【AI报告】全球安全态势分析报告(4.15)
美伊对峙引发波斯湾战略通道危机、以色列持续对黎巴嫩与加沙实施军事行动、俄乌战争烈度维持高位。与此同时,苏丹内战进入第三年,人道主义灾难规模跃升为全球之最。全球市场目前呈现谨慎反弹,但能源通道安全风险仍对大宗商品形成系统性上行压力。
Aggregator
Prepping for 'Q-Day': Why Quantum Risk Management Should Start Now
2 months ago
Quantum computers are coming and may impact systems in unexpected ways, and it will "take years to be fully quantum-safe, if ever," cryptography expert warns.
Rob Wright
Реверс-инжиниринг, поиск уязвимостей и анализ угроз — OpenAI обучила отдельную версию GPT-5.4 специально для киберзащитников
2 months ago
Новая модель умеет анализировать бинарники без доступа к исходному коду.
CISA flags Windows Task Host vulnerability as exploited in attacks
2 months ago
CISA warned U.S. government agencies to secure their systems against a Windows Task Host privilege escalation vulnerability that could allow attackers to gain SYSTEM privileges. [...]
Sergiu Gatlan
美国国会新法案要求操作系统验证用户年龄
2 months ago
美国民主党议员 Josh Gottheimer 和共和党议员 Elise M. Stefanik 联合提出了一项新法案,要求操作系统开发商验证用户的年龄。法案已于 4 月 13 日递交到众议院能源和商业委员,其详细内容还没有公开,目前只知道法案的标题是“To require operating system providers to verify the age of any user of an operating system, and for other purposes”。该法案可能是 Gottheimer 本月初提出的 Parents Decide Act 的一部分,其中包括:要求苹果和 Google 等操作系统开发商在设置新设备时验证用户年龄,不依赖于用户自行报告的年龄;允许家长从一开始就设置适合孩子年龄的内容控制,包括限制访问社交媒体、应用和 AI 平台;确保年龄和家长控制设置安全传输到应用和 AI 平台,它们因此能为儿童量身定制内容;通过在各个平台建立一致且可信的标准,防止儿童访问有害或露骨的内容,包括不合适的 AI 聊天机器人互动。
Signed Adware Operation Disables Antivirus Across 23,000 Hosts
2 months ago
Huntress uncovers adware deploying AV-killing payloads via signed updates across 23,000 endpoints
Audit: Big Tech Often Ignores CA Privacy Law Opt-Out Requests
2 months ago
Google, Meta, and Microsoft about half the time don't comply with requests to opt out of online tracking per a California law mandate, privacy watchdog finds.
Elizabeth Montalbano
Хакеры зашли за топливом, а ушли с телефонами. В Японии гадают, зачем ломали судоходную компанию
2 months ago
Что известно о взломе топливной системы NYK Line.
Educational company McGraw Hill says Salesforce misconfiguration led to data leak
2 months ago
The data breach emerged this weekend when the ShinyHunters cybercriminal organization claimed to have stolen 45 million Salesforce records and threatened to leak the information by April 14 if a ransom was not paid.
G.O.S.S.I.P 阅读推荐 2026-04-15 大模型安全对齐新思路:让“该不该答”听“安不安全”的话
2 months ago
斯坦福报告凸显了 AI 业内人士和公众之间的分歧
2 months ago
斯坦福大学 HAI 研究院本周一发表了年度报告 AI Index。报告凸显了 AI 业内人士和公众之间日益扩大的分歧。报告援引皮尤研究中心上月发布的一份报告:只有 10% 的美国人对 AI 在日常生活中的日益普及感到兴奋而非担忧,但 56% 的 AI 专家认为 AI 将在未来 20 年对美国产生积极影响。AI 专家的意见和公众情绪存在显著分歧:84% 的专家认为 AI 未来 20 年将对医疗保健产生积极影响,只有 44% 的公众持相同观点;73% 的专家积极看待 AI 对工作方式的影响,而持相同观点的公众仅占 23%;69% 的专家认为 AI 将对经济产生积极影响,只有 21% 的公众持相同观点;AI 专家对 AI 对就业市场的影响持较为乐观态度,而 64% 的公众认为 AI 将在未来 20 年导致就业岗位减少。
Akira
2 months ago
You must login to view this content
cohenido
Akira
2 months ago
You must login to view this content
cohenido
Google, Microsoft, Meta Tracking You Even if You Opt Out – New Research
2 months ago
In a massive blow to consumer privacy, a new forensic audit reveals that tech giants Google, Microsoft, and Meta are systematically ignoring legally defined privacy opt-out signals. According to the March 2026 California Privacy Audit conducted by webXray, 194 online advertising services are setting tracking cookies even after users explicitly invoke the Global Privacy Control […]
The post Google, Microsoft, Meta Tracking You Even if You Opt Out – New Research appeared first on Cyber Security News.
Abinaya
«Починить нельзя оставить» — 5 новых правил кибербезопасности от ФСТЭК для госорганов и заводов
2 months ago
ФСТЭК утвердила правила цифровой гигиены для госслужащих и подрядчиков.
Microsoft Releases Cumulative Update KB5083769 for Windows 11, Version 25H2 and 24H2
2 months ago
Microsoft has officially released the April 2026 Patch Tuesday cumulative update, KB5083769, for Windows 11 versions 25H2 and 24H2. Released on April 14, 2026, this mandatory security update addresses system vulnerabilities. It brings significant structural enhancements, advancing the operating system to OS Builds 26200.8246 and 26100.8246, respectively. This update combines the latest security patches with […]
The post Microsoft Releases Cumulative Update KB5083769 for Windows 11, Version 25H2 and 24H2 appeared first on Cyber Security News.
Abinaya
Windows Active Directory Vulnerability Allows Attackers to Execute Malicious Code
2 months ago
Microsoft has released urgent security updates to address a critical vulnerability in Windows Active Directory that allows attackers to execute malicious code. Disclosed on April 14, 2026, the vulnerability poses a significant risk to enterprise networks by potentially granting threat actors deep access to core identity and access management servers. Microsoft urges administrators to apply […]
The post Windows Active Directory Vulnerability Allows Attackers to Execute Malicious Code appeared first on Cyber Security News.
Abinaya
New PHP Composer Vulnerability Let Attackers Execute Arbitrary Commands
2 months ago
PHP Composer released urgent security updates to address two critical command injection vulnerabilities. PHP Composer is an essential dependency management tool used globally by developers, making any code execution flaws highly concerning. These specific bugs reside in the Perforce Version Control System (VCS) driver and allow attackers to execute arbitrary commands on a victim’s machine. Users […]
The post New PHP Composer Vulnerability Let Attackers Execute Arbitrary Commands appeared first on Cyber Security News.
Abinaya
CVE-2026-1636 | Lenovo Service Bridge 4/4.1.0.1/5.0.2.17 uncontrolled search path
2 months ago
A vulnerability was found in Lenovo Service Bridge 4/4.1.0.1/5.0.2.17. It has been rated as problematic. Affected by this issue is some unknown functionality. This manipulation causes uncontrolled search path.
This vulnerability is handled as CVE-2026-1636. It is possible to launch the attack on the local host. There is not any exploit available.
Upgrading the affected component is advised.
vuldb.com
CVE-2026-4135 | Lenovo Software Fix prior 7.5.5.19 link following (EUVD-2026-22925)
2 months ago
A vulnerability was found in Lenovo Software Fix. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation results in link following.
This vulnerability is known as CVE-2026-4135. Attacking locally is a requirement. No exploit is available.
It is recommended to upgrade the affected component.
vuldb.com