良性首发-信任积累-更新投毒:GlassWorm 恶意软件通过 73 个 OpenVSX "沉睡者"扩展卷土重来
GlassWorm 威胁活动近期在 OpenVSX 开源扩展生态中爆发新一轮大规模供应链攻击。根据 Socket 安全团队及多方情报交叉验证,攻击者于 2026 年 4 月向 OpenVSX 注册中心提交了 73 个"休眠(Sleeper)"恶意扩展,紧随 3 月份 72 个恶意包的第二波攻势。
Aggregator
Невидимые состояния, которые ломали квантовую физику, наконец заговорили
1 month 3 weeks ago
Их нельзя было увидеть, поймать и включить. Теперь можно всё три.
诚邀渠道合作伙伴共启新征程
1 month 3 weeks ago
抽奖啦 | 五一遇五四 好运不缺席
1 month 3 weeks ago
抽奖啦 | 五一遇五四 好运不缺席
SLH
1 month 3 weeks ago
You must login to view this content
cohenido
The Gentleman
1 month 3 weeks ago
You must login to view this content
cohenido
The Gentleman
1 month 3 weeks ago
You must login to view this content
cohenido
The Gentleman
1 month 3 weeks ago
You must login to view this content
cohenido
The Gentleman
1 month 3 weeks ago
You must login to view this content
cohenido
The Gentleman
1 month 3 weeks ago
You must login to view this content
cohenido
The Gentleman
1 month 3 weeks ago
You must login to view this content
cohenido
The Gentleman
1 month 3 weeks ago
You must login to view this content
cohenido
AI安全岗上新|字节/平安/安克等大厂直推(含实习岗)
1 month 3 weeks ago
速看!大厂AI安全岗,正式岗+实习岗都有,先到先推!
AI Red Teaming Is Not Equal to Prompt Injection
1 month 3 weeks ago
Why AI and Traditional Penetration Testing Must Converge
As artificial intelligence red teaming evolves beyond prompt injection, security teams must combine data science, model testing and traditional penetration testing to assess risks across the full attack surface.
As artificial intelligence red teaming evolves beyond prompt injection, security teams must combine data science, model testing and traditional penetration testing to assess risks across the full attack surface.
Home Security Firm ADT Breach: 5.5M Customers' Data Exposed
1 month 3 weeks ago
Prolific ShinyHunters Extortion Group Made 'Pay or Leak' Threat to Victim
Home security giant ADT has suffered a data breach that appears to have exposed personally identifiable information tied to 5.5 million customers. Prolific extortionist group ShinyHunters claimed credit for the attack, saying it stole Salesforce data after socially engineering an ADT employee.
Home security giant ADT has suffered a data breach that appears to have exposed personally identifiable information tied to 5.5 million customers. Prolific extortionist group ShinyHunters claimed credit for the attack, saying it stole Salesforce data after socially engineering an ADT employee.
Crypto-Targeting North Koreans Wield Fake Zoom Meetings
1 month 3 weeks ago
Video of Industry Figures Harvested During Meetings and Used to Lure Future Victims
North Korean hackers are pretending to be cryptocurrency insiders, in an attempt to trick targets into accepting Calendly calendar invites. The social engineering ruse is designed to infect Windows and macOS systems with crypto stealers, and to harvest video of real-life people for future lures.
North Korean hackers are pretending to be cryptocurrency insiders, in an attempt to trick targets into accepting Calendly calendar invites. The social engineering ruse is designed to infect Windows and macOS systems with crypto stealers, and to harvest video of real-life people for future lures.
Medical Device Maker Medtronic Says It's Been Hacked
1 month 3 weeks ago
Cybercrime Gang ShinyHunters Claimed to Steal 9M Records
Medtronic has told federal authorities that cybercriminals hacked its corporate IT systems, but said the incident did not affect the medical device makers' products, manufacturing or distribution operations. Cybercrime gang ShinyHunters reportedly claimed responsibility for the hack.
Medtronic has told federal authorities that cybercriminals hacked its corporate IT systems, but said the incident did not affect the medical device makers' products, manufacturing or distribution operations. Cybercrime gang ShinyHunters reportedly claimed responsibility for the hack.
Pentagon's Anthropic Fight Draws Rebuke From Ex-DOD Leaders
1 month 3 weeks ago
Former Officials, Tech Groups Say Anthropic Designation Is Illegal - and Dangerous
Former U.S. defense and intelligence officials argue the Pentagon's designation of Anthropic as a supply-chain risk was politically motivated and legally flawed, warning it could erode trust in government contracting and weaken the defense AI ecosystem.
Former U.S. defense and intelligence officials argue the Pentagon's designation of Anthropic as a supply-chain risk was politically motivated and legally flawed, warning it could erode trust in government contracting and weaken the defense AI ecosystem.
Пароли, cookies, сессии Telegram и seed-фразы. Рассказываем о новой платформе для преступников Needle
1 month 3 weeks ago
Файл размером всего 11 килобайт скрывал в себе мощнейшую платформу для тотального взлома.
[指南]联合国教科文组织《法院和法庭使用人工智能系统指南》
1 month 3 weeks ago
人工智能正在改变全球司法系统,为提升司法进程、简化案件管理并协助司法决策提供了新可能。然而,这些创新也带来了复杂的伦理和人权挑战。