Aggregator

首尔特辑 | 白泽PoC 2025 参会小记

某物业公司被查处山东莱阳某小区物业公司因未落实网络安全保护义务被警方查处，其智慧社区及停车管理系统长期无防护且

火绒终端安全管理系统远程协助功能，作为政企用户运维利器，可高效解决跨地域终端问题，同时兼顾安全。

Ни один враг больше не спрячется на глубине.

Feds Warn US May Lose Quantum Race Without Sustained Research Funding
Federal scientists told Congress that failure to reauthorize the National Quantum Initiative threatens to unravel coordinated research and development progress, stall commercialization and allow China to surpass U.S. leadership as adversaries accelerate post-quantum capabilities.

Also, CIRO Phishing Breach, Ingram Micro Ransomware and CVE Surge
This week, DOGE posted sensitive data on an outside server. A phishing attack affected 750,000 Canadians. A hacktivism warning from the U.K. NCSC. An Ingram Micro breach. CVEs surged in 2025. SK Telecom challenged a fine. Researchers disclosed Chainlit flaws. North Korean hackers abused VS Code.

OIG: Gaps in Standards, Third-Party Oversight Put Agencies, Health Sector at Risk
Auditors say the U.S. Department of Health and Human Services should buttress its ability to respond to cyberthreats by standardizing governance and controls across its many divisions - and also do a better job of overseeing its many contractors and the risk they introduce.

强势围观！

TikTok 发布公告，已成立 TikTok 美国数据安全合资有限责任公司（TikTok USDS Joint Venture LLC）。该合资公司将负责 TikTok 美国的数据保护、算法安全、内容审核及软件保障。在 TikTok 美国数据安全合资公司中，甲⻣⽂、银湖资本、MGX 各持股 15%。其他投资⽅包括海纳国际集团关联企业 Vastmere 战略投资有限责任公司、Alpha Wave Partners 等多家企业，字节跳动保留 19.9% 的股份。

面对网络漏洞、数据泄露、勒索软件及APT等13类主要威胁，需构建全方位的SaaS防护体系。

A malicious software package masquerading as a ubiquitous library for symbolic mathematics has been identified within the official

The post The Math Malware: How “sympy-dev” Hijacked PyPI to Mine Crypto appeared first on Penetration Testing Tools.

Опытные программисты получают от ИИ прирост производительности в 3,6%, тогда как начинающие — почти нет.

The North Korean threat collective PurpleBravo has, for over a year, orchestrated a sophisticated and targeted offensive designated

The post The Recruitment Trap: North Korea’s “Contagious Interview” Infiltrates Global AI Firms appeared first on Penetration Testing Tools.

大约 800 名艺术家、作家、演员和音乐家署名发起了名为“Stealing Isn't Innovation”的运动，对 AI 公司的大规模盗窃行为发起反击。署名者包括了 George Saunders 和 Jodi Picoult 等作家，凯特·布兰切特和斯嘉丽·约翰逊等演艺明星，R.E.M. 乐队、Billy Corgan 和 根枝乐队（The Roots）等音乐人。AI 公司训练大模型的数据集包含了大量未经授权的版权内容。“Stealing Isn't Innovation”认为，“在 GenAI 领导权争夺战的驱动下，唯利是图的科技公司——既包括全球顶级富豪企业，也包括私募股权支持的创投公司——在未经授权且未支付报酬的情况下，从网上抓取了海量的创作内容。这种非法的知识产权掠夺行为催生了一个充斥着虚假信息、深度伪造以及平庸低质内容（AI slop）的信息生态系统。这不仅可能导致 AI 模型由于数据污染而崩溃，还直接威胁到美国在 AI 领域的领先地位及其国际竞争力。”