Aggregator

金马贺岁开门红 🧨 万象更新展宏图 ✨

Countries Are Pouring Billions Into Domestic AI Stacks to Escape US-China Dominance
By 2027, more than one-third of the world's nations will be locked into region-specific AI platforms built on proprietary data, infrastructure and governance frameworks, according to Gartner. Nations are now safeguarding LLMs in the same way they do critical infrastructure.

祝大家2026新春快乐!!!

Session 12C: Membership Inference

Authors, Creators & Presenters: Zitao Chen (University of British Columbia), Karthik Pattabiraman (University of British Columbia)

PAPER
A Method to Facilitate Membership Inference Attacks in Deep Learning Models

Modern machine learning (ML) ecosystems offer a surging number of ML frameworks and code repositories that can greatly facilitate the development of ML models. Today, even ordinary data holders who are not ML experts can apply off-the-shelf codebase to build high-performance ML models on their data, many of which are sensitive in nature (e.g., clinical records).

ABOUT NDSS
The Network and Distributed System Security Symposium (NDSS) fosters information exchange among researchers and practitioners of network and distributed system security. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on actual system design and implementation. A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of available security technologies.

Our thanks to the Network and Distributed System Security (NDSS) Symposium for publishing their Creators, Authors and Presenter’s superb NDSS Symposium 2025 Conference content on the Organizations' YouTube Channel.

Permalink

The post NDSS 2025 – A Method To Facilitate Membership Inference Attacks In Deep Learning Models appeared first on Security Boulevard.

Researchers have documented the inaugural instance of a deleterious Microsoft Outlook extension proliferating through the official Office Add-in

The post The Trojan in the Sidebar: How an Abandoned App Turned the Official Microsoft Store into a Phishing Engine appeared first on Penetration Testing Tools.

Теперь ИИ станет в разы экономичнее?

今日暂未更新资讯~
更多最新文章，请访问SecWiki

最近在媳妇的头发上看到白发，虽说是自然规律，还是有些感慨。认识的时候她才17岁，一晃就过去了。

In the nascent weeks of 2026, a formidable new antagonist emerged within the digital theater: a collective identifying

The post The Phantom Menace: Unmasking 0APT’s Trillion-Byte Bluff in the 2026 Ransomware Scene appeared first on Penetration Testing Tools.

A critical vulnerability has been unearthed in a ubiquitous WordPress backup plugin, facilitating the unauthorized seizure of websites

The post 9.8 Critical Alert: The Flaw Threatening 900,000 WordPress Sites appeared first on Penetration Testing Tools.

Websites running the Novarain/Tassos Framework are vulnerable to critical security flaws that allow unauthenticated file read, file deletion, and SQL injection attacks, potentially leading to remote code execution and full administrator takeover on unpatched systems. The issues affect multiple popular Tassos extensions and require urgent patching through the vendor’s updated releases. A source‑code review of […]

The post Joomla Novarain/Tassos Framework Vulnerabilities Enables SQL injection and Unauthenticated File Read appeared first on Cyber Security News.

Apple has disseminated urgent security remediations to neutralize a zero-day vulnerability already weaponized in targeted offensives against select

The post Spyware Alert: Apple Fixes Critical Zero-Day CVE-2026-20700 Exploited in “Sophisticated” Attacks appeared first on Penetration Testing Tools.

Microsoft has formally inaugurated the deployment of Windows 11 26H1, yet the corporation has accompanied this release with

The post Selective Sovereignty: Windows 11 26H1 Debuts for Snapdragon X2 While Purging Legacy Roots appeared first on Penetration Testing Tools.

一款名为 ZeroDayRAT 的新型移动间谍软件平台正在 Telegram 上公开销售，该平台于 2026 年 2 月 2 日首次被捕获，无技术使用门槛，可让不同技术能力的攻击者，对 iOS 和 Android 用户发起隐蔽的恶意攻击。 https://iverify.io/blog/breaking-down-zerodayrat---new-spyware-targeting-android-and-ios 该间谍软件的开发商搭建了专属的销售、客户支持和版本定期更新渠道，为买家提供一站式入口，可直接访问功能齐全的间谍软件管控面板，实现对目标 Android 或 iOS 设备的完全远程控制。 系统适配范围：覆盖 Android 5 至 Android 16 全版本，以及 iOS 26 系统（含 iPhone 17 Pro 机型）。苹果修复动态链接器漏洞：曾被用于针对特定个人的极其复杂攻击 攻击者需将恶意二进制文件（Android 端为 APK 安装包、iOS 端为对应攻击载荷）植入目标设备，最核心的攻击途径为短信钓鱼：受害者点击短信内的链接，下载并安装伪装成合法应用的恶意程序。 此外，钓鱼邮件、虚假应用商店，以及通过 WhatsApp、Telegram 分享的恶意链接，均为有效的感染渠道。 设备感染后，攻击者可通过管控面板的概览页，一站式获取目标设备型号、操作系统版本、电池电量、所属国家 / 地区、锁定状态、SIM 卡与运营商信息、双卡手机号码、分时段应用使用情况、实时活动时间线、近期短信预览等数据，足以完整勾勒受害者的社交对象、高频应用、活跃时段、所处网络等个人画像，还可直接查看截获的银行、运营商及个人联系人的相关信息。 实时提取 GPS 坐标，通过内嵌谷歌地图展示位置轨迹，同步掌握受害者当前位置与历史行踪； 单独抓取设备所有通知，涵盖 WhatsApp、Instagram、Telegram、YouTube 平台消息、未接来电及系统事件，攻击者无需打开对应应用，即可被动获取手机几乎全部活动信息； 完整列示设备内所有注册账户及对应的用户名、邮箱地址，为攻击者实施账户接管、定向社会工程学攻击提供完整素材。 攻击者可通过监控面板，对目标设备实现实时物理访问，包括摄像头实时直播、屏幕录制、麦克风实时监听；结合 GPS 追踪能力，可同步完成对目标的观察、监听与位置定位。 可捕获受害者每一次按键输入，同步记录对应应用上下文与毫秒级时间戳，搭配面板右侧的实时屏幕预览，攻击者可同步掌握目标的操作行为与输入内容； 黑鸟祝大家，新春快乐！

New phishing campaign dubbed Operation DoppelBrand targeted major financial firms like Wells Fargo

Over a billion Android aficionados find themselves within a perilous proximity to cyber threats, with a vast multitude

The post The Billion-Device Blind Spot: Why 40% of Android Users are Now “Sitting Ducks” for Hackers appeared first on Penetration Testing Tools.

A vulnerability classified as critical was found in Linux Kernel up to 6.12.22/6.13.10/6.14.1. The impacted element is the function is_copy_from_user of the component mce. Executing a manipulation can lead to denial of service. This vulnerability is registered as CVE-2025-39989. The attack requires access to the local network. No exploit is available. Upgrading the affected component is advised.

A vulnerability was found in Linux Kernel up to 6.14.1. It has been classified as problematic. Affected by this issue is the function graph_util_parse_dai of the component ASoC. Performing a manipulation results in privilege escalation. This vulnerability is known as CVE-2025-39930. Access to the local network is required for this attack. No exploit is available. Upgrading the affected component is recommended.