Почему чат-боты «сходят с ума» в долгих переписках? Все дело в постепенной смене персонажа
Ученые объяснили, как устроены «личности» ИИ.
Aggregator
New Research Exposes Critical Gap: 64% of Third-Party Applications Access Sensitive Data Without Authorization
3 months ago
Boston, MA, USA, January 21st, 2026, CyberNewsWire Reflectiz today announced the release of its 2026 State of Web Exposure Research, revealing a sharp escalation in client‑side risk across global websites, driven primarily by third‑party applications, marketing tools, and unmanaged digital integrations. According to the new analysis of 4,700 leading websites, 64% of third‑party applications now […]
The post New Research Exposes Critical Gap: 64% of Third-Party Applications Access Sensitive Data Without Authorization appeared first on Cyber Security News.
Cybernewswire
NightSpire
3 months ago
You must login to view this content
cohenido
Palantir CEO 称 AI 让大规模移民过时
3 months ago
Palantir CEO Alex Karp 在达沃斯世界经济论坛的一个讨论会上表示,AI 将取代大量工作,让大规模移民变得过时。他认为白领和蓝领的地位将出现翻转,“你们国家的公民将拥有充足的就业机会,尤其是接受过职业技能培训的人。我认为目前的趋势确实让人很难想象,除非具备非常专业的技能,否则为什么还需要大规模移民。”Karp 拥有博士学位,他以自己为例,认为此类“精英”白领正面临极高的被替代风险。他认为职业技能型劳动者将变得更重要,甚至“不可替代”。他批评了将高等教育视为衡量人才价值和就业能力终极标准的观点。Palantir 联合创始人、特朗普的支持者 Peter Thiel 阐述过类似观点。
Phishing and Spoofed Sites Remain Primary Entry Points For Olympics
3 months ago
Cyber risks for the Milano-Cortina 2026 Winter Games include phishing and spoofed websites as key threat vectors
SecWiki News 2026-01-21 Review
3 months ago
XXE到Chrome RCE:一次完整的不出网利用实践 by ourren
VoidLink: Evidence That the Era of Advanced AI-Generated Malware by ourren
高级持续性威胁十年嬗变 by ourren
2026网络安全趋势报告 by ourren
美军入侵委内瑞拉背后的网络作业能力频谱猜测与关联分析 by ourren
更多最新文章,请访问SecWiki
VoidLink: Evidence That the Era of Advanced AI-Generated Malware by ourren
高级持续性威胁十年嬗变 by ourren
2026网络安全趋势报告 by ourren
美军入侵委内瑞拉背后的网络作业能力频谱猜测与关联分析 by ourren
更多最新文章,请访问SecWiki
全球诈骗广告推送的隐秘版图
3 months ago
你的手机或者浏览器是不是偶尔会弹出一些奇怪的通知?
深入解析eBPF TC层防火墙:无状态检测漏洞与TCP分段、HTTP Range双向绕过
3 months ago
含uofTCTF2026 firewall题解
Greek police arrest scammers using fake cell tower hidden in car trunk
3 months ago
A vehicle search uncovered a mobile computing system hidden in the trunk and connected to a roof-mounted transmitter disguised as a shark-fin antenna.
Zoom and GitLab Release Security Updates Fixing RCE, DoS, and 2FA Bypass Flaws
3 months ago
Zoom and GitLab have released security updates to resolve a number of security vulnerabilities that could result in denial-of-service (DoS) and remote code execution.
The most severe of the lot is a critical security flaw impacting Zoom Node Multimedia Routers (MMRs) that could permit a meeting participant to conduct remote code execution attacks. The vulnerability, tracked as CVE-2026-22844
The Hacker News
«Отдай мастер-пароль, или всё удалим!». Как хакеры берут на мушку пользователей LastPass
3 months ago
Объясняем, почему в этой игре на нервах проигрывает тот, кто торопится.
New Magecart Attack Inject Malicious JavaScript to Skim Payment Data
3 months ago
A new Magecart-style campaign has emerged, targeting online shoppers through malicious JavaScript code designed to steal payment information directly from ecommerce websites. The attack works by injecting hidden scripts into compromised shopping sites, allowing attackers to intercept sensitive data when customers enter their credit card details during checkout. Magecart attacks represent a significant threat to […]
The post New Magecart Attack Inject Malicious JavaScript to Skim Payment Data appeared first on Cyber Security News.
Tushar Subhra Dutta
Alleged Ransomware Attack on Apple’s Second-Largest Manufacturer Luxshare – Confidential Data Exposed
3 months ago
A ransomware attack has reportedly exposed confidential internal documents at a major electronics manufacturer. The breach compromises the company’s critical role in Apple’s global supply chain, including AirPods manufacturing, iPhone production, and Vision Pro assembly. Threat actors have published internal documents revealing sensitive operational intelligence, including production workflows, security procedures, and supply chain protocols. Luxshare […]
The post Alleged Ransomware Attack on Apple’s Second-Largest Manufacturer Luxshare – Confidential Data Exposed appeared first on Cyber Security News.
Abinaya
Microsoft shares workaround for Outlook freezes after Windows update
3 months ago
Microsoft shared a temporary workaround for customers experiencing Outlook freezes after installing this month's Windows security updates. [...]
Sergiu Gatlan
CVE-2025-67851 | Moodle Data Export injection
3 months ago
A vulnerability categorized as problematic has been discovered in Moodle. Affected is an unknown function of the component Data Export. Executing a manipulation can lead to injection.
The identification of this vulnerability is CVE-2025-67851. The attack may be launched remotely. There is no exploit available.
vuldb.com
CVE-2025-13878 | ISC BIND prior 9.18.44/9.20.18/9.21.17 BRID/HHIT assertion
3 months ago
A vulnerability was found in ISC BIND up to 9.18.43/9.18.43-S1/9.20.17/9.20.17-S1/9.21.16. It has been rated as problematic. This impacts an unknown function of the component BRID/HHIT. Performing a manipulation results in reachable assertion.
This vulnerability was named CVE-2025-13878. The attack may be initiated remotely. There is no available exploit.
Upgrading the affected component is advised.
vuldb.com
ACME flaw in Cloudflare allowed attackers to reach origin servers
3 months ago
Cloudflare fixed a flaw in its ACME validation logic that could let attackers bypass security checks and access protected origin servers. Cloudflare fixed a flaw in its ACME HTTP-01 validation logic that could let attackers bypass security checks and reach origin servers. The issue stemmed from how Cloudflare’s edge handled requests to the /.well-known/acme-challenge/ path. […]
Pierluigi Paganini
Открыл README — потерял сервер. В Anthropic хотели упростить жизнь разработчикам, но случайно дали взломщикам ключи от их систем
3 months ago
Кажется, в погоне за эффективностью про базовую цифровую гигиену просто забыли.
Peruvian Loan Scam Harvests Cards and PINs via Fake Applications
3 months ago
Loan phishing operation in Peru is stealing card info by impersonating financial institutions
ErrTraffic Fueling ClickFix by Breaking the Page Visually and Turns Attack to GlitchFix
3 months ago
A new social engineering technique called GlitchFix has emerged, powered by ErrTraffic—a specialized traffic distribution system designed to trick website visitors into downloading malware through visually broken web pages. The attack platform costs around $800 and offers cybercriminals a complete solution for running deceptive campaigns across multiple operating systems. ErrTraffic extends the traditional ClickFix approach […]
The post ErrTraffic Fueling ClickFix by Breaking the Page Visually and Turns Attack to GlitchFix appeared first on Cyber Security News.
Tushar Subhra Dutta