Aggregator

阅读： 64月30日，第九届数字中国建设峰会期间，中国电信2026智能云生态大会隆重召开。大会由中国电信、中国电子、中国交建联合主办，国家

The seemingly innocuous download of a mobile game could culminate in a smartphone being compromised by sophisticated spyware.

The post Rigged Game: How North Korea’s ScarCruft Group Infiltrated a Gaming Platform to Deploy BirdCall Spyware appeared first on Penetration Testing Tools.

The novel Linux implant, Quasar Linux, poses a formidable threat not merely to individual workstations but to the

The post Quasar Linux (QLNX) Emerges to Subvert the Global Software Supply Chain appeared first on Penetration Testing Tools.

A contentious debate has emerged surrounding Google Chrome following reports of the surreptitious deployment of a substantial AI

The post The Invisible 4GB Update: Why Google Chrome is Secretly Loading Gemini Nano onto Your Hard Drive appeared first on Penetration Testing Tools.

Submit #777668 / VDB-361279

Adversaries no longer find it requisite to engineer sophisticated malware from its inception. Frequently, the appropriation of a

The post The Administrator’s Shadow: How Hackers Turned a Popular GitHub Utility into an Invisible C2 Backdoor appeared first on Penetration Testing Tools.

Submit #777662 / VDB-361278

Submit #777661 / VDB-361277

Submit #777660 / VDB-358753

Submit #777659 / VDB-361276

Submit #777658 / VDB-361275

Submit #777657 / VDB-361274

Submit #777656 / VDB-361273

Суд вынес приговор латвийскому переговорщику, который давил на жертв чужими секретами.

日产汽车将裁减欧洲员工的一成。英国工厂的2条生产线也将整合为1条。日产在接受采访时承认已开始与员工协商。日产将在包括英国、法国和西班牙在内的欧洲国家裁减九百名办公室员工。日产在全欧洲拥有约9300名员

梳理MCP从兴起到生产的发展过程，解析工程痛点与安全风险

A critical vulnerability has been identified within the ubiquitous Apache web server, potentially facilitating the complete compromise of

The post Emergency Patch: Critical RCE Vulnerability in Apache HTTP Server 2.4.67 Threatens Millions of Systems appeared first on Penetration Testing Tools.

本文链接

本文档由澳大利亚、美国、加拿大、新西兰及英国等多国国家级网络安全机构联合发布，旨在为政府、关键基础设施及行业企业提供智能体AI（Agentic AI）安全采用的权威指南。智能体AI基于大语言模型，具备自主推理、规划与执行能力，但其高度的自主性与复杂的系统架构显著扩大了攻击面，引入了权限滥用、目标错位、行为不可预测、结构耦合及问责困难等新型安全风险。

指南系统梳理了智能体AI在设计、开发、部署与运营全生命周期中的安全挑战，并提出分层防御最佳实践。核心建议包括：严格遵循最小权限与零信任原则，强化细粒度身份管理；实施纵深防御与环境隔离；完善输入验证、第三方组件审查与持续监控机制；在高风险流程中强制保留“人在回路”监督；并通过威胁建模、红队演练与动态评估提升系统韧性。文档强调，组织应将AI安全深度融入现有网络安全框架，仅将其用于低风险任务，采取渐进式部署策略，优先保障系统的可观测性、可逆性与风险可控性，在安全可控的前提下推进技术落地。

阅读： 94月27日至28日，由绿盟科技集团、北京绿盟公益基金会举办的第二届绿盟公益日活动在北京总部及成都、武汉、西安研发中心同步举行。为期两天的公益活动中，全员

A malicious PyTorch Lightning update (v2.6.3) on PyPI spread briefly, stealing credentials and raising major concerns about AI supply chain security. A malicious update of the PyTorch Lightning library exposed developers to credential theft and remote compromise. Attackers uploaded version 2.6.3 to the Python Package Index (PyPI), where it spread among developers before maintainers removed […]