Aggregator

纵横网络靶场社区正式发布 以虚实融合技术构建工业信息安全实战生态

嘶吼
3 weeks 5 days ago

当前,工业互联网深度融合发展,关键信息基础设施安全防护需求持续攀升,实战型工业信息安全人才短缺、训练场景稀缺、理论与实践脱节等制约行业发展的核心痛点日益凸显。

在此背景下,烽台科技打造的聚焦工业信息安全人才培养与生态共建的纵横网络靶场社区正式发布。该平台依托烽台科技十余年工业靶场技术沉淀,以“虚实融合”技术为核心,整合AI智能体、数字孪生等前沿能力,旨在打造工业安全领域“理论+实战+生态”三位一体的服务体系,为高校、企业、科研院所提供专业化的工业安全实训与技术交流空间。

从“竞赛工具”到“生态平台”:网络靶场社区的迭代之路

回溯烽台科技网络靶场社区的发展历程,其起点可追溯至2015年——公司成立后其核心产品便是工控网络靶场,由此开启了工业安全领域的深耕之路。早期社区更像“竞赛工具”,聚焦赛事聚人气,而此次全新发布的纵横网络靶场社区则进行了针对性升级:不仅保留竞赛模块,还新增实训专区,计划陆续开放石油石化、电力、钢铁冶金等超100个工业场景仿真环境,用户可通过拖拽式操作快速搭建专属测试场景,获得“开箱即用”的实战体验。

值得关注的是,技术团队会定期分享工业安全漏洞挖掘、协议测试等专业内容,同时鼓励用户提交技术方案与创新思路。“我们希望社区不再是单向输出的‘知识库’,而是成为工业安全人才碰撞思想、合作共赢的‘朋友圈’。”烽台科技相关负责人表示,未来社区将通过积分体系与专家入库机制,将优质用户转化为项目合作伙伴,推动技术成果从“纸上谈兵”到“落地应用”。

技术底座支撑:虚实融合仿真,覆盖多行业工控场景

支撑纵横网络靶场社区升级的核心,是烽台科技十余年积累的工业网络靶场技术硬实力。经过多年迭代,平台已形成虚实融合、全场景仿真、全流程可监测、可量化评估的技术能力,可在物理隔离环境下还原工业现场运行逻辑。

其技术特点主要体现在三方面:一是虚实结合仿真,可接入PLC、DCS、传感器等真实设备,结合数字孪生与虚拟化系统,1:1还原电力、石油石化、钢铁冶金、智能制造、城市公用设施等典型场景;二是全业务链全景监控,覆盖工艺层、控制层、网络层,可对操作行为、数据流转、协议交互进行全程记录与追踪;三是量化评估模型,围绕人员能力、产品性能、防护方案、攻防效能构建量化评价体系,可用于竞赛评分、能力测评与方案验证。

另外,面对合规与安全问题时,该负责人表示,社区场景均为仿真环境,不使用、不涉及真实工业系统数据;平台社区服务部署于合规公共云,核心仿真环境支持物理隔离部署,将建立数据安全与用户隐私保护机制,定期开展安全检查,满足行业合规要求。

目前,烽台靶场搭建了L0(靶标级)至L5(元宇宙级)的六级能力体系,当前重点探索L4(推理级)AI应用,将漏洞扫描、渗透测试等工具封装为AI可调用的能力模块,用户通过自然语言指令即可触发自动化测试,未来还将结合大模型实现风险预测与智能决策,进一步降低工业安全测试的技术门槛。

聚焦产学研用:从高校合作到企业赋能,构建工业安全生态

“工业安全的核心痛点,一是人才短缺,二是技术落地难。”该负责人强调。基于此,纵横网络靶场社区明确了“服务高校育才、支撑企业实战”的双向定位。

在高校合作方面,烽台科技已与多所院校建立合作。将靶场资源融入教学体系并为高校提供定制化实训课程,学生可在仿真环境中开展工业协议分析、工控设备漏洞利用等实操训练,解决“课本知识与实战脱节”的问题。据了解,部分合作院校还将靶场实训纳入毕业实习环节,学生在社区提交的技术方案通过审核后,可纳入“专家库”,优先获得项目合作机会。

针对企业需求,纵横网络靶场社区则提供“测试+培训+应急”的全周期服务。一方面,企业可借助靶场验证工业防火墙、IDS等安全产品有效性,或仿真勒索病毒、跨境数据泄露等场景,优化防护方案;另一方面,社区可根据企业需求定制线上培训,提升员工安全运维能力。

“未来,我们希望通过社区链接更多生态伙伴——让高校输出人才、让企业提出需求、让安全从业者贡献技术,形成‘产学研用’的良性循环。”烽台科技负责人表示。

AI赋能靶场建设 工业安全迈向协同发展

据了解,纵横网络靶场社区后续计划融入AI大模型与智能体技术,探索自然语言场景构建、自动化渗透测试、风险推演等功能,进一步降低使用门槛。同时,推动社区向开放生态方向发展,推动工业安全从“单点防御”走向“生态共防”。

随着工业信息安全纳入关键基础设施保障重点,公共实训、能力测评、攻防演练等基础服务需求将持续增长。以纵横网络靶场社区为代表的开放平台,能否走出可持续的社区化运营模式,为行业提供可复制的人才培养机制,仍有待时间检验。但可以确定的是,更开放、更实战、更协同,将成为工业信息安全能力建设的重要方向。

纵横网络靶场社区官网:www.game.fengtaisec.com免费注册体验!

胡金鱼

No Exploit Needed: How Attackers Walk Through the Front Door via Identity-Based Attacks

The Hackers News
3 weeks 5 days ago
The cybersecurity industry has spent the last several years chasing sophisticated threats like zero-days, supply chain compromises, and AI-generated exploits. However, the most reliable entry point for attackers still hasn't changed: stolen credentials. Identity-based attacks remain a dominant initial access vector in breaches today. Attackers obtain valid credentials through credential stuffing
The Hacker News

AI-Powered Exploitation May Collapse the Patch Window for Defenders

Cyber Security News
3 weeks 5 days ago

Artificial intelligence is reshaping cybercrime in ways that defenders can no longer treat as distant or theoretical. New frontier AI models are showing a growing ability to find software flaws, understand attack paths, and help move an intrusion from one stage to the next with far less human effort than before. This change matters because […]

The post AI-Powered Exploitation May Collapse the Patch Window for Defenders appeared first on Cyber Security News.

Tushar Subhra Dutta

CVE-2026-40496 | freescout-help-desk freescout up to 1.8.212 Attachments random values (GHSA-2783-wxmm-wmwr / EUVD-2026-24049)

Vuldb Updates
3 weeks 5 days ago
A vulnerability identified as problematic has been detected in freescout-help-desk freescout up to 1.8.212. Affected by this issue is some unknown functionality of the component Attachments Handler. This manipulation causes insufficiently random values. This vulnerability is handled as CVE-2026-40496. The attack can be initiated remotely. There is not any exploit available. You should upgrade the affected component.
vuldb.com

The US NSA is using Anthropic’s Claude Mythos despite supply chain risk

Security Affairs
3 weeks 5 days ago
Axios reports the National Security Agency uses Anthropic Mythos model despite Department of Defense concerns, blurring AI risk vs defense lines. The reported use of Anthropic’s Mythos model by the U.S. National Security Agency is a reminder that the line between AI as a defensive tool and AI as a security risk is getting harder […]
Pierluigi Paganini

12 Browser Extensions Mimic as TikTok Video Downloaders Compromised 130k Users

Cyber Security News
3 weeks 5 days ago

A massive malware campaign known as “StealTok” involves at least 12 interrelated browser extensions. These extensions masquerade as TikTok video downloaders but secretly track user activity and harvest sensitive data. The campaign uncovered by LayerX security has affected over 130,000 users worldwide, with approximately 12,500 installations still active across the Google Chrome and Microsoft Edge […]

The post 12 Browser Extensions Mimic as TikTok Video Downloaders Compromised 130k Users appeared first on Cyber Security News.

Abinaya

英国计划学校期间禁止使用手机

Solidot
3 weeks 5 days ago
英国计划禁止学生在校期间使用手机。政府计划修订《儿童福祉与学校法案(children’s wellbeing and schools bill)》,将学校手机禁令的指导意见变成具有法律效力的正式禁令。英国大部分学校已经制定政策禁止使用手机,数据显示 99.8% 的小学和 90% 的中学限制或禁止学生在校期间使用手机。《儿童福祉与学校法案》被视为英国数十年来最重要的儿童保护立法,其中包括对未入学儿童进行强制性登记、打击儿童社会福利领域的牟利行为,以及创建一个唯一标识符帮助相关机构追踪儿童福利状况等。

Google Patches Antigravity IDE Flaw Enabling Prompt Injection Code Execution

The Hackers News
3 weeks 5 days ago
Cybersecurity researchers have discovered a vulnerability in Google's agentic integrated development environment (IDE), Antigravity, that could be exploited to achieve code execution. The flaw, since patched, combines Antigravity's permitted file-creation capabilities with an insufficient input sanitization in Antigravity's native file-searching tool, find_by_name, to bypass the program's Strict
The Hacker News

Hackers Could Weaponize GGUF Models to Achieve RCE on SGLang Inference Servers

Cyber Security News
3 weeks 5 days ago

A critical vulnerability in the SGLang inference server that allows threat actors to execute arbitrary code. Tracked as CVE-2026-5760, this flaw allows hackers to weaponize standard GGUF machine learning models to compromise the underlying servers that host them. As enterprise artificial intelligence deployments grow, this discovery highlights the severe infrastructure risks posed by loading untrusted […]

The post Hackers Could Weaponize GGUF Models to Achieve RCE on SGLang Inference Servers appeared first on Cyber Security News.

Abinaya

CISA Warns Axios npm Package Was Compromised in Major Supply Chain Attack

Cyber Security News
3 weeks 5 days ago

The Cybersecurity and Infrastructure Security Agency (CISA) has released a critical alert regarding a severe software supply chain compromise. The attack targets Axios, a massively popular HTTP client for JavaScript that developers worldwide rely on for Node.js and browser environments. Supply chain attacks have become a top priority for security teams, as compromising a single […]

The post CISA Warns Axios npm Package Was Compromised in Major Supply Chain Attack appeared first on Cyber Security News.

Abinaya

Managed ad