE攻击
1 week 3 days ago
OpenClaw作为最近爆火的AI应用,其设计者已深刻意识到了外部攻击面的风险,并构建了多层的静态防护机制,但当攻击者利用长上下文的认知负载和任务导向性等手段逐步诱导AI忽略安全边界时,AI 似乎难以始终守住边界,最终仍可能执行恶意命令。
polarisCTF Crypto 方向全解 wp
1 week 3 days ago
本文围绕 polarisCTF 的 9 道密码学题目展开,包含整体思路、解题关键与完整的解题脚本
一个基础cgi架构的路由器类型的题目复现
1 week 3 days ago
架构及其全面,比起寻常的webpwn的proxy之类更加接近实战
Hack for a Change 2026 March: UN SDG 3 Writeup
1 week 3 days ago
Hack for a Change 2026 March: UN SDG 3 Writeup