Aggregator

当春晚红包把 AI 推向全民，真正的战场已经转移到系统层：谁能让用户在手机上「用起来」。

How Claude's New AI Code Scanning Tool Will Challenge Application Security Leaders
Anthropic's debut of Claude Code Security jolted cybersecurity stocks and intensified competition in application security testing. It promises deep reasoning around identifying and remediating code vulnerabilities but faces steep challenges matching the feature breadth required by large enterprises.

Shared Network Intelligence Adds Ecosystem Visibility to AI Models
Fraudsters collaborate, but most banks still detect fraud alone. This imbalance has defined fraud prevention for years. Now CISOs and fraud practitioners are rethinking their approach using network intelligence signals. Network intelligence shifts the lens by focusing on relationships across banks.

New Programs Aim to Counter Foreign Influence Over Tech Standards
The White House is operationalizing its AI action plan with export-ready "American AI stack" packages, a U.S. Tech Corps and new standards initiatives, aiming to entrench U.S. infrastructure in allied nations while countering foreign influence over global AI governance.

CrowdStrike Global Threat Report warns how adversaries are leveraging AI to make campaigns more efficient and more effective

多架构前沿 Pwn 实战，5小时精通核心技能

看雪论坛作者ID：

A vulnerability was found in exiftool up to 13.49 on macOS. It has been classified as critical. This issue affects the function SetMacOSTags of the file lib/Image/ExifTool/MacOS.pm of the component PNG File Parser. This manipulation of the argument DateTimeOriginal causes os command injection. This vulnerability is tracked as CVE-2026-3102. The attack is possible to be carried out remotely. Moreover, an exploit is present. Upgrading the affected component is recommended.

Broadcom issued security advisory VMSA-2026-0001 on February 24, 2026, disclosing three vulnerabilities in VMware Aria Operations that pose risks, including remote code execution. Organizations using affected products should prioritize patching to mitigate potential exploits. VMware Aria Operations, a key component in products like VMware Cloud Foundation, Telco Cloud Platform, and Telco Cloud Infrastructure, faces command […]

The post Multiple VMware Aria Vulnerabilities Allow Remote Code Execution Attacks appeared first on Cyber Security News.

手机安全无小事，转发提醒！

当深度伪造技术的使用与传统伦理规则的运行产生严重张力时，则会颠覆“眼见为实”的传统认知基础，加速长期以来维系人类社会的伦理观的崩塌。基于此，探讨生成式人工智能的深度伪造风险及其伦理规制极具理论价值与现实意义。

当前，我国正处在加速构建数据基础制度、释放数据要素价值的关键阶段。出台《关于培育数据流通服务机构 加快推进数据要素市场化价值化的意见》是对国家顶层设计、产业发展诉求与市场现实需要的及时回应，具有鲜明的针对性和指引性，可谓恰逢其时、意义重大。

网络经济犯罪不断蔓延、地缘政治复杂博弈与数字技术非法滥用等深度交织，成为2025年中东地区面临的网络安全威胁新特征。在此背景下，中东国家通过出台战略规划、加强基础设施建设、拓展国际合作、打击非法网络活动、加强对华联系等多种措施……

The threat activity cluster known as UnsolicitedBooker has been observed targeting telecommunications companies in Kyrgyzstan and Tajikistan, marking a shift from prior attacks aimed at Saudi Arabian entities. The attacks involve the deployment of two distinct backdoors codenamed LuciDoor and MarsSnake, according to a report published by Positive Technologies last week. "The group used several

Submit #758146 / VDB-347528

A fake Zoom meeting page looks real, triggers a bogus “update,” and silently installs surveillance software.

The post Fake Zoom meeting “update” silently installs surveillance software appeared first on Security Boulevard.

A vulnerability was found in Intelbras TIP 635G 1.12.3.5 and classified as critical. This vulnerability affects unknown code of the component Ping Handler. The manipulation results in os command injection. This vulnerability is identified as CVE-2026-3101. The attack can be executed remotely. Additionally, an exploit exists. The vendor was contacted early about this disclosure but did not respond in any way.

Мессенджеру грозит полная деградация в РФ.

A vulnerability has been found in dotCMS 24.12/25.07 and classified as critical. This affects an unknown part of the component Velocity Scripting Engine. The manipulation leads to sql injection. This vulnerability is referenced as CVE-2025-11165. Remote exploitation of the attack is possible. No exploit is available.

A vulnerability, which was classified as critical, was found in WSO2 API Manager and Identity Server. Affected by this issue is some unknown functionality. Executing a manipulation can lead to authentication bypass by spoofing. The identification of this vulnerability is CVE-2024-1524. The attack may be launched remotely. There is no exploit available. You should upgrade the affected component.