Aggregator

【安全圈】关键 Everest Forms Pro 漏洞被利用，可接管 WordPress 网站

安全圈

2 weeks 3 days ago

【安全圈】微软让步，撤回对白帽黑客的法律威胁

安全圈

2 weeks 3 days ago

Нейросети посадили на «квантовую диету». Физики придумали не раздувать серверы до бесконечности

Securitylab.ru

2 weeks 3 days ago

Инженеры показали новый способ улучшать алгоритмы без лишних затрат.

UNC3753 Escalates: From Vishing Calls to Physical Office Intrusions at US Legal and Financial Firms

Security Affairs

2 weeks 3 days ago

UNC3753 phones staff posing as IT, hijacks screen sessions, steals sensitive legal files, and now sends operatives physically into offices to plug in USB drives. Google Mandiant and the Google Threat Intelligence Group published a detailed report documenting an active extortion campaign carried out by the cybercrime group UNC3753 (aka Luna Moth, Chatty Spider, and […]

Pierluigi Paganini

安全玻璃盒联合浙江网空协会发布报告深度剖析AI赋能攻击新趋势

安全419

2 weeks 3 days ago

报告从攻击态势、行业分布、技术演进、典型案例、防护体系等多个维度系统性地分析2025年软件供应链安全核心趋势。

安全419 | 5月安全厂商动态：AI治理平台密集发布

安全419

2 weeks 3 days ago

亿格云完成数亿元B轮融资；保旺达、易安联等推出AI安全护栏与治理平台；安全创客汇如期举行。

GLP-1 减肥药与更低的乳腺癌风险相关

Solidot

2 weeks 3 days ago

根据发表在《JCO Oncology Practice》期刊上的一项研究，服用 GLP-1 减肥药与女性更低的乳腺癌风险相关。对逾 11 万名年龄在 45 岁至 80 岁之间的回顾性分析发现，服用 GLP-1 药物的女性患乳腺癌的风险比未服用的女性低约 30%。这是一项观察性研究，GLP-1 减肥药与降低乳腺癌发病率之间是否存在关联还有待进一步研究。GLP-1 药物模拟了人体天然激素 glucagon‑like peptide‑1，该激素有助于调节血糖和食欲。GLP-1 药物最初被用于减肥，如今被发现还可能有助于预防癌症。研究人员指出，GLP-1 药物会影响许多与癌症发展相关的靶点和通路，因此值得进一步展开研究。

度享端阳｜BSRC端午限定礼盒等你来拿！

百度安全应急响应中心

2 weeks 3 days ago

清风送粽香，岁岁赴端阳。又是一年端午至，BSRC为各位白帽师傅们准备了【度享端阳】端午限定礼盒。

Infosecurity Europe: Prompt Injection Remains Unsolved, OWASP Researcher Warns

Information Security Magazine

2 weeks 3 days ago

At Infosecurity Europe 2026, OWASP’s Ariel Fogel warned that prompt injection remains an “unresolved problem” within generative AI architecture

VerdantBamboo Deploys BSD Variant of BRICKSTORM on Linux Appliances

The Hackers News

2 weeks 3 days ago

A China-nexus cyber espionage group has been observed deploying a BSD variant of a known backdoor called BRICKSTORM, as well as two other malware families codenamed PLENET (aka GRIMBOLT) and AGENTPSD to target Linux systems. The activity has been attributed by Volexity to a threat cluster it tracks as VerdantBamboo, which it said overlaps with hacking groups known as Clay Typhoon (Microsoft),

The Hacker News

CISA: Patch actively exploited SolarWinds Serv-U DoS vulnerability (CVE-2026-28318)

Help Net Security

2 weeks 3 days ago

A vulnerability (CVE-2026-28318) that can be exploited to crash SolarWinds Serv-U file transfer servers is being leveraged by attackers in the wild, the US Cybersecurity and Infrastructure Security Agency (CISA) confirmed on Friday. The agency has ordered US federal civilian agencies to address it by June 19, 2026, either by implementing a patch or implementing mitigations. About CVE-2026-28318 CVE-2026-28318 is an uncontrolled resource consumption vulnerability that can be triggered by remote, unauthenticated attackers. The flaw … More →

The post CISA: Patch actively exploited SolarWinds Serv-U DoS vulnerability (CVE-2026-28318) appeared first on Help Net Security.

Zeljka Zorz