Aggregator

Китай выставляет на кон мировое производство и обучает армию роботов.

中国发布指导方针，要求国家资助的新建数据中心使用国产 AI 芯片，完工进度低于 30% 的数据中心必须拆除所有已安装的外国芯片或取消采购计划；进度高于 30% 的数据中心则视个案而定。这可能是至今最强力的在关键基础中去除外国技术的举措。

本文分享了使用jsrpc+autoDecoder+v_jstools实现JS自动化加解密和Sign漏洞挖掘的实战经验。通过定位加解密函数、注册全局函数，结合autoDecoder接口脚本，实现明文发包自动加解密和无感漏洞挖掘。

The threat actor known as Curly COMrades has been observed exploiting virtualization technologies as a way to bypass security solutions and execute custom malware. According to a new report from Bitdefender, the adversary is said to have enabled the Hyper-V role on selected victim systems to deploy a minimalistic, Alpine Linux-based virtual machine. "This hidden environment, with its lightweight

Как 4 уязвимости в Microsoft Teams позволили хакерам выдавать себя буквально за кого угодно.

Learn the Business, Be Intentional, Find a Mentor and Build Non-Technical Skills
New to cybersecurity? Start by learning how organizations work - their people, processes and priorities - before diving deep into technical stacks. Understanding how to translate technical findings into business risk differentiates a professional from a technician.

DOJ: Suspects Hit 5 Firms, Including 3 in Healthcare, Netted $1.3M in Ransom Money
Three former employees of two cybersecurity firms stand accused of using BlackCat ransomware in a conspiracy to extort five U.S. companies, including three in the healthcare sector. One of the victim companies paid nearly $1.3 million to the attackers, U.S. federal prosecutors said.

DHS Plans to Expand SAVE Database Use Raise Privacy, Accuracy and Security Concerns
A Department of Homeland Security move to broaden an immigration verification database into a voter verification tool could expose sensitive information to security threats. Critics caution it accelerates a pattern of data being repurposed by the Trump administration for surveillance.

Chinese Hackers Target European Diplomats with LNK File Flaw
Chinese nation-state hackers are exploiting a Windows vulnerability to hack European diplomatic outposts, say security researchers - but operating system giant Microsoft says the flaw doesn't merit a patch. Hackers used a flaw already compromised by North Korea and Russia.

Funding Round Led by Goldman Sachs Boosts Valuation to $6.1 Billion
Another cybersecurity vendor is planning to dive into the still waters of an initial public offering. Cyber exposure management firm Armis dipped its toe in the market Wednesday, announcing a pre-IPO funding round of $435 million that boosted the company's valuation to $6.1 billion.

When you ask a large language model to summarize a policy or write code, you probably assume it will behave safely. But what happens when someone tries to trick it into leaking data or generating harmful content? That question is driving a wave of research into AI guardrails, and a new open-source project called OpenGuardrails is taking a bold step in that direction. Created by Thomas Wang of OpenGuardrails.com and Haowen Li of The Hong … More →

The post OpenGuardrails: A new open-source model aims to make AI safer for real-world use appeared first on Help Net Security.

法国政府表示，将禁止希音(Shein)在该国运营，此前在这家快时尚零售商的线上平台上发现了儿童外形的性爱玩偶和大量武器在售。内政部长 Laurent Nuñez 周三提交法律申请，要求屏蔽希音网站，“以最终制止希音的缺点对公共秩序所造成的严重危害”。财政部表示，此举是在希音的市集平台上发现有“大量”第三方卖家上架A类武器之后作出的。它确认，这些武器包括砍刀、斧头和指节铜套。巴黎检方此前刚刚以希音销售“充气娃娃”涉嫌构成儿童色情为由展开调查。在法国，传播和持有儿童色情均属违法。近期甚至有日本足球协会（JFA）高层因在飞机上观看儿童色情而被判罪，相关执法正在严格化。

Bitdefender announced Bitdefender GravityZone Security Data Lake and Data Lake for Managed Detection and Response (MDR), solutions that help organizations cut through alert overload and complexity by unifying security telemetry from multiple tools into a single, intelligent platform. The new offering simplifies security operations with advanced analytics and expert-driven response, delivering the visibility of a modern Security Information and Event Management (SIEM) while reducing investigation time and total cost of ownership. Organizations face challenges with … More →

The post Bitdefender GravityZone Security Data Lake unifies telemetry from multiple tools appeared first on Help Net Security.

В Китае разработали наночип, неуязвимый к радиации.

As LLMs, agents and Model Context Protocols (MCPs) reshape software architecture, API sprawl is creating major security blind spots. The 2025 GenAI Application Security Report reveals why continuous API discovery, testing and governance are now critical to protecting AI-driven applications from emerging semantic and prompt-based attacks.

The post Why API Security Will Drive AppSec in 2026 and Beyond  appeared first on Security Boulevard.

Prismatic announced its MCP flow server for production-ready AI integrations. The new offering enables companies to transform fragile AI toolchains into reliable, deterministic workflows that can securely power mission-critical applications. AI agents are now embedded in every workflow — from customer support to writing code to data analysis — but connecting them to real-world systems remains unreliable. Product teams expose individual API endpoints as MCP tools, leaving large language models (LLMs) to make dozens of … More →

The post Prismatic gives AI agents the guardrails and structure they need to operate reliably in production appeared first on Help Net Security.