Aggregator

Финальный релиз Python 3.15 запланирован на 1 октября.

今日暂未更新资讯~
更多最新文章，请访问SecWiki

2025 年 12 月斯坦福大学的研究人员分析了 22 亿条社媒帖子，寻找模式识别发布有毒内容的用户比例。所谓有毒内容指的是充斥着仇恨的极端主义内容。那么发布有毒内容的用户比例多高呢？可能比你想象的低得多，但此类内容被推荐算法放大而让很多人以为它们是主流。在 Twitter/X 上，有毒推文的转发量比非有毒推文高约 86%，曝光度高约 27%；0.3% 的用户分享了 80% 的争议新闻；6% 的用户发布了约 73% 的政治推文。在 TikTok 上，25% 的用户发布了 98% 的公开视频。具体数字有所不同，但本质相同：少数活跃用户压倒了绝大多数用户。研究人员发现的社媒模式是：沉默的大多数，因担心表达异议而社交孤立，大多数用户要么保持沉默要么离开平台，将平台空间让给了表达极端观点的用户；积极发帖的少数人会陷入认知偏差，认为自己属于多数派。

Exaforce announced a $125 million Series B financing round, one of the largest ever in the emerging AI SOC space. The round includes participation from HarbourVest, Peak XV, Mayfield, Khosla Ventures, Seligman Ventures and AICONIC. The new capital will help Exaforce scale its AI-native security operations platform, deepen its real-time reasoning capabilities, and expand globally. Coming just one year after its $75 million Series A, the round brings Exaforce’s total funding to $200 million. AI … More →

The post Exaforce raises $125 million to respond to AI-powered attacks appeared first on Help Net Security.

Security researchers at XLab have outlined an active attack campaign targeting CVE-2026-41940, the recently disclosed vulnerability in cPanel & WHM, and have linked it to a stealthy hacking group that has been operating largely undetected for years. The vulnerability allows an attacker to log into a cPanel server without a username or password, effectively handing them administrator control over the cPanel host system, its configurations and databases, and the websites it manages. The attack campaign … More →

The post Stealthy hackers exploit cPanel flaw in active backdoor campaign (CVE-2026-41940) appeared first on Help Net Security.

2026 年 3 月，美国与以色列对伊朗发动空袭后，全球冲突报道最依赖的商业卫星影像源突然陷入停滞。

Он полон энергии. Просто раньше никто не знал, как её взять.

ThreatDown, the former corporate business unit of Malwarebytes, launched ThreatDown Identity Threat Detection and Response (ITDR). ITDR is a new product that helps security teams monitor identities to detect suspicious activity, misconfigurations, and active attacks targeting user accounts and privileges. With native integrations for Microsoft Entra ID, Okta, and Active Directory, security teams gain unified visibility across hybrid identity environments without deploying additional agents. Natively integrated with the ThreatDown EDR and MDR platform, ITDR delivers … More →

The post ThreatDown ITDR prevents credential-based attacks appeared first on Help Net Security.

With Daybreak, OpenAI wants its frontier AI models to be used to deploy secure by design software from the ground up

Microsoft Incident Response investigated an attack operated through legitimate and trusted administrative mechanisms to blend seamlessly into routine operations and remain undetected demonstrating that intrusions have increasingly avoided using noisy exploits, obvious malware, or custom tooling, instead leveraging systems that organizations already trust within their environments.

The post Undermining the trust boundary: Investigating a stealthy intrusion through third-party compromise appeared first on Microsoft Security Blog.

Microsoft Incident Response investigated an attack operated through legitimate and trusted administrative mechanisms to blend seamlessly into routine operations and remain undetected demonstrating that intrusions have increasingly avoided using noisy exploits, obvious malware, or custom tooling, instead leveraging systems that organizations already trust within their environments.

The post Undermining the trust boundary: Investigating a stealthy intrusion through third-party compromise appeared first on Microsoft Security Blog.

Что показал реальный тест нашумевшей ИИ-системы Anthropic для поиска дыр в коде.

Enterprises running Amazon Quick, the AWS business intelligence and agentic AI service, rely on a feature called custom permissions to restrict who inside an account can use AI chat agents. Fog Security founder Jason Kao discovered that those restrictions were enforced only in the user interface for a period earlier this year, and direct calls to the backend API returned successful chat responses from agents that administrators had explicitly disabled. A locked door that was … More →

The post Amazon Quick authorization bypass let users reach blocked AI chat agents appeared first on Help Net Security.

Veeam Software announced Veeam Intelligent ResOps, a new solution that unifies data context and recovery operations. As agentic AI accelerates change at machine speed, Intelligent ResOps gives teams the insight they need into their data to quickly understand impact and recover precisely – without broad rollbacks when something happens. When insights are disconnected from recovery, response slows and risk rises. Intelligent ResOps is the first resilience offering on the new Veeam DataAI Command Platform and … More →

The post Veeam Intelligent ResOps unifies data context and recovery appeared first on Help Net Security.

长期以来，土星环究竟是如何形成的，一直都是争论的焦点。最新的数值模拟指出，壮丽的行星环系统并非与土星同时诞生，而是在约 1 亿年前才形成。这项由美中联合研究团队提出的假说，将环的起源归功于一颗被命名为蝶蛹（Chrysalis）的古老卫星，在强大引力作用下发生的结构性毁灭。该卫星的物理规格与现今的土星第三大卫星土卫八（Iapetus）相仿，直径约 1,469 公里，且具备分层化的内部结构，由岩石核心与外层冰壳组成。研究指出，蝶蛹卫星原本运行于非常狭长的椭圆轨道，最近轨道距离土星半径的1至1.5倍区域，这正是冰质天体的洛希极限（Roche limit）临界范围。在此区域内，土星强大的潮汐力克服了卫星自身的结构强度，迫使其在引力撕扯下发生彻底的崩解。卫星解体后的残骸大部分被土星引力捕获，历经演化后形成了广阔的行星环，其余部分则逃逸至太空。研究显示，初期的土星环规模可能远超现今观测所见，但随后受到土卫六（Titan）等大型卫星的引力影响，大量物质被移除或重新分配。

Anthropic’s AI found five vulnerabilities in curl, but only one low-severity issue proved to be a real vulnerability. In April, Anthropic made considerable noise announcing Mythos, a new artificial intelligence model described as so effective at identifying vulnerabilities in code as to be, in the company’s own words, “dangerously good.” So good, in fact, that […]

RubyGems, the standard package manager for the Ruby programming language, has temporarily paused account sign ups following what has been described as a "major malicious attack." "We're dealing with a major malicious attack on RubyGems right now," Maciej Mensfeld, senior product manager for software supply chain security at Mend.io, said in a post on X. "Signups are paused for the time being.