Aggregator

На Open Conf 2026 компания представила свое видение архитектуры сетевого доверия

暗影安全，涉及国际化大型网络安全测评项目，现因重点项目攻坚需求，紧急寻购一批企业级防火墙及 VPN 设备的高价

阿里巴巴发布了优化运行国产大模型的 RISC-V 服务器芯片玄铁 C950，原生支持 Qwen3、DeepSeek V3 等千亿参数大模型。阿里巴巴称玄铁 C950 单核通用性能在 Specint2006 基准测试中突破 70 分，刷新了全球 RISC-V 性能纪录。Google 研究员 Laurie Kirk 称玄铁 C950 的性能与苹果在 2020 年发布的 M1 芯片差不多。玄铁 C950 实现了 2025 年发布的 RISC-V RVA v23.1。该芯片使用 5 纳米工艺制造。

The Federal Communications Commission (FCC) announced a major update to its Covered List, officially prohibiting the approval of new consumer-grade network routers produced in foreign countries. This regulatory action prevents these new devices from entering the United States market by denying them the required FCC equipment authorization. The decision stems from a determination by a […]

The post FCC Banned Foreign-made Consumer Routers Over Security Risks appeared first on Cyber Security News.

一、概述

近日，工作中监测到 Apifox 文件存在被投毒情况。

Apifox 是一款 API 一体化协作平台，其桌面端应用基于 Electron 框架开发，提供 Windows、macOS、Linux 三平台客户端。因未严格启用 sandbox 参数，并暴露了 Node.js 的 API 接口，导致攻击者可通过 JS 控制 Apifox 的终端——三个平台均受影响。

Apifox 在启动过程中会加载：

hxxps://cdn[.]apifox[.]com/www/assets/js/apifox-app-event-tracking.min.js

该文件正常大小为 34KB，但在 3 月 4 日之后可能会请求到被投毒的版本（77KB）。被投毒的 JS 文件会动态加载 hxxps://apifox[.]it[.]com/public/apifox-event.js（该域名非官方域名），在满足特定条件下加载攻击载荷，采集主机系统环境和敏感信息（SSH 密钥、Git 凭证、命令行历史、进程列表），上报到 hxxps://apifox[.]it[.]com/event/0/log。后续攻击者会控制主机拉取执行后门程序，并尝试发起横向攻击，控制更多有价值目标。

目前入口文件已被还原，仅在 Wayback Machine 存档中可见投毒版本。

Новый инструмент Google Threat Intelligence анализирует 10 млн публикаций в даркнете.

ProfileHound is a post-escalation tool to help find and achieve red-teaming objectives by locating domain user profiles on

The post Beyond the Active Session: Hunting Offline Secrets with ProfileHound’s New Graph Edge appeared first on Penetration Testing Tools.

A widely used open-source Python library was compromised on the Python Package Index (PyPI). Versions 1.82.7 and 1.82.8 of the package, which route requests across various LLM providers and have over 95 million monthly downloads, were found to contain a sophisticated backdoor by security vendors Endor Labs and JFrog. The malicious code was injected directly into the […]

The post LiteLLM Python Package With 95 Million Downloads Compromised by TeamPCP Hackers appeared first on Cyber Security News.

LiteLLM 项目维护者账号被盗，黑客向 PyPI 软件库发布了两个嵌入恶意代码的版本 v1.82.7 和 v1.82.8。恶意代码旨在窃取凭证，包括 SSH 密钥、云服务凭证、加密钱包等。任何安装了恶意版本的用户需要立即检查是否遭到入侵。恶意文件 litellm_init.pth 会在每次 Python 进程启动时自动执行。项目维护者称账号被盗源于刚刚爆出的 trivy 漏洞，恶意版本都已从 PyPI 上移除，所有维护者帐户都已更改。

Occasionally, a malicious campaign is betrayed not by labyrinthine code, but by a minuscule detail. Within the nascent

The post The Bot Numerology: How “stager_51_bot” Unmasked MuddyWater’s Global LampoRAT Campaign appeared first on Penetration Testing Tools.

The United States has resolved to exert vastly more stringent dominion over one of the most ubiquitous elements

The post The Gateway Lockdown: FCC Bans New Foreign Routers as Texas Declares War on TP-Link appeared first on Penetration Testing Tools.

Microsoft has definitively shuttered a straightforward avenue for awakening a clandestine feature within Windows 11 that substantially accelerated

The post The Performance Lockdown: Microsoft Blocks the Registry Hack for Faster Windows 11 SSDs appeared first on Penetration Testing Tools.

An unidentified entity has unleashed upon GitHub a nascent iteration of DarkSword—a formidable cybernetic armament that, merely a

The post The “DarkSword” Leak: How a State-Grade iPhone Cyberweapon Ended Up on GitHub for Anyone to Use appeared first on Penetration Testing Tools.

The U.S. Federal Communications Commission (FCC) said on Monday that it was banning the import of new, foreign-made consumer routers, citing "unacceptable" risks to cyber and national security. The action was designed to safeguard Americans and the underlying communications networks the country relies on, FCC Chairman Brendan Carr said in a post on X. The development means that new models of

An ordinary hyperlink to an AI chat may easily masquerade as a treacherous snare. The vanguard at Oasis

The post Claudy Day: The Invisible Chain That Turned Claude.ai into a Silent Data Harvester appeared first on Penetration Testing Tools.

The kinetic strike commenced with a sensational headline heralding a “leaked video” and culminated in clandestine dominion over

The post The Gaddafi Lure: How a “Leaked Video” Led to the Clandestine Hijacking of Libya’s Oil Giant appeared first on Penetration Testing Tools.

数千个AI项目、数十万台设备受影响

Новые формулы 2026 года превратили «изящную гипотезу» в чертеж реальности.

In the nascent days of February, several institutions across the United States, Israel, and Canada imperceptibly surrendered dominion

The post The Silent Siege: How MuddyWater’s “Dindoor” Backdoor Infiltrated Critical Western Infrastructure appeared first on Penetration Testing Tools.