Aggregator

一年一度的“大考”火热进行中，攻防演练期间本公众号会每日更新当天鲜活情报和热点漏洞，欢迎大家对我们进行收藏和关注！

Security researchers discover novel animation-based vulnerability affecting 76% of Android apps. Security researchers at TU Wien have uncovered a sophisticated new attack vector dubbed “TapTrap” that enables malicious Android applications to bypass the operating system’s permission system and execute destructive actions without user knowledge. The attack exploits a previously unknown vulnerability in Android’s activity transition […]

The post New Android TapTrap Attack Let Malicious Apps Bypass Permission and Carry out Destructive Actions appeared first on Cyber Security News.

官方称中国等部分国家的订单已可通过电话或邮件处理

Cybersecurity researcher Jeremiah Fowler uncovered a massive 286GB data exposure at Texas-based Rockerbox, a tax credit consultancy. Exposed data includes SSNs, DD214s, and financial details, raising serious identity theft and fraud concerns.

2025年6月，中央网信办举报中心指导全国各级网信举报工作部门、主要网站平台受理网民举报色情、赌博、侵权、谣言等违法和不良信息1849.6万件，环比增长1.1%、同比下降7.2%。

2025年6月，网络谣言主要聚焦社会热点、灾情事故、伪科普等领域，造谣者通过手段虚构或夸大事实，扰乱正常社会秩序。相关部门迅速响应，通过权威信息发布、跨部门联动执法等举措依法惩治造谣传谣行为，持续筑牢网络空间清朗防线。

近年来，我国网络安全保险为数字经济快速发展提供了有力的保障，促进经济增长结构优化，推动新质生产力发展，现已成为我国经济的“减震器”和社会的“稳定器”。

随着大模型应用业态的不断丰富，预计其技术影响范围将持续扩大。为了保障大模型的安全和合规使用，企业组织必须以全面的风险管控框架，进行风险分析及安全设计，从顶层进行规划，确保大模型技术在风险受控的前提下得以导入和应用。

这篇文章探讨了稀土元素在全球经济和地缘政治中的关键作用。中国在稀土开采和加工方面占据主导地位，这对高科技产业、人工智能和可再生能源的发展至关重要。全球各国正寻求多元化供应链以减少对中国依赖，同时面临环保挑战和探索替代方案。

Start your red teaming journey with intent, not ambition. Designate a lead with both AI literacy and a security mindset.

The post A Practical Guide to Building a Red Teaming Strategy for AI appeared first on Security Boulevard.

Alexa, позови юриста.

轻量级身份治理成为企业应对访问蔓延、安全威胁和合规挑战的有效且敏捷的解决方案。

A sophisticated new campaign involving the Anatsa Android banking trojan, marking its third major offensive against mobile banking customers in the United States and Canada. This latest operation demonstrates the malware’s evolving threat landscape and its operators’ persistent focus on North American financial institutions, with distribution occurring through the official Google Play Store. Anatsa represents […]

The post Anatsa Android Banking Malware Targets Users in the U.S. and Canada via Google Play appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

微软在2025年7月的Patch Tuesday更新中修复了130个安全漏洞，包括一个已公开的SQL Server零日漏洞CVE-2025-49719。其中14个漏洞被评为“critico”，可能被用于轻松控制受影响设备。建议用户及时安装更新并备份重要数据以确保系统安全。

WhatsApp, телефон, сообщения — Google сдал вас с потрохами.

As tempting as it is to find out if you descended from some grand poobah in Scandinavia or if your real great (x10) grandmother was Catherine the Great, the implications of a fine recently levied against 23andMe might coax you into keeping your genetic material to yourself. 

The post 23andMe…and Everyone Else: All Eyes are on the Most Personal Data  appeared first on Security Boulevard.

“Logistiek is de levensader van militaire operaties. Een wapen maakt het verschil aan het front. Maar zonder een constante stroom van brandstof, munitie, voedsel en medische zorg is het niets meer dan duur staal.” Luitenant-generaal Jan-Willem Maas hield zijn betoog bij Havenbedrijf Rotterdam voor Logistieke Alliantie. De Commandant Defensie Ondersteuningscommando benadrukte het belang van de civiele logistieke sector voor de inzetbaarheid van Defensie.

Hackers are abusing the legitimate red teaming tool Shellter to spread stealer malware after a licensed copy was leaked. Elastic Security Labs has identified several malware campaigns using the commercial AV/EDR evasion tool SHELLTER. The tool was originally built for legitimate red team operations, however, threat actors have now adopted it to bypass security measures […]