Aggregator

41国4000余人参演：北约“锁定盾牌”演习模拟抵御8000次网络攻击

重新定义网络武器的利用

Originally published at DKIM2 Explained: What’s Changing and What to Do by Hagop K..

Our team was at a deliverability summit where ...

The post DKIM2 Explained: What’s Changing and What to Do appeared first on EasyDMARC.

The post DKIM2 Explained: What’s Changing and What to Do appeared first on Security Boulevard.

In addition to the southbound management feature for log reception, the BSA also provides a northbound interface that enables data export and query functions. So, how can you make proper use of these features? Let’s find out together below! 1. Function Introduction  The northbound interface is the interaction interface between BSA and the northbound system. […]

The post BSA Northbound Interface – Introduction of Interface Instance Functions appeared first on NSFOCUS.

The post BSA Northbound Interface – Introduction of Interface Instance Functions appeared first on Security Boulevard.

Кто на самом деле контролирует информацию, если интернет прилетает из космоса?

Apr 28, 2026 - Lina Romero - What the EU AI Act demandsThe EU AI Act classifies AI according to risk. Unacceptable risk is prohibited outright. High-risk AI systems are heavily regulated. Limited-risk systems face transparency obligations. The majority of obligations fall on providers, though deployers carry meaningful obligations too. If your organisation builds AI, buys AI, or integrates AI into operational processes, the Act applies to you. If your systems serve EU users and you are headquartered outside the EU, it still applies to you.For high-risk AI systems, providers must establish a risk management system throughout the system's lifecycle, conduct data governance to ensure training and testing datasets are relevant and representative, produce technical documentation demonstrating compliance, design systems to allow for human oversight, and achieve appropriate levels of accuracy, robustness, and cybersecurity. The Act treats security as foundational to compliance.The compliance gap is a security gapMost organisations approaching the EU AI Act treat it as a governance and legal challenge. They produce AI registers, draft risk classification matrices, and build working groups. That work has value. But it systematically misses the deeper problem.The compliance gap is a security gap. The same reasons that make AI systems hard to secure are the reasons they are hard to govern. You cannot log what you cannot see. You cannot classify what you have not discovered. And you cannot demonstrate to a regulator that your controls are working if those controls only exist as policies on paper.More than 80% of employees use AI tools that have not been approved by their organisation. The AI systems that appear in your register and the AI systems that are actually operating in your environment are different populations. Shadow AI is the dominant reality of how AI is being adopted at scale. Any compliance program that relies on self-reporting to build its inventory has already accepted an undercount of its exposure.The logging mandate is a technical obligationArticle 12 of the EU AI Act requires that high-risk AI systems technically allow for the automatic recording of events over the lifetime of the system. Technically means the capability must be built into or applied to the system itself. Automatic means logs are generated without operator intervention at the moment events occur. Lifetime means from deployment to decommissioning.Article 26 requires automatically generated logs to be retained for a minimum of six months. The organisations that will be best positioned when enforcement begins are not the ones that start building logging infrastructure in July 2026. They are the ones generating six months of compliant, continuous, tamper-evident logs already. If you wait till the enforcement date, you are already behind.Prohibited practices are already enforceableThe prohibited AI practices under Chapter II became enforceable in February 2025. However, the enforcement deadline that most organisations are focused on is August 2026. Compliance with the prohibited practices provisions is a matter of ensuring that systems do not drift into prohibited behaviour. A system that was not designed to manipulate can evolve into one that does. Detecting that change requires continuous behavioural monitoring.‍The GDPR parallelOrganisations that lived through GDPR's May 2018 enforcement date will recognise what is coming. In the months before that deadline, many organisations had produced detailed documentation: data processing registers, privacy notices, breach notification procedures. On paper, they were prepared. In practice, many discovered that their processes did not work, their data maps were incomplete, and their policies had never been technically enforced.The organisations that struggled most under GDPR were those that had treated compliance as a documentation exercise rather than an operational transformation. The EU AI Act presents the same dynamic, with two important differences. 1. Its technical obligations are more demanding than GDPR's2. Its fine structure is more severe. Violations of the prohibited practices provisions can be more expensive than even the most serious GDPR breaches.What closing the gap requiresBridging the EU AI Act compliance gap requires a shift from periodic assurance to continuous control and continuous automated discovery of AI usage across cloud infrastructure, browser-based activity, and application-layer integrations. You need to know about every AI system in your environment, including the ones nobody approved.It requires automated risk classification that maps discovered systems against the Act's risk tiers in real time — not at the next quarterly audit cycle. The Act's obligations follow from classification, so classification needs to be live.It requires centralised logging that captures every relevant interaction with high-risk AI systems automatically, retains logs for the mandated minimum of six months, and makes those logs available for regulatory review on demand.It requires real-time behavioural monitoring that detects patterns approaching prohibited practice thresholds, anomalous outputs that may signal misuse, and adversarial inputs designed to subvert system behaviour.And it requires technical policy enforcement at the point of use. A governance policy that prohibits certain AI uses but has no technical mechanism preventing them is not a control.The question that mattersThe question is not whether you have completed your AI Act checklist. It is whether you could answer a regulator's questions about your AI systems today, and whether the infrastructure you have built is capable of answering those questions six months from now.If the answer is uncertain, the gap is real. And the time to close it is before enforcement, not after.Need help with your compliance? FireTail is here: https://www.firetail.ai/schedule-your-demo

The post Bridging the EU AI Act Compliance Gap – FireTail Blog appeared first on Security Boulevard.

WAF 说绕也就绕了！

aerleon Generate firewall configs for multiple firewall platforms from a single platform-agnostic configuration language through a command line

The post aerleon: Generate firewall configs for multiple firewall platforms appeared first on Penetration Testing Tools.

After addressing a widespread outage that affected Outlook.com users worldwide on Monday, Microsoft has asked iPhone users to re-enter their credentials to regain access to their Outlook and Hotmail accounts via the default Mail app. [...]

За год (с марта по март) россияне загрузили VPN-приложения более 35,7 миллиона раз.

检测业务是否受到此漏洞影响，请联系长亭应急服务团队！

The National Cyber Security Centre has warned against measuring SOCs with ticket-based metrics

韩国三星电子计划 2026 年内撤出在中国的家电和电视销售。由于中国企业的崛起，该业务的收益持续低迷。将把该业务的重心转向表现强劲的美国。三星电子最快将在 4月 底最终决定停止在中国国内的家电和电视销售，将开始向当地员工和合作伙伴展开说明，将逐步处理中国国内的库存，2026 年内完全结束销售。该公司将把经营资源转向半导体和智能手机的销售。三星在中国生产冰箱和洗衣机等产品，将维持这些产品的生产体制。在结束向中国国内出货的同时，转为面向海外的供应基地。

顶尖AI安全红队亲自传授秘籍，HPW2026，所有议题一次解锁!

A major software supply chain attack has compromised the popular Python package elementary-data, exposing thousands of developers to massive credential theft. Threat actors successfully pushed a malicious version, 0.23.3, to the Python Package Index (PyPI) and poisoned the matching Docker images on the GitHub Container Registry (GHCR). With over one million monthly downloads, this widely used dbt […]

The post Popular PyPI Package With 1 Million Monthly Downloads Hacked to Inject Malicious Scripts appeared first on Cyber Security News.

网易运营的《暗黑破坏神 IV》国服限时一个月免费，领取需要实名——网易邮箱账号或手机号码。《暗黑破坏神 IV》于 2023 年 6 月 5 日发布，故事时间为《暗黑破坏神 III》的 50 年后，玩家可以自由选择游玩每个区域的顺序，在开放世界中体验旅途。本作中共有五张地图：黑暗森林索格伦、冰天山地裂峰山、无边沙漠干燥平原、毒雾沼泽哈维萨和堡垒废墟凯基斯坦。国服是在 2025 年 12 月 12 日正式上线，免费的是基础版本，扩展内容需要付费购买。

Хакер-самоучка тестирует инструмент для угона аккаунтов.

Submit #803019 / VDB-359941

Submit #803018 / VDB-359940