Aggregator

System Center Configuration Manager (SCCM) 作为企业级内网的“总调度站”，其强大的自动化运维能力在安全视角下是一把双刃剑。一旦攻击者通过渗透手段介入 SCCM 控制链，其攻击面将覆盖从单一终端到整个域环境的资产

分析SpeculativeDecoding和MoE推理加速机制如何将输入相关控制流外显为可观测元数据，导致提示词指纹识别、语义推断与路由泄露等新型侧信道攻击。

大型语言模型（LLMs）凭借其出色的零样本推理能力和强大的语义理解能力，为恶意软件检测领域带来了新的希望。然而，将 LLMs 直接应用于 Android 恶意软件检测时，却面临着两大核心挑战：一是 Android 应用中海量的支持代码远超 LLMs 的上下文窗口限制，使得恶意行为在良性功能中难以被识别；二是 Android 应用复杂的程序结构和组件间依赖关系，超出了 LLMs 基于序列的推理能力，

以 CVE-2020-0668 为例，分析 Windows 服务因 LoadLibraryEx 调用不规范导致的 DLL 劫持漏洞。

Langflow SSRF 服务器端请求伪造漏洞(CVE-2025-68477)

【热点研判】泰国2026大选民粹与民族主义交织，政坛再洗牌或影响中泰关系走向（资料编码260204531，1

2025年的美国情报界正在发生一场静悄悄的变革。为了应对日益激烈的人才竞争和瞬息万变的技术环境，CIA、NSA等情报机构正从培养机制到薪酬体系进行全面升级。

A vulnerability was found in Six Apart Movable Type, Movable Type Advanced and Movable Type Premium 8.4. It has been rated as critical. This affects an unknown function. Performing a manipulation results in csv injection. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability was named CVE-2026-24447. The attack may be initiated remotely. There is no available exploit.

A vulnerability was found in Six Apart Movable Type, Movable Type Advanced and Movable Type Premium 8.4. It has been declared as problematic. The impacted element is an unknown function of the component Export Sites. Such manipulation leads to cross site scripting. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is uniquely identified as CVE-2026-22875. The attack can be launched remotely. No exploit exists.

A vulnerability was found in Six Apart Movable Type, Movable Type Advanced and Movable Type Premium 8.4. It has been classified as problematic. The affected element is an unknown function of the component Edit Comment Handler. This manipulation causes cross site scripting. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is handled as CVE-2026-21393. The attack can be initiated remotely. There is not any exploit available.

A vulnerability was found in Six Apart Movable Type, Movable Type Advanced and Movable Type Premium 8.4 and classified as critical. Impacted is an unknown function. The manipulation results in unrestricted upload. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is known as CVE-2026-23704. It is possible to launch the attack remotely. No exploit is available.

Detectify has launched Internal Scanning, a solution that eliminates the visibility gap between external perimeters and internal environments, allowing security teams to discover and remediate vulnerabilities behind the firewall with the same speed and precision they apply to external assets. Organizations have been considering the internal network as a safe room. Detectify challenges this dangerous courtesy: compromised endpoints and lateral movement have turned internal-facing apps (like staging environments and admin panels) into prime targets. Internal … More →

The post Detectify Internal Scanning finds and fixes vulnerabilities behind the firewall appeared first on Help Net Security.

检测业务是否受到此漏洞影响，请联系长亭应急服务团队！

AI boosts productivity, but weak data governance and shadow AI are expanding the enterprise attack surface.

The post AI is Supercharging Work…and Your Attack Surface appeared first on Security Boulevard.

进入 2026 年，勒索软件仍然是制造业面临的最严峻网络安全威胁之一。

Проект AdBoost на GitHub пытается высмеять современный интернет.

美国零售业巨头沃尔玛市值周二突破 1 万亿美元，跻身科技巨头主导的“万亿美元市值俱乐部”。万亿美元市值俱乐部以英伟达 4.4 万亿美元居首，之后是苹果、微软、亚马逊、Alphabet 和博通，非科技公司包括了 Berkshire Hathaway 和沙特阿美。沃尔玛股价今年以来持续上涨，涨幅超过了标普 500 指数。沃尔玛成立于 1962 年，在全球有近 1.1 万家门店。

Microsoft has warned that information-stealing attacks are "rapidly expanding" beyond Windows to target Apple macOS environments by leveraging cross-platform languages like Python and abusing trusted platforms for distribution at scale. The tech giant's Defender Security Research Team said it observed macOS-targeted infostealer campaigns using social engineering techniques such as ClickFix since

In the rapidly changing landscape of cybersecurity, AI agents present both opportunities and challenges. This article examines the findings from Darktrace’s 2026 State of AI Cybersecurity Report, highlighting the benefits of AI in enhancing security measures while addressing concerns regarding AI-driven threats and the need for responsible governance.

The post Navigating the AI Revolution in Cybersecurity: Risks, Rewards, and Evolving Roles appeared first on Security Boulevard.