Aggregator
Извините, у нас гонка. Anthropic отказывается от обещания сдерживать опасный ИИ
4 months ago
Самая «осторожная» ИИ-компания решила, что безопасность подождет.
CrewAI SandboxPython 沙箱绕过利用
4 months ago
通过继承链访问 catch_warnings.__init__.__globals__,绕过限制获取原始 __builtins__,实现任意代码执行。
Scattered Lapsus$ Hunters seeks women for vishing attacks
4 months ago
The Scattered Lapsus$ Hunters (SLH) hacking collective has launched a recruitment push aimed specifically at women, offering cash payments for participating in voice-phishing (vishing) attacks. A few days ago, threat intelligence firm Dataminr detected posts on a public Telegram channel advertising roles for female callers willing to conduct social-engineering phone operations. SLH’s recruitment ad (Source: Dataminr) The group is apparently offering between $500 and $1,000 per call, up front, and is supplying prepared scripts to … More →
The post Scattered Lapsus$ Hunters seeks women for vishing attacks appeared first on Help Net Security.
Zeljka Zorz
让OpenClaw安全上岗,火山引擎发布首个AI助手安全方案
4 months ago
火山引擎云安全
ИИ выучил человеческие слова — но вложил в них совсем другой смысл. Уверены, что стоит ему доверять?
4 months ago
Исследователи выяснили: мы с машинами говорим на разных языка. И это опаснее, чем кажется.
G.O.S.S.I.P 阅读推荐 2026-02-26 Frida + js -> React Native
4 months ago
用 frida 向 React Native 动态注入 js 代码
Google Disrupts ‘Prolific’ and ‘Elusive’ China-Linked Global Hacking Campaign
4 months ago
UNC2814 hit 53 victims in 42 countries with novel backdoor in decade long cyber espionage operation
Expert Recommends: Prepare for PQC Right Now
4 months ago
Introduction: Steal It Today, Break It in a Decade
Digital evolution is unstoppable, and though the pace may vary, things tend to fall into place sooner rather than later. That, of course, applies to adversaries as well. The rise of ransomware and cyber extortion generated funding for a complex and highly professional criminal ecosystem. The era of the cloud brought general availability of
The Hacker News
Хотел получить работу, а получил взлом. Как хакеры разводят программистов на «тестовых заданиях»
4 months ago
Забудьте про письма от принцев – теперь присылают вредоносный Next.js.
SolarWinds Serv-U 多个严重漏洞可用于提供服务器root权限
4 months ago
速修复
合勤:注意影响十几款路由器的严重RCE漏洞
4 months ago
速修复
Tomcat Valve/Executor/Upgrade/Adapter内存马分析与思考
4 months ago
关于四种Tomcat内存马的一些学习与思考
New York sues Valve for promoting illegal gambling via game loot boxes
4 months ago
New York Attorney General Letitia James sued video game developer and publisher Valve Corporation for using game loot boxes to facilitate illegal gambling activities among children and teenagers. [...]
Sergiu Gatlan
AgentSmith-HUB v0.1.8 更新说明
4 months ago
AgentSmith-HUB v0.1.8 更新说明
Hackers abused Cisco SD-WAN zero-day since 2023 to gain full admin control
4 months ago
Cisco SD-WAN vulnerability CVE-2026-20127 has been exploited since 2023 to gain unauthenticated admin access. A critical Cisco SD-WAN vulnerability, tracked as CVE-2026-20127 (CVSS score of 10.0), has been actively exploited since 2023. The flaw affects Catalyst SD-WAN Controller and Manager and allows remote, unauthenticated attackers to bypass authentication and gain full administrative access by sending […]
Pierluigi Paganini
Связи не будет. Британия испытала систему, которая лишает ПВО «глаз» и «ушей»
4 months ago
BAE Systems планирует сделать радиоэлектронную борьбу массовой.
Сначала бэкапы, потом 1С. Как шифровальщик C77L лишает российский бизнес шансов на восстановление
4 months ago
История успеха (и вреда) нового шифровальщика, который заменил закрытый Phobos.
【安全圈】黑客将 Pulsar RAT 藏进 PNG 图片:NPM 再现供应链投毒
4 months ago
关键词网络病毒安全研究人员发现,一起新的 NPM 供应链攻击利用“图片藏毒”技术传播远控木马。
【安全圈】全球零售巨头电商遭植入支付窃取器:PrestaShop 商城被“二次下单”攻击
4 months ago
关键词网络攻击安全公司 Sansec 披露,一家全球前十的大型连锁超市电商网站被植入数字支付窃取器(payme