Aggregator

Keeping Revenue Forecasts From Becoming Legal Liabilities

5 days 14 hours ago

Why the Fortinet Earnings Case Is a Cautionary Tale for the Cybersecurity Sector
Fortinet's stock unexpectedly plunged more than 20% in August. That same month, Gartner named Fortinet an industry leader in its Magic Quadrant for hybrid mesh firewalls. But the thing that sent Fortinet's stock into a nosedive was revenue forecasts that didn't pan out.

Building Cyber Resilience Across Canada's Skies

Ransomware DataBreachToday.com

5 days 14 hours ago

NAV Canada CISO Tom Bornais on Keeping IT and OT Systems Running
With threats targeting aviation infrastructure, NAV Canada CISO Tom Bornais explained how his team focuses on building resilience rather than chasing perfection. He outlined why internal alignment, incident simulation and supply chain security are critical to defending IT and OT systems.

How to Fix Decades of Technical Debt

Ransomware DataBreachToday.com

5 days 14 hours ago

Global Tech Debt Impedes Growth as AI, Cloud and Legacy Systems Collide
Technical debt is no longer just a developer's dilemma; it's a global business risk. As companies cling to legacy systems and monolithic code, modernization efforts stall. Rising costs, slower delivery and AI limitations highlight the urgent need for scalable, future-ready architectures.

This month in security with Tony Anscombe – October 2025 edition

WeLiveSecurity

5 days 14 hours ago

From the end of Windows 10 support to scams on TikTok and state-aligned hackers wielding AI, October's headlines offer a glimpse of what's shaping cybersecurity right now

每周蓝军技术推送（2025.10.25-10.31）

M01NTeam

5 days 14 hours ago

关注高级攻防对抗技术热点，研究对手技术进行高级威胁模拟，研判攻击安全发展方向。

CVE-2025-40106 | Linux Kernel up to 6.18-rc2 comedi comedi_buf_munge divide by zero (EUVD-2025-37321)

VulDB Recent Entries

5 days 14 hours ago

A vulnerability described as critical has been identified in Linux Kernel up to 6.18-rc2. This vulnerability affects the function comedi_buf_munge of the component comedi. The manipulation results in divide by zero. This vulnerability is reported as CVE-2025-40106. The attacker must have access to the local network to execute the attack. No exploit exists. Upgrading the affected component is recommended.

vuldb.com

Yakit MITM 实战：如何打通国密双向认证的“证书关卡”？

Yak Project

5 days 14 hours ago

速看！国密双向认证的通关技巧~

CVE-2025-30191 | Open-Xchange OX App Suite ui layer (oxas-adv-2025-0002 / EUVD-2025-37316)

VulDB Recent Entries

5 days 14 hours ago

A vulnerability marked as problematic has been reported in Open-Xchange OX App Suite up to 7.6.3-rev77/8.35.111/8.38.82/8.39.79/8.40.57. This affects an unknown part. The manipulation leads to improper restriction of rendered ui layers. This vulnerability is documented as CVE-2025-30191. The attack can be initiated remotely. There is not any exploit available.

vuldb.com

CVE-2025-30188 | Open-Xchange OX App Suite up to 2.1.7 API resource consumption (oxas-adv-2025-0002 / EUVD-2025-37315)

VulDB Recent Entries

5 days 14 hours ago

A vulnerability labeled as problematic has been found in Open-Xchange OX App Suite up to 2.1.7. Affected by this issue is some unknown functionality of the component API. Executing manipulation can lead to resource consumption. This vulnerability is registered as CVE-2025-30188. It is possible to launch the attack remotely. No exploit is available. The affected component should be upgraded.

vuldb.com

通杀脚本（续）

迪哥讲事

5 days 14 hours ago

10个npm包被指窃取 Windows、macOS 和 Linux 系统上的开发者凭据

代码卫士

5 days 14 hours ago

累计下载量超过9900次

CISA和NSA分享如何保护微软 Exchange 服务器

代码卫士

5 days 14 hours ago

速修复

"Я тебе не бот, я рекламный агент". Meta готовит массовую слежку за пользователями через чат-ботов

Securitylab.ru

5 days 14 hours ago

30+ организаций требуют остановить "торговлю душой" через чат-ботов.

【情报】美国在巴基斯坦资助的机构和项目

丁爸情报分析师的工具箱

5 days 14 hours ago

今天给大家推送美国国际开发署和民主基金会、福特基金。会等机构在巴基斯坦资助的机构和项目。

Ukrainian extradited from Ireland on Conti ransomware charges

Bleeping Computer.

5 days 14 hours ago

A Ukrainian national believed to be a member of the Conti ransomware operation has been extradited to the United States and faces charges that could get him 25 years in prison. [...]

Sergiu Gatlan

Threat Actors Exploiting Open-Source C2 Frameworks to Deploy Malicious Payloads

GBHackers on Security | #1 Globally Trusted Cyber Security News Platform

5 days 14 hours ago

Threat intelligence researchers have uncovered a growing campaign where cybercriminals are weaponizing AdaptixC2, a legitimate open-source Command and Control framework designed for authorized penetration testers. The discovery reveals how threat actors are exploiting ethical hacking tools to conduct sophisticated cyberattacks, with significant ties linking the framework’s development to Russian criminal networks. Silent Push threat analysts […]

The post Threat Actors Exploiting Open-Source C2 Frameworks to Deploy Malicious Payloads appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Mayura Kathir

APT-C-60（伪猎者）的近期活动分析与技术演进

360威胁情报中心

5 days 15 hours ago

APT-C-60（伪猎者）是一伙以持续监控受影响用户、窃取相关信息为目的朝鲜半岛APT组织。

微信 x TSRC专项众测冲刺｜百万奖池火力全开！单洞赏金最高12万！

腾讯安全应急响应中心

5 days 15 hours ago

百万奖池等你来拿！

Pornhub 称年龄验证后英国访客数量锐减 77%

Solidot

5 days 15 hours ago

最大成人视频网站 Pornhub 表示，自 7 月英国 Online Safety Act 生效要求成人网站验证访客年龄后，英国访客数量锐减 77%。Pornhub 声称无视新法律的成人网站从中受益。Pornhub 是全球访问量排名第 19 的网站。英国通信管理局（Ofcom）称 7 月 25 日之后的三个月内，英国用户访问色情网站的数量总体下降近三分之一，Ofcom 表示法律实现了其主要目的，即阻止儿童“无需搜索即可轻易接触成人内容”。Ofcom 称，7 月 VPN 用户达到了 150 万，但此后降至了 100 万。Cybernews 的数据显示，英国用户通过 Google Play Store 和 Apple App Store 下载 VPN 应用的数量今年内将超过 1070 万次。Cybernews 认为 Pornhub 英国访客数量并没有锐减，访客使用 VPN 导致其被归类为非英国用户，当然确实可能有部分用户转向了不需要年龄验证的网站。

开源！可信MCP，AICC机密计算新升级！

嘶吼

5 days 15 hours ago

大模型技术变革下，通常需借助云端算力和存储资源，为端侧提供更丰富的大模型应用场景体验。与此同时，行业对端云协作下的全链路安全和透明可信提出了更高要求。火山引擎AICC 机密计算应运而生，通过为企业搭建“云端大模型安全屋”，实现公有云环境下敏感数据流转和计算的全链路安全。

近日，火山引擎 AICC 机密计算迎来新升级，发布支持 MCP 的可信方案——Trusted MCP，并正式开源该组件。开发者和企业可通过该功能实现 MCP 核心组件及组件间的通信数据安全，有效解决 MCP 应用过程中的数据泄露和身份验证等风险。新版本已在火山引擎官网上线，

GitHub地址：https://github.com/volcengine/AICC-Trusted-MCP

构建可信 MCP，发布即开源

随着MCP作为模型上下文协议被广泛采纳，AI调用大模型和工具变得更加便捷和频繁，这也引发了安全隐患：模型通过MCP协议与外部系统实时交互，安全边界从 “单一模型服务器” 拓展至 “全链路交互场景”。传统安全防护聚焦于“模型本身”，而MCP生态的攻击面将贯穿大模型应用的全周期，安全风险指数级增加。

对此，AICC 机密计算上线Trusted MCP （可信MCP），通过实现MCP本身及MCP组件间的安全通信，进一步支持智能体安全落地。

Trusted MCP是在AICC机密计算基础上实现的可信MCP解决方案，它充分利用AICC机密计算的端云互信等能力，为MCP的核心组件提供身份证明和证明验证能力，并在此基础上提供了全流程的通信加密，确保MCP核心组件及组件间的通信数据安全，解决MCP应用中服务身份不可信、数据被篡改、流量劫持、数据隐私泄露等安全风险。

以天气查询的 Trusted MCP 交互场景举例

当前，AICC机密计算“Trusted MCP”核心代码在 GitHub 上全面开源。开源内容涵盖 Trusted MCP 整体框架、常用工具桥接示例以及权限控制插件，开发者可基于此快速集成内部工具，或参与共建更丰富的 MCP 工具仓库。

值得一提的是，针对安全增强版本的Trusted MCP，业务改造零成本，用户可通过轻量级SDK接入。

GitHub地址：https://github.com/volcengine/AICC-Trusted-MCP

深化平台集成：AICC 助力火山方舟实现机密推理

近日，火山方舟作为一站式大模型服务平台，将AICC机密计算技术原生内置于平台，在行业内率先推出MaaS原生的机密推理服务。用户在火山方舟选择“机密部署”方式，即可一键开启豆包大模型的机密推理服务。

该功能让用户在火山方舟可使用芯片级的机密推理服务，让企业隐私数据在云端获得与本地同等安全的计算保障，确保企业在火山方舟的数据“唯用户可见、唯用户所用、唯用户所有”。

同时，在火山方舟后台，当用户完成机密模型部署后，可生成实时可信验证报告，让用户了解到推理服务是否部署在硬件可信环境内，确保推理服务安全可信。

火山方舟推理接入点安全审计页面

目前，AICC 机密计算已在PC、手机、汽车等多个行业具备了丰富的落地实践。例如：

·联想个人可信云方案中，通过AICC 构建可信知识库，实现内容创建、密态存储到加密检索与输出的全流程隐私闭环。用户无需改变操作习惯，即可获得高效的智能反馈，实现“安全无感”的体验。

·OPPO AI 私密云项目中，为了给用户提供更好的AI服务，一些复杂请求需要通过云端大模型来进行AI推理，OPPO与火山引擎AICC携手打造私密计算云，用户数据通过密文方式端云传输，实现了用户复杂需求在云上推理计算，同时满足用户数据在云上计算不留痕的高标准要求。

·上汽大众基于豆包大模型打造智能知识助手“SVW Copilot•出众”，用于响应员工对于企业内部各业务领域知识库的提问，帮助员工提升办公事务效率。火山方舟机密推理服务帮助上汽大众盘活内部知识，在保障内部数据隐私与安全的前提下，实现了企业知识资源的智能化、分级化利用。

秉承“芯片级全链路加密”理念，火山引擎 AICC 机密计算将持续聚焦智能计算底座的高可用、高性能与开放性，为企业接入和应用大模型，做好端到端的可信智能链路护航。

AICC官网体验地址：https://www.volcengine.com/product/AICC

企业资讯

Aggregator

Managed ad