Aggregator

这才是 AI 编程的真正秘密

根据国家信息安全漏洞库（CNNVD）统计，本周（2026年3月9日至2026年3月15日）安全漏洞情况如下

威胁猎人研究发现，黑产针对消费贷领域骗贷手法呈现显著升级：从以往依赖技术伪造的纯虚假包装，正规模化转向采用真实数据包装，即通过真实补缴等方式大幅提升欺诈行为的仿真度。

FlowMouse - 心流鼠标手势 正式上架 火狐应用商店 Firefox Add-ons： https://addons.mozilla.org/zh-CN/firefox/addon/flowmouse/ 如果您喜欢，不妨在商店点亮五星，为我们注入前进的动力； 如果您遇到问题，欢迎留言提出反馈，帮我们找到完善的方向。 Ps：Edge商店上架正在审核中，Chrome商店更新新版也在审核中，即将推出。

Microsoft Detection and Response Team details a sophisticated voice phishing (vishing) campaign that successfully compromised a corporate environment in November 2025. Unlike conventional intrusions that rely on software exploits, this attack weaponized trust, collaboration platforms, and built-in Windows tooling to gain initial access. The threat actor initiated the campaign by impersonating IT support personnel through […]

The post Microsoft Teams Support Call Leads to Quick Assist Compromise in New Vishing Attack appeared first on Cyber Security News.

Currently trending CVE - Hype Score: 4 - The Mirai botnet through 2024-08-19 mishandles simultaneous TCP connections to the CNC (command and control) server. Unauthenticated sessions remain open, causing resource consumption. For example, an attacker can send a recognized username (such as root), or can send arbitrary ...

A vulnerability categorized as problematic has been discovered in TRENDnet TEW-824DRU 1.010B01/1.04B01. The impacted element is the function sub_420A78 of the file apply_sec.cgi of the component Web Interface. Such manipulation of the argument Language leads to cross site scripting. This vulnerability is referenced as CVE-2026-4354. It is possible to launch the attack remotely. Furthermore, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability identified as critical has been detected in Oracle Edge Cloud Infrastructure Designer. Affected by this vulnerability is an unknown functionality of the component Desktop. The manipulation leads to Remote Code Execution. This vulnerability is referenced as CVE-2026-21994. Remote exploitation of the attack is possible. No exploit is available.

A vulnerability has been found in Cloudfoundry Cloud Foundry up to 1.226.0 and classified as critical. The affected element is an unknown function. This manipulation causes missing authentication. This vulnerability is registered as CVE-2026-22727. The attack requires access to the local network. No exploit is available.

嗯，用户让我帮忙总结一下这篇文章的内容，控制在100个字以内。首先，我需要仔细阅读文章的标题和内容。标题提到AI支出即将达到2.5万亿美元，而连接这些AI的网络成为了最薄弱的一环。接着，文章讨论了零信任Overlay网络如何解决分布式AI基础设施的安全和连接问题。 好的，用户的需求是用中文总结，而且不需要特定的开头，直接写描述。我得确保内容准确且简洁。可能需要涵盖AI支出增长、网络问题以及零信任解决方案这几个关键点。 然后，我应该注意字数限制，确保不超过100个字。可能需要精简语言，去掉不必要的细节。例如，“As AI spending races toward $2.5 trillion”可以简化为“随着AI支出接近2.5万亿美元”。 接下来，思考如何将这些信息连贯地表达出来。首先说明AI支出的增长情况，然后指出网络成为薄弱环节，最后介绍零信任Overlay网络的作用。 最后，检查一下是否符合要求：中文、简洁、100字以内，并且没有使用特定的开头词。确保所有关键点都涵盖在内，并且表达清晰。 随着AI支出接近2.5万亿美元,支撑其运行的网络成为最薄弱环节。零信任Overlay网络通过增强安全性和优化连接性,有效应对分布式AI基础设施面临的挑战。

Siemensから各製品向けのアップデートが公開されました。

Cancer research and treatment innovation - and the tech that powers that - requires a great deal of collaboration and data sharing among multiple parties. But keeping that sensitive information secure and private is crucial - and requires adherence to standards, said Baxter Lee of Clearwater.

Dell's AI Blueprint for Identity, Agents and Agentic Infrastructure
Going all-in on AI with a top down strategy and a ravenous appetite for innovation has helped Dell transform its operations and grow revenue by $30 billion, and the company's evolution lays out a blueprint for how CIOs should think about building infrastructure for AI and managing an army of agents.

Startup Native Targets Enterprise Policy-to-Architecture Gap Across Clouds
Startup Native emerged from stealth with $42 million to advance a proactive cloud security model that enforces policy-driven controls, helping enterprises manage AI-driven threats and maintain consistent protections across complex multi-cloud environments.

AI, Robotics Leaders Warn Chinese Robots Could Disrupt Sensitive Operations
Witnesses told a U.S. House Homeland Security panel that Chinese-developed AI robotics platforms could give Beijing new avenues for surveillance, disruption and physical harm across critical sectors, and urged restrictions on federal use as China expands its industrial dominance.

Chinese Hacking Firm iSoon and Iran's Emennet Pasargad Among Targets
The European Union sanctioned three Chinese and Iranian hacking operations that have been under U.S. indictments or sanctions for over a year - or, in one case, since 2019. The sanctions freeze assets and forbid EU citizens and companies from funding or otherwise doing business with the targets.

Hitachi Energyが提供する複数の製品には、セキュリティ関連の処理に対するレスポンスの違いに起因する情報漏えいの脆弱性が存在します。

A vulnerability has been found in Linux Kernel up to 6.17.10 and classified as critical. This impacts the function xsk_cq_submit_addr_locked of the component xsk. The manipulation leads to null pointer dereference. This vulnerability is listed as CVE-2025-40290. The attack must be carried out from within the local network. There is no available exploit. The affected component should be upgraded.