Aggregator

近日，绿盟科技CERT监测到Xinference在PyPI仓库遭受了供应链投毒，攻击者通过窃取Xinference维护人员的PyPI发布权限凭证，于北京时间4月22日连续发布了3个植入木马的恶意版本，影响范围较广，请相关用户尽快采取措施进行排查与防护。

The threat actor gave itself plenty of options to support command and control, tapping Microsoft Outlook, Slack, Discord, and file.io for online espionage.

The Chinese state-sponsored cyber threat is known for moving fast and trying odd attack vectors; now it's branching out in tools, victimology, and TTPs.

鹏城-西电计算机联培｜沈玉龙&谢国锐老师招收AI+计算机网络方向博士生

战意渐浓！

消息称微软 GitHub Copilot 将转向按 Token 计费；特斯拉：第三代人形机器人预计年中亮相；宇树科技展示轮足人形机器人

赋能交通运输行业数字化、智能化转型。

2026年04月23日（現地時間）、米国CISAがCISA ICS Advisory / ICS Medical Advisoryを公表しました。

过去很多年，谈中国能源转型，大家首先想到的是光伏、风电和新能源汽车。

AMA Wants Privacy, Security AI Tool Protections, Especially in Mental Health
The American Medical Association says using artificial intelligence chatbots carries risks - including data privacy and security breaches - and the largest U.S. professional association for physicians and medical students is urging Congress to take action to protect patients from potential harm.

Berlin Proposes 3 Month Requirement to Store IP Addresses
The German government says it's unlocked the secret to passing a law that would require internet service providers to keep customer data without running afoul of privacy and security concerns that sunk earlier attempts. Critics say that's impossible

Recent Package Compromises Pushed Software Component Trust to the Security Agenda
Cloudsmith raised a $72 million Series C led by TCV to expand policy enforcement, auditability and real-time package risk analysis as CISOs focus more closely on software supply-chain threats tied to open-source dependencies, AI-assisted development and compromised artifacts.

Also, Europol Cracks DDoS Networks, Mythos Finds Bugs, France Portal Hit
This week, scam compounds. Attackers exploit flaws pre-disclosure. A crackdown on DDoS-for-hire. No Mythos for CISA, yes for Mozilla. France ID portal breach. Israeli and Venezuelan critical infrastructure targeted. Russian hacking in Ukraine. An Apache flaw. A ransomware negotiator aided BlackCat.

The company said it found more evidence of compromise across its customer base. Exposure, which has yet to be defined, poses significant downstream risk.

The post Vercel attack fallout expands to more customers and third-party systems appeared first on CyberScoop.

Прочитайте эту статью перед тем как вложить деньги в крипто...

A vulnerability categorized as critical has been discovered in Linux Kernel up to 6.18.20/6.19.10. This vulnerability affects the function netfs_unbuffered_write of the file fs/netfs/direct_write.c. Such manipulation leads to null pointer dereference. This vulnerability is documented as CVE-2026-31437. The attack requires being on the local network. There is not any exploit available. It is advisable to upgrade the affected component.