Aggregator

一年一度的两会，是观察国家政策走向的重要窗口。2026年政府工作报告已经新鲜出炉，其中关于网络安全的表述，字字千钧。今天，我们就来深度拆解这份报告背后的安全信号。本次报告明确提出：“健全数据要素基础制度，强化数据安全与个人信息保护，完...

一年一度的两会，是观察国家政策走向的重要窗口。2026年政府工作报告已经新鲜出炉，其中关于网络安全的表述，字字千钧。今天，我们就来深度拆解这份报告背后的安全信号。本次报告明确提出：“健全数据要素基础制度，强化数据安全与个人信息保护，完...

一年一度的两会，是观察国家政策走向的重要窗口。2026年政府工作报告已经新鲜出炉，其中关于网络安全的表述，字字千钧。今天，我们就来深度拆解这份报告背后的安全信号。本次报告明确提出：“健全数据要素基础制度，强化数据安全与个人信息保护，完...

全球网络安全产业迈入智能体新时代，AI成为核心驱动力

利用codeQL自动化寻找反序列化链，借此利用于myfaces框架的反序列化漏洞

A large-scale malware delivery campaign has been targeting developers, gamers, and general users through fake tools hosted on GitHub, Netskope researchers have warned. These “lures” are highly polished and appear legitimate, occasionally mimicking real projects, thus making them difficult to distinguish from safe software. A dual-component trojan is delivered Netskope threat researchers first discovered a trojanized GitHub repository ostensibly offering a Docker image of the OpenClaw AI assistant. The repo was very convincing. “The README … More →

The post GitHub-hosted malware campaign uses split payload to evade detection appeared first on Help Net Security.

SecurityScorecard has introduced TITAN AI to automate third-party risk management, replacing manual processes with continuous, AI-driven intelligence. TITAN AI is built on top of SecurityScorecard’s Ratings and TPRM platform with AI-driven technology and enhanced threat intelligence, delivering a powerful solution built for the demands of today’s risk landscape. With TITAN AI, organizations will be able to automate the majority of the work traditionally required to manage vendor risk. TPRM, security, and risk teams will reclaim … More →

The post SecurityScorecard automates third-party risk management with TITAN AI appeared first on Help Net Security.

今年 3 月起，NVIDIA 将面向科创企业在全国陆续启动一系列企业展示活动，活动形式将包含路演，展位展示及大企业对接等多种形式。

【北京站】 4 月 23 日 北京站将深度解析 GTC2026 精彩内容和发布，聚焦物理AI、AI智能体、大语言模型应用等领域,探索 AI 的下一个篇章。参与形式包括：路演、展示、大企业和技术对接等。
【成都站】 5 月 15 日 成都站为 AI 应用和出海专场，NVIDIA 专家及行业嘉宾将带来 AI 出海、物理 AI、AI 智能体、AI 落地应用等精彩内容分享。
【上海站】 5 月 21 日 上海站将聚焦 AI 智能体、物理AI、大语言模型应用等领域,探索 AI 的应用场景。参与形式包括：路演、展示、大企业和技术对接等。
【澳门站】 5 月 26-30 日 澳门站为境外专场，结合澳门BEYOND 国际科技创新博览会，聚焦AI智能体、物理AI、企业出海等前沿技术领域和方向，涵盖#GTC26 技术精华解读、项目路演、圆桌讨论、投融资与需求对接等环节。报名企业将有机会获得免费BEYONDEXPO 展位。
诚邀您莅临现场，共同交流与探讨！报名可扫描下方二维码:

Lumu has upgraded its Lumu Defender NDR solution, extending Continuous Compromise Assessment beyond the network to include endpoints, cloud environments, and user behavior for unified visibility. The past year marks a strategic shift in attack methods, with threat actors pivoting from high-profile malware to increasingly sophisticated, stealth-based tactics. The increase of AI-driven security attacks, attackers using legitimate tools instead of malware, and attackers quietly using cloud applications for exfiltration, creates more opportunities for criminals to … More →

The post Lumu enhances Defender to detect compromise across network, cloud, endpoint, and identity appeared first on Help Net Security.

Two more GitHub Actions workflows have become the latest to be compromised by credential-stealing malware by a threat actor known as TeamPCP, the cloud-native cybercriminal operation also behind the Trivy supply chain attack. The workflows, both maintained by the supply chain security company Checkmarx, are listed below - checkmarx/ast-github-action checkmarx/kics-github-action Cloud security

Tuskira has released its Federated Detection Engine, a new capability within its Agentic SecOps platform that enables real-time threat detection across cloud, identity, endpoint, network, SaaS, infrastructure, and legacy SIEM environments, without relying on centralized logging. Detection engineering still depends on centralized log architectures and manual rule authoring. That model is expensive to scale, slow to adapt, and increasingly misaligned with how modern attacks move across distributed environments. Tuskira takes a different approach by bringing … More →

The post Tuskira replaces centralized detection model with real-time, distributed approach appeared first on Help Net Security.

Russian cybercriminal Aleksei Volkov has received close to seven years behind bars for role in Yanluowang ransomware

Mozilla 于 3 月 24 日释出了 Firefox 149。主要变化包括：用 Rust 语言开发的 JPEG-XL 图像解码器 jxl-rs 取代了旧的用 C++ 开发的解码器；更快的 PDF 文件处理速度，通过右键上下文菜单从 PDF 中下载图像； 改进 HTTP/3 上传性能；内置 VPN（目前只提供给美国等少数地区），每月免费流量 50GB，等等。

Что случается, когда Larva-26002 находит MS-SQL со слабым паролем.

在基于大模型的 AI 辅助编程日益流行的时代，是否会出现为 AI 优化而不考虑人类可读性的编程语言？已有实验在尝试为提高大模型效率而最小化词元（tokens）。AI 是促使源码进化还是导致它灭绝？我们能否让 AI 直接从提示词生成一种中间语言然后将其输入到解释器或编译器？未来是否还需要高级语言？去年 10 月 IEEE Spectrum 召开了一个网络研讨会讨论了 AI 是否会导致编程语言消失。高级语言是人类使用的语言，我们完全可以让 AI 直接生成中间语言，而未来的程序员仍然可以做出与接口、算法以及其它架构相关的设计决策。最终生成的代码仍然需要通过测试，能解释它正在做什么。

ANY.RUN spoke with the Interim CISO and Director of Cyber Operations at Health Shared Services, who provided insights into how their team addressed alert fatigue, improved MTTD and MTTR, and strengthened their investigation workflow with ANY.RUN.  In this new addition to our success story series, we explore how the healthcare organization’s SOC team improved detection, triage, and response efficiency while maintaining the existing operational processes.  Organization Overview  Health Shared Services is a healthcare support organization based in Alberta, Canada.  Its SOC team consists of 16 […]

The post Canada-Based Organization Health Shared Services Accelerates SOC Investigations with ANY.RUN  appeared first on ANY.RUN's Cybersecurity Blog.

速修复

速修复