Aggregator

澳大利亚正面临日益增长的AI驱动网络攻击威胁，2025年已发现超50个活跃威胁集团，涉及勒索软件、网络犯罪和APT组织等。重大网络安全事件较2024年增长13%，主要针对能源、IT、金融等关键行业。

现代汽车正向数字化发展,提供智能系统与便利功能,但也扩大了网络安全风险。车内网络复杂,不同车型安全架构差异大,未来可能面临更多威胁,尤其是针对车队和商用车辆的攻击风险增加。

T1078 техника MITRE побеждает. Легитимные учётки стали оружием хакеров.

百度计划通过与网约车企业合作，在2025年下半年和2026年分别拓展亚洲、中东和欧洲市场，并利用中国经验开拓高价市场。其自动驾驶出租车业务"萝卜快跑"已在中国10余个城市运营，累计服务超1400万次，行驶里程超1亿公里。

百度无人驾驶出租车业务将拓展海外市场。预计 2025 年下半年进驻亚洲和中东，2026 年将涉足欧洲。将通过与网约车大企业合作，方便消费者利用。在美国 Alphabet 旗下的 Waymo寻 求进军日本等海外市场的情况下，百度将利用在中国积累的经验，开拓单价较高的海外市场。百度早在 2013 年就启动了自动驾驶技术的研发，以 2019 年的湖南省长沙市为开端，推出了无人自动驾驶出租车业务“萝卜快跑(Apollo Go)”。目前在湖北武汉和北京等 10 多个城市开展业务。4～6 月的运营次数增加到 220 万次，是 2024 年同期的 2.5 倍。从服务开始到 8 月，累计 1400 万次，行驶里程超过 1 亿公里。

Microsoft halts PoC exploit sharing with Chinese firms after SharePoint zero-day leaks, giving only written bug details to curb future abuse. Microsoft has reportedly stopped giving Chinese firms proof-of-concept exploit code through its Microsoft Active Protections Program (MAPP) program after July’s mass exploitation of SharePoint flaws, believed linked to a leak of early bug disclosures. […]

微软暂停通过MAPP项目向中国公司分享漏洞概念验证代码（PoC），改提供书面描述以防止滥用。此决定源于7月SharePoint零日漏洞被利用事件，涉及中国国家行为者及勒索团伙。微软观察到多个中国关联威胁组织利用这些漏洞进行攻击，并警告未来可能有更多此类活动。

Cybersecurity researchers have identified a sophisticated social engineering technique called ClickFix that has been rapidly gaining traction among threat actors since early 2024. This deceptive attack method targets both Windows and macOS devices, tricking users into executing malicious commands through seemingly legitimate technical troubleshooting procedures. The technique has been observed in campaigns affecting thousands of […]

The post Microsoft Warns of Hackers Using ClickFix Technique to Attack Windows and macOS Devices appeared first on Cyber Security News.

Hackers successfully exploited recently discovered vulnerabilities in local Microsoft SharePoint servers, resulting in the leakage of personal data in the United Kingdom. Within days of the flaws being disclosed, three British organizations reported breaches...

The post UK Data Breach: Hackers Exploit SharePoint Flaws, Leaking Confidential Data appeared first on Penetration Testing Tools.

最初因梦想选择网络空间安全专业,后因薪资从事该行业。工作后发现现实与理想差距大,压力大、不稳定、加班频繁。辞职后难以找到合适工作,在职业迷茫中挣扎。

这是一个黑客社区的介绍页面，欢迎新手加入并成长为资深人士。页面鼓励提问、回答和学习，并提供Discord链接供成员交流。

日本理化学研究所宣布，英伟达将参与联合研发下一代富岳超算，其开发代号为富岳NEXT。富岳是世界第一台登顶 TOP500 排行榜的 ARM 超算，性能 415.5 petaflops，2021 年启用，处理器是富士通的 48/52 核 A64FX ARM v8.2-A。富士通公司将负责新超算的基本设计，并将继续为富岳NEXT 研发新处理器，而英伟达将为超算提供 GPU。新超算的计算能力预计将达到 1 Zetta（10 的 21 次方），2030 年前后投入运行。目前 TOP500 排行榜第一的是美国的 El Capitan 超算，使用了 AMD EPYC 处理器，性能 1.742 EFlop/s。

Experts at Guardio Labs have unveiled a novel method of deceiving artificial intelligence, dubbed PromptFix. This technique embeds malicious instructions within a counterfeit CAPTCHA on a webpage. When browsers equipped with autonomous AI capabilities...

The post PromptFix: The AI Exploit That Tricks Your Browser into Phishing Scams appeared first on Penetration Testing Tools.

Microsoft has urgently released out-of-band updates for Windows 10 and Windows 11 to remedy a severe malfunction introduced by the August security rollup. The flaw disrupted the operation of system reset and recovery tools:...

The post Microsoft Emergency Patch: August Windows Update Breaks System Recovery appeared first on Penetration Testing Tools.

Popular browser extensions used for password management have been found vulnerable to a novel attack technique known as DOM-based extension clickjacking. The method was unveiled by independent researcher Marek Tot at DEF CON 33....

The post Major Flaw Exposes Password Managers to “One-Click” Data Theft appeared first on Penetration Testing Tools.

Elon Musk’s company xAI has found itself at the center of a scandal after it was revealed that user conversations with the chatbot Grok had been inadvertently exposed to the public. By clicking the...

The post Grok’s Privacy Crisis: 370,000 Private Conversations Exposed on Google appeared first on Penetration Testing Tools.

文章描述了错误代码521的含义及其常见原因。该错误通常与Cloudflare服务相关，表明源服务器无法处理请求或存在网络连接异常。

作者：tgr 译者：知道创宇404实验室翻译组 原文链接：https://phrack.org/issues/72/18_md#article 0. 引言 \ | \_ \ \____ | \_ \_________ | \_ \_____ ____ \ \_ / \ ~\_ \___ ...

Компания до сих пор не может объяснить, как такое оказалось возможным.

In the United States, a recruiter conducting a live video interview encountered a bot impersonating a job applicant. This incident highlighted the rapid evolution of AI-driven fraud schemes: no longer limited to generating resumes,...

The post AI Job Applicants: The New Fraud Wave Impersonating Candidates in Video Interviews appeared first on Penetration Testing Tools.