Aggregator

2月28日，工信部、市场监管总局联合发布《关于进一步加强智能网联汽车产品准入、召回及软件在线升级管理的通知》，旨在进一步规范智能网联汽车准入、召回及软件在线升级管理，切实保障车辆安全，提升智能网联汽车产品安全水平，推动汽车产业高质量发展。

近期发布的 Deep Seek 系列模型训练中大量高质量推理数据集的使用更加凸显了高质量数据的重要性，而大模型要与垂直领域深度融合同样需要高质量数据集的支撑。

漏洞作为攻击入侵的重要突破口，同时也是网络安全防护工作的基础，而人才作为这一基础的核心要素，如何培养并打造具备实战化能力的漏洞安全人才，已成为网络安全防护领域的重要课题。

How can security teams effectively monitor evolving attacks and stay ahead of constantly shifting attacker infrastructure? We spoke with a chief information security officer at a transport company about how they use subscriptions to Search Updates in Threat Intelligence Lookup to tackle this challenge.  Here’s what we learned.  Company Info  Without getting into any specifics, […]

The post How Transport Company Gets Real-Time IOC and IOB Updates on Active Cyber Attacks  appeared first on ANY.RUN's Cybersecurity Blog.

The threat actor known as Lotus Panda has been observed targeting government, manufacturing, telecommunications, and media sectors in the Philippines, Vietnam, Hong Kong, and Taiwan with updated versions of a known backdoor called Sagerunex. "Lotus Blossom has been using the Sagerunex backdoor since at least 2016 and is increasingly employing long-term persistence command shells and developing

美国计算机学会（ACM）宣布 2024 年图灵奖授予了奠定强化学习概念和算法基础的计算机科学家 Andrew G. Barto 和 Richard S. Sutton。在 1980 年代发表的一系列论文中，Barto 和 Sutton 介绍了强化学习的主要思想，构建了数学基础，发展了重要算法——强化学习是构建智能系统的最重要方法之一。虽然算法是几十前发展的，但过去 15 年，通过结合强化学习与深度学习算法，推动了深度强化学习技术的出现。

Silk Typhoon is a Chinese state actor focused on espionage campaigns targeting a wide range of industries in the US and throughout the world. In recent months, Silk Typhoon has shifted to performing IT supply chain attacks to gain access to targets. In this blog, we provide an overview of the threat actor along with insight into their recent activity as well as their longstanding tactics, techniques, and procedures (TTPs), including a persistent interest in the exploitation of zero-day vulnerabilities in various public-facing appliances and moving from on-premises to cloud environments.

The post Silk Typhoon targeting IT supply chain appeared first on Microsoft Security Blog.

The rapid adoption of cloud services, SaaS applications, and the shift to remote work have fundamentally reshaped how enterprises operate. These technological advances have created a world of opportunity but also brought about complexities that pose significant security threats. At the core of these vulnerabilities lies Identity—the gateway to enterprise security and the number one attack vector

谷歌推出AI防诈骗功能，实时检测安卓设备上的对话诈骗，保护用户隐私。功能设备端运行，默认启用，首批覆盖美、英、加英语用户，计划扩展。

A vulnerability was found in Elastic Kibana up to 8.17.2. It has been rated as very critical. This issue affects some unknown processing of the component File Upload Handler. The manipulation leads to improperly controlled modification of object prototype attributes ('prototype pollution'). The identification of this vulnerability is CVE-2025-25015. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

The U.S. Department of the Treasury has intensified its global campaign against darknet-facilitated drug trafficking by sanctioning Behrouz Parsarad, the Iran-based administrator of the notorious Nemesis Marketplace. The move, announced on March 5, 2025, follows a 2024 international law enforcement operation that dismantled the platform, which enabled over $30 million in illicit drug sales—including synthetic […]

The post U.S. Cracks Down on Nemesis Darknet Admin with New Treasury Sanctions appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.