Aggregator

面对美国等西方“技术民主联盟”的体系性围堵和“数字铁幕”的政策性限制，如何在国际数字治理体系重构中维护我国核心利益，已成为新时代涉外安全的重要课题。本文通过三维度分析框架，系统解析中国海外数字利益的理论内涵与现实挑战，并提出针对性应对策略。

内存价格飙升的今天你也别指望 SSD 会便宜。第二大 NAND 制造商铠侠存储器业务总经理中户俊介表示该公司的 2026 年产能已经售罄，企业级和消费级 SSD 市场将进入“高端且昂贵的阶段”。中户称，企业普遍感到一旦停止投资 AI 会被淘汰，因此他们别无选择只能继续投资。”如果对生成式 AI 数据中心的需求没有发生重大变化，那么在可预见的未来，这轮投资将使 SSD 价格居高不下。中户表示铠侠正试图提高产能以满足不断增长的需求。

A high-severity vulnerability has been disclosed in BIND 9, the widely used DNS server software responsible for domain name resolution across millions of internet services. The vulnerability, tracked as CVE-2025-13878, enables remote attackers to crash DNS servers by sending specially crafted, malformed DNS records, potentially disrupting critical internet infrastructure and organizational services. The vulnerability stems […]

The post BIND 9 Vulnerability Allow Attackers to Crash Server by Sending Malicious Records appeared first on Cyber Security News.

Security researchers have identified a sophisticated multi-stage malware campaign targeting Windows systems through social engineering and weaponized cloud services. The attack employs business-themed documents as deceptive entry points, luring users into extracting compressed archives containing malicious shortcuts that execute PowerShell commands in the background. Once initiated, the infection chain systematically neutralizes Microsoft Defender before delivering […]

The post New Multi-Stage Windows Malware Disables Microsoft Defender Before Dropping Malicious Payloads appeared first on Cyber Security News.

A critical code-injection vulnerability has been identified in the Node.js binary-parser library, affecting all versions before 2.3.0. The flaw allows attackers to execute arbitrary JavaScript code if untrusted input is used to construct parser definitions, potentially compromising application integrity and system security. The binary-parser library, designed to facilitate writing efficient binary parsers in a simple, […]

The post Critical Vulnerability in Binary-Parser Library for Node.js Allows Malicious Code injection appeared first on Cyber Security News.

Новая версия правил этики Claude станет «живым документом» и будет регулярно обновляться.

360安全服务智能体为政企单位筑牢安全屏障

一起探索安卓逆向的奥秘

AI催生高危Linux恶意软件新案例

看雪论坛作者ID：G0t1T

近日，绿盟科技CERT监测到GNU发布安全公告，修复了GNU InetUtils Telnetd远程身份验证绕过漏洞（CVE-2026-24061），CVSS评分9.8，目前漏洞细节与PoC已公开，请相关用户尽快采取措施进行防护。

A new malicious package discovered in the Python Package Index (PyPI) has been found to impersonate a popular library for symbolic mathematics to deploy malicious payloads, including a cryptocurrency miner, on Linux hosts. The package, named sympy-dev, mimics SymPy, replicating the latter's project description verbatim in an attempt to deceive unsuspecting users into thinking that they are

白俄罗斯业余无线电（HAM Radio）社区紧急呼吁外界关注，白俄罗斯政府对该社区实施了突袭行动，至少逮捕了七人，威胁对其中三人判处死刑，理由是他们窃取国家机密。面临死刑惩罚的三人属于一个有 50 多名成员的业余无线电爱好者网络，他们被控“间谍罪”和“叛国罪”。政府查获了 500 多件无线电设备，国家电视台称他们利用无线电监视政府飞机的行踪，但未提供证据。

Here’s how the most common scams targeting Apple Pay users work and what you can do to stay one step ahead

美国NASA利用区块链技术实现航空系统零信任网络安全

首个利用国产AI IDE开发的高级恶意软件曝光

腾讯云安全联手A*STAR共绘可信可控AI智能体发展蓝图

前言前面提到一些webshell的绕过手法，就是利用一些内置的函数去解析正常的业务逻辑，在正常的业务逻辑里面隐藏我们的恶意代码，再通过特定函数去进行解析提取业务逻辑里面的恶意代码，再进行拼接，从而达到绕过AI检测的效果但是比赛的要求是这样的：我们需要从外部获取参数来控制命令执行，一开始我以为很简单，毕竟我都绕过了命令执行了，那接收参数这个不是简简单单吗？但是我想错了遇到的困难比如说下面这段：利用分

Cybersecurity researchers have uncovered two critical security flaws in Chainlit, a widely used open-source AI framework with over 700,000 monthly downloads. The vulnerabilities allow attackers to steal sensitive cloud credentials, leak database files, and take control of enterprise AI environments without user interaction. Zafran Labs identified these flaws affecting internet-facing deployments across enterprises. Both vulnerabilities […]

The post Critical Chainlit AI Vulnerabilities Let Hackers Gain Control Over Cloud Environments appeared first on Cyber Security News.