Aggregator

去年的这个时候，我把博客从 Hexo 迁移到 Next.js。现在，随着 Next.js 13 App Router 已经稳定，我又把博客从 Next.js Pages Directory 迁移到了 Next.js 13 的 App Router 和 React Server Component。

研究论文对DoH和Do53的性能进行了测量，从DoH提供商和地理位置方面分析了两者的差异，并对可能的原因进行了分析。该论文发表于网络测量领域顶级会议ACM IMC 2021。

一款纯净版内网探测工具，解决某些工具内网探测速率慢、服务爆破误报率高以及socks流量代理出问题且工具落地又被秒的困扰

TrackAssist - 批量快速溯源辅助脚本

laoyue是一款自动化监控收集资产的工具,可以帮助你定期收获资产,敏感信息和漏洞信息，发现安全问题进行自动推送到钉钉。

Summary X-Force is monitoring a report of firmware updates published to address a critical deserialization remote code execution vulnerability (CVE-2023-33299) in Fortinet’s FortiNAC products. Threat Type Vulnerability Overview X-Force is monitoring a critical vulnerability in Fortinet’s FortiNAC products. The vulnerability, if exploited, could allow for an unauthenticated user to execute unauthorized code or commands through specifically crafted requests to the tcp/1050 service. The vulnerability is rated

人生如逆旅，我亦是行人

Prioritizing content personalization can improve user engagement, enhance customer experiences, and boost revenue on a global scale.

NIST’s IoT cybersecurity guidance has long recognized the importance of secure software development (SSDF) practices, highlighted by the NIST IR 8259 series—such as the recommendation for documentation in Action 3.d of NIST IR 8259B, that manufacturers have considered and documented their “secure software development and supply chain practices used.” The NIST SSDF (NIST SP 800-218) describes software development practices that can aid manufacturers in developing IoT products by providing guidance for the secure development of software and firmware. These development practices can also provide

In today's world, where networks generate an overwhelming amount of data, security analysts often find themselves struggling to separate the real threats from the noise. Their days are spent in a constant reactive mode, leaving little room for proactive measures due to limited time and resources. In this blog post, we'll delve into how GreyNoise empowers security analysts and transforms their daily work by cutting through the noise and providing invaluable insights

We review the final changes in the 2023 update to the OWASP Top 10 API Security Risks to help you on your journey to secure your APIs.

墨菲安全入选开放原子开源基金会-开源安全委员会成员单位。基于OSCS社区与产品服务提供各项能力，并将SCA工具和相关插件开源，在社区中共享。积极参与开源安全标准的改进与制定，推动标准的落地，支撑产业合作落地。

An updated report from the NCSC explaining how UK law firms - of all sizes - can protect themselves from common cyber threats.

Midjourney最大的优点就是使用的便利性，任何一个不懂技术的设计都可以通Midjourney来快速完成设计，而且Midjourney的底层基础模型成熟度相当高，生成的图质量都很高。

Akamai was named a Leader in the IDC MarketScape for delivering cloud security without performance trade-offs via our mature application security portfolio.

New advice on implementing high-risk and ‘break-glass’ accesses in cloud services.

OpenAI continues to add plugins with security vulnerabilities to their store. In particular powerful plugins that can impersonate a user are not getting the required security scrutiny, or a general mitigation at the platform level. As a brief reminder, one of the challenges Large Language Model (LLM) User-Agents, like ChatGPT, and plugins face is the Confused Deputy Problem / Plugin Request Forgery Attacks, which means that during a Prompt Injection attack an adversary can issue commands to plugins to cause harm.