Aggregator

泛联新安代码钟馗：新一代AI应用安全智能体，守护代码安全。

Bank Negara Malaysia’s updated RMiT framework introduces stricter authentication rules for banks and fintech apps. Learn how passkeys, adaptive MFA, device binding, and risk-based authentication help meet compliance.

The post Bank Negara Malaysia RMiT Update: New Authentication Rules for Fintech and Banks appeared first on Security Boulevard.

A vulnerability was found in IBM Content Navigator up to 3.0.15/3.1.0/3.2.0. It has been classified as problematic. Impacted is an unknown function of the component Web UI. The manipulation leads to cross site scripting. This vulnerability is documented as CVE-2026-1243. The attack can be initiated remotely. There is not any exploit available. Upgrading the affected component is recommended.

In this Help Net Security interview, John O’Rourke, CISO at PPG, talks about what it means for security to drive business value. He explains how mature security programs reduce friction in sales cycles and M&A processes, and how trust is built over time. O’Rourke also addresses how buyer sophistication has raised the bar for suppliers, why less-regulated industries lag behind their more-regulated counterparts, and which companies will benefit from foundational security investments. The interview covers … More →

The post Trust, friction, and ROI: A CISO’s take on making security work for the business appeared first on Help Net Security.

Как Positive Technologies будет готовить специалистов по реверс-инжинирингу.

联合国可持续发展目标提出到 2030 年各国争取将五岁以下儿童每 1,000 例活产的死亡率降至 25 例以下。北大研究人员分析了 1990 年至 2023 年间 200 个国家和地区的五岁以下儿童年度死亡人数和死亡率，再依据死亡率随时间变化的趋势，预测了目前尚未达标国家的达标时间。研究发现，在研究期间，全球五岁以下儿童死亡人数下降 63%，从 1990 年的近 1,300 万降至 2023 年的 478 万；死亡率平均每年下降 3.18%。目前全球五岁以下儿童每 1,000 例活产的死亡率为 36.72 例，仍明显高于目标水平，预计要到 2035 年才能达标。目前已达标的国家有 133 个，另有 9 个国家有望在 2030 年前达标。无法按时达标的国家有 58 个，其中 25 个国家预计要到 2050 年以后才能达标，多米尼克甚至出现五岁以下儿童死亡人数不降反增的情况。全球五岁以下儿童死亡人数有超过五分之四集中在以下两个地区：一是撒哈拉以南非洲，该地区目前的五岁以下儿童每 1,000 例活产的死亡率仍高达 68.82 例，预计要到 2055 年才能达到目标；二是中亚和南亚地区。

Drone detection in cities is expensive. Dedicated radar installations are cost-prohibitive at scale, cameras have limited range and stop working well at night, and LiDAR systems have the same cost problem as radar. A group of researchers at the University of Science and Technology of China spent the past year working on a different approach: using 5G-Advanced base stations that are already in the ground to do the job instead. The 5G-A base station Active … More →

The post Tracking drones with the 5G tower down the street appeared first on Help Net Security.

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Brandon Evans' was reported to the affected vendor on: 2026-04-02, 50 days ago. The vendor is given until 2026-07-31 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Valve 公布的 2026 年 3 月 Steam 硬件和软件调查显示，玩家运行的操作系统中 Linux 比例达到了 5.33%。和 2026 年 2 月的情况类似，Valve 的统计数据可能再次出现异常，因为 2 月 Linux 的比例仅为 2.23%，一个内月突然翻一倍以上概率不大。Windows 操作系统的比例降至了 92.33%，OSX 占 2.35%。Linux 用户比例此前从未超过 5%，超过 3% 也仅为一次。今年 2 月 Steam 简体中文用户比例数据异常，超过了五成，3 月 Valve 看起来修正了错误，简体中文用户比例减少 31.85% 占 22.75%，英语用户增加 16.82% 占 39.09%。用户使用英特尔 CPU 的比例占 55.82%。AMD 占 44.17%。

Очередная опасная профессия теперь принадлежит не людям, а машинам.

NASA 于美国东部时间 4 月 1 日 6:35 p.m.在佛罗里达肯尼迪太空中心发射了 SLS 火箭，执行阿耳忒弥斯 2 号 （Artemis II）载人绕月任务。美国上一次载人登月/绕月是 1972 年 12 月的阿波罗 17 号任务。阿耳忒弥斯（Artemis）登月计划于 2017 年正式宣布，2022 年执行了无人的阿耳忒弥斯 1 号绕月任务。阿耳忒弥斯 2号载人绕月任务预计持续 10 天，四名宇航员包括了 NASA 宇航员 Reid Wiseman、Victor Glover 和 Christina Koch，以及加拿大 CSA 宇航员 Jeremy Hansen。此次任务之一是在载人环境下验证生命维持系统，为在月球建立基地做准备。阿耳忒弥斯 3 号预计在 2027 年执行，仍然是载人绕月，仍然是验证技术为主。2028 年的阿耳忒弥斯 4 号计划载人登月。

Organizations that rely on Exchange Online for internal communications have long needed a way to send large volumes of automated messages, such as payroll notifications, IT alerts, and security advisories, without running into the sending limits designed for person-to-person email. Microsoft has addressed that with the general availability of High Volume Email (HVE) in Exchange Online. What High Volume Email does HVE is a tenant-native capability built for application-to-person messaging within an organization. It uses … More →

The post Microsoft adds high-volume email sending to Exchange Online appeared first on Help Net Security.

Оказывается, числа обманывают даже учёных.

珠海标准工作周

在模型内部构建出一条包含上下文定位、抽象语法树映射、数据流追踪与意图验证的智能审查流水线

本文将分析导致不同 AML 供应商系统中的风险判定存在差异的原因，并介绍一套标准化评估方法，帮助虚拟资产服务提供商自主测试来选择合适的供应商。

В Apertis 2026 нашли способ официально выкинуть код GNU.

In this Help Net Security video, Lenny Gusel, Head of Fraud Solutions in North America at Feedzai, explains how customer identity and access management has converged with digital fraud detection, and why treating them as separate systems creates real risk. The core idea is continuous, contextual trust. Where traditional IAM grants access at a single point in time, fraud systems track behavior throughout an entire session, reading device signals, network context, and how a user … More →

The post Your customer passed authentication. So why are they sending money to a scammer? appeared first on Help Net Security.