Aggregator

当前环境异常，需完成验证后继续访问。

当前环境出现异常问题，需完成验证后才能继续访问。

APT组织Lazarus 在Rootkit（获取内核权限）攻击中使用了微软的0day漏洞;APT组织Kimsuky利用软件公司产品安装程序进行伪装展开攻击;NoName057(16)组织DDoSia项目持续更新;

小米超级岛来了，小米澎湃 OS 3 系统将支持 NFC 刷卡上岛；理想汽车发布 2025 年二季度财报：营收 302 亿元，净利润 11 亿元；英伟达黄仁勋：所有产品全部卖光了！

AGI与国家安全

当前环境出现异常状态，需完成验证后方可继续访问操作。

小米发布澎湃 OS 3 系统，新增「超级岛」功能及 AI 超级小爱升级；Chipolo 推出两款可充电蓝牙追踪器 Loop 和 Card；OpenAI 将上线家长控制功能；微软扩展云游戏串流服务至低价套餐；Pixel 10 取消反向无线充电；SK 海力士推出高效散热移动 DRAM；Apple 推出磁吸配件 Crossbody Strap；华为 Mate XTs 折叠屏手机开启预约。

本周科技周刊涵盖零碳大楼、猪肺移植等创新动态，推荐 Gonzo 等工具，并探讨 AI 对认知能力的影响。

Also: DSLRoot Turns Homes Into Proxies, Cyberattack Disrupts Swedish Towns
This week: TransUnion incident affects 4.5 million, DSLRoot residential proxies, Operation Serengeti 2.0, ZipLine campaign exploits contact forms, a cyberattack disrupts 200 Swedish municipalities, Maryland Transit Administration hit by ransomware, TAG-144 escalated attacks in South America.

US Cyber Defense Agency Deploys Support to Nevada Following Ransomware Incident
The Cybersecurity and Infrastructure Security Agency and FBI are aiding Nevada after a cyberattack disabled state services, exposing how local governments - amid surging ransomware, IT shortfalls and federal funding cuts - are increasingly reliant on strained national cyber defense resources.

Buying Spanish Startup Brings Real-Time Data Pipeline Tech to Boost SOC Efficiency
CrowdStrike announced plans to acquire Spanish startup Onum Technology for $290 million. The move brings advanced data pipeline tools into its Falcon platform, speeding up threat detection and consolidating SOC workflows for customers leaving legacy SIEMs.

AI Giants Evaluated Each Other's Newer Models for Safety Risks
OpenAI and Anthropic evaluated each other's AI models in the summer, testing for concerning behaviors that could indicate misalignment risks. Both companies released their findings simultaneously: no model was severely problematic, but all showed plenty of troubling behavior in testing scenarios.

针对大模型知识推理能力与指令遵循能力存在表现差异的现象，为推进指令遵循能力的系统化研究与精准评估，美团 M17 团队推出全新评测基准 Meeseeks，并在GitHub、Huggingface、魔搭社区等开源平台上线。

Operation Serengeti 2.0: With Trend Micro’s support, INTERPOL led a major crackdown across Africa, arresting cybercriminals, dismantling infrastructures, recovering illicit funds, and protecting tens of thousands of victims.

六大行动，推动人工智能与经济社会深度融合。

A vulnerability, which was classified as critical, was found in Microsoft Exchange Server 2013 CU23/2016 CU17/2016 CU18/2019 CU6/2019 CU7. This affects an unknown part. Executing manipulation can lead to privilege escalation. This vulnerability is handled as CVE-2020-17117. The attack can be executed remotely. There is not any exploit available. A patch should be applied to remediate this issue.

A vulnerability was found in Microsoft Windows. It has been declared as problematic. The affected element is an unknown function of the component GDI+. Such manipulation leads to information disclosure. This vulnerability is referenced as CVE-2020-17098. The attack can only be performed from a local environment. No exploit is available. It is best practice to apply a patch to resolve this issue.

A vulnerability marked as critical has been reported in Microsoft Excel up to 2019. Affected by this vulnerability is an unknown functionality. This manipulation causes Remote Code Execution. This vulnerability is registered as CVE-2020-17123. Remote exploitation of the attack is possible. No exploit is available. To fix this issue, it is recommended to deploy a patch.