Aggregator

看雪论坛作者ID：A0tem

Google on Tuesday revealed that multiple threat actors, including nation-state adversaries and financially motivated groups, are exploiting a now-patched critical security flaw in RARLAB WinRAR to establish initial access and deploy a diverse array of payloads. "Discovered and patched in July 2025, government-backed threat actors linked to Russia and China as well as financially motivated

Закон обязал платформы для взрослых внедрить проверку личности под угрозой блокировок.

近日，“谛听”团队林小李博士撰写的论文《A Real-Time Hacker Group Identification Method for Industrial Control Systems Based on Gaussian Self-Organising Incremental Neural Network》被国际期刊《IEEE Internet of Things Journal》录用。

《原子科学家公报（Bulletin of the Atomic Scientists）》将末日时钟设定距离午夜 85 秒。这是自 1947 年冷战时期科学家创建末日时钟衡量人类文明距离灭绝有多远以来距离理论上的毁灭时刻最近的一次。《原子科学家公报》列举了毁灭风险上升的因素：三大核大国咄咄逼人的行为、脆弱的核军控框架、乌克兰和中东持续的冲突、AI 不受监管的集成到军事系统，以及气候变化等。

McAfee announced upgrades to Scam Detector that improve protection across common scam channels. The enhanced tool helps users check QR code safety and identify suspicious direct messages across apps. In 2025, according to McAfee’s 2026 State of the Scamiverse report, Americans were hit hard by online scams, receiving an average of 14 scam messages per day across text, email, and social media. On top of that, people lost nearly 114 hours a year just trying … More →

The post McAfee upgrades Scam Detector to spot QR code scams and suspicious messages appeared first on Help Net Security.

为保障人工智能（AI）及智能代理体（Agent）的安全使用，必备的控制措施包括深度可见性、强身份认证以及AI感知的数据防泄漏。

Cybersecurity researchers have discovered two malicious packages in the Python Package Index (PyPI) repository that masquerade as spellcheckers but contain functionality to deliver a remote access trojan (RAT). The packages, named spellcheckerpy and spellcheckpy, are no longer available on PyPI, but not before they were collectively downloaded a little over 1,000 times. "Hidden inside the Basque

无限 Debugger 绕过、禁用 F12 绕过、窗口尺寸检测绕过、字符串拼接无限 Debugger 绕过、Function.prototype.toString () 环境检测绕过

深入分析微软最新漏洞Microsoft Copilot Reprompt单击触发的隐蔽数据外传链漏洞

Форум пройдет 18–20 февраля в Екатеринбурге.

Cloudbrink has expanded security and performance benefits for AI agents and online AI services. The new AI capabilities are available on the same platform as Cloudbrink’s secure connectivity, allowing companies to secure users, apps, and AI in a more unified way. According to a McKinsey report, 88 percent of enterprises globally are using AI for at least one business function. Along with this rapid AI adoption rate come the cybersecurity risks associated with AI, compounded … More →

The post Cloudbrink adds AI innovations to its platform to protect agents, apps, and data appeared first on Help Net Security.

微软被发现将专门用于测试的 example.com 的流量重路由到日本住友电工的域名 sei.co.jp。该错误配置已经修正，微软表示正对此展开调查。example.com 以及 example.net 和 example.org 是保留用于测试的域名，被要求解析到 IANA 指定的 IP，不应该被任何一方访问。但 Azure 和其它微软网络中的设备此前被发现一直在将部分 example.com 流量路由到 sei.co.jp 的子域名。而在 Outlook 中设置测试账号 [email protected] 时邮件流量会自动配置路由到两个 sei.co.jp 子域名：imapgms.jnet.sei.co.jp 和 smtpgms.jnet.sei.co.jp。目前不清楚住友电工为什么会卷入此事。 Tinyapps.org 本月初报道称，该错误配置已存在五年之久。

WhatsApp has strongly denied a new class-action lawsuit accusing Meta of secretly accessing users’ end-to-end encrypted messages, labeling the claims as false and baseless. The messaging giant reiterated that messages remain private through device-based encryption via the open-source Signal protocol. A class-action complaint filed on January 23, 2026, in the U.S. District Court for the […]

The post WhatsApp Denies Lawsuit Claim and Confirms Messages are Device-encrypted and Private appeared first on Cyber Security News.

800 тысяч галактик выдали секрет: кто на самом деле управляет космосом.

Fortinet announced new enhancements to FortiCNAPP that help organizations better understand and prioritize cloud risk beyond what many CNAPP solutions offer. By correlating cloud configuration, identity exposure, vulnerabilities, network enforcement, data sensitivity, and runtime behavior within a single workflow, FortiCNAPP enables security teams to focus on the risks that matter most. “Cloud security teams aren’t struggling because they lack data. They’re struggling because growing complexity, limited resources, and skills gaps make it harder to manage … More →

The post Fortinet expands FortiCNAPP with network, data, and runtime-aware risk prioritization appeared first on Help Net Security.

Teleport has unveiled the Teleport Agentic Identity Framework, an AI-centered framework that provides organizations with a roadmap for securely deploying agentic AI across production cloud and on-premises environments. The framework will evolve alongside the industry and community needs, defining the policies, practices, developer tools, and reference architecture required to operate autonomous and semi-autonomous AI agents as trusted identities across infrastructure, reducing the risk of data compromise, misuse, and external adversarial threats. As enterprises accelerate AI … More →

The post Teleport’s Agentic Identity Framework protects AI agents in production environments appeared first on Help Net Security.