Aggregator

Courts are starting to question how platforms are built, not just what’s posted.

The post Landmark verdicts put Meta’s “addiction machine” platforms on trial appeared first on Security Boulevard.

Хакеры нашли дыру в защите, которую никто не додумался закрыть.

Reddit is introducing changes to support interactions between people. The company is taking a bottom-up approach to help users understand when they are engaging with another person unless an account is labeled otherwise. Reddit plans to verify that users are human without requiring disclosure of real-world identity. How does it work Verified profiles for brands, publishers, and creators launched in late 2025 to help their content gain acceptance in relevant communities. The next step is … More →

The post Reddit declares war on bad bot activity appeared first on Help Net Security.

A large-scale magecart operation remained active for over 24 months, leveraging an infrastructure of 100+ domains. While the targeted victims are e-commerce websites, the actual pressure falls on banks and payment systems. As ANY.RUN’s analysis shows, threat actors applied multi-step checkout hijacking, payment page mimicry, and WebSocket-based exfiltration of card data.  This report provides both executive-level insights and technical analysis of the campaign.  Key Takeaways  Campaign Overview  A […]

The post Active Magecart Campaign Targets Spain, Steals Card Data via Hijacked eStores for Bank Fraud  appeared first on ANY.RUN's Cybersecurity Blog.

本文不仅帮助读者更清楚地理解自动化TTP抽取领域的主要方法路线，也提醒研究者：这一方向未来的突破，可能不仅依赖更强的模型能力，也依赖更高质量的数据和更合理的任务定义。

速修复

速修复

近期，Apifox遭遇供应链投毒攻击，攻击者篡改了Apifox官方CDN上的动态JS文件，在大量开发者电脑上植入隐蔽后门，最终可实现凭证窃取和远程命令执行等恶意功能。此次攻击影响公网SaaS版桌面客户端（Electron 框架），Web版和私有化部署版不受影响。

在宁德时代和长安发布首款搭载钠离子电池的量产电动汽车后，北汽宣布了它的极光钠离子电池原型。钠离子电池成本比锂离子电池低，对原材料的价格不那么敏感，宁德时代、比亚迪等都在押注钠离子电池以应对不断上涨的锂材料价格。北汽称其钠离子电池能在 -40°C 至 60°C 内稳定工作，-20°C能量保持率超 92%，电芯能量密度 170Wh/kg，充电仅需 11 分钟，搭载该电池的 CLTC 汽车续航里程可达 450 公里。

官方称在完成安全检查前不会恢复

Agentic AI成为最热门主题

Google is preparing for the quantum era, a turning point in digital security, with a 2029 timeline for post-quantum cryptography (PQC) migration. Security professionals warn that current encryption could be broken by large-scale quantum computers in the coming years. This risk is already relevant due to store-now-decrypt-later attacks. Google says organizations should adopt NIST-developed PQC standards before large-scale, fault-tolerant quantum computers become a reality. “That’s why we’ve adjusted our threat model to prioritize PQC migration … More →

The post Google races to secure encryption before quantum threats arrive appeared first on Help Net Security.

The National Crime Agency has warned construction firms about surging invoice fraud

Кто попал в перечень главных врагов нового отдела Госдепа.

2026年3月25日，APIFox 团队发布安全公告，承认其公网 SaaS 版桌面客户端遭遇供应链攻击。

2026年3月24日，Python 生态最热门的 LLM 网关库 LiteLLM 遭遇供应链投毒攻击。

核心聚焦于助力学员轻松掌握从内核态隐藏 frida 的技术，且全程无需重新编译内核。

开发者连接钱包即被盗

看雪论坛作者ID：拉不利多

OpenAI has announced the launch of a public Safety Bug Bounty program to identify AI abuse and safety risks across its products. Hosted on Bugcrowd, the new initiative marks a significant step in the company’s efforts to address vulnerabilities that fall outside the scope of traditional security flaws but still pose real-world harm potential. The […]

The post OpenAI Launches AI Safety Bug Bounty to Detect AI-Specific Vulnerabilities appeared first on Cyber Security News.