Aggregator

Китай тренируется «выключать» спутники SpaceX.

通过知识注入保护检索增强代码生成 by 花菜

基于操作依赖分析的MLIR编译器基础设施模糊测试 by 花菜

更多最新文章，请访问SecWiki

FT 报道了中国的一种选拔有天赋少年人才进行特殊培养的特教模式，此类特培的最早例子当属中国科技大学的少年班，过去二十年还出现了清华姚班、北大图灵班等特殊培养班。这些特培班为 AI 和科技公司输送了核心技术人才。中科大少年班培养的 3167 名毕业生中，18%-20% 留在学界，逾 200 人成为国内外名校和科研机构教授。去年初引发广泛关注的 DeepSeek 其逾百名研发团队大多数都来自这些特培班。今天中国每年有 500 万 STEM 专业毕业生，相比之下美国约 50 万。在 2025 年中国派出的 23 名参加国际科学奥林匹克竞赛的学生有 22 名获得了金牌。

Hackers exploit a critical React Native CLI flaw (CVE-2025-11953) to run remote commands and drop stealthy Rust malware, weeks before public disclosure. Attackers are actively exploiting a critical flaw in the React Native CLI Metro server, tracked as CVE-2025-11953. The React Native CLI’s Metro dev server binds to external interfaces by default and exposes a […]

Submit #742484 / VDB-344028

Обычные пузырьки для диагностики превратили в управляемый транспорт для химиотерапии.

DockerDash vulnerability allows RCE and data exfiltration via unverified metadata in Ask Gordon

Russian state-sponsored hackers Fancy Bear (aka APT 28) are exploiting CVE-2026-21509, a Microsoft Office vulnerability for which Microsoft released an emergency fix last week. The exploitation CVE-2026-21509 allows unauthorized attackers to bypass a security feature (OLE mitigations in Microsoft 365 and Microsoft Office) locally, by creating and tricking targets into opening booby-trapped Office files. On January 29, 2026 – three days after Microsoft released the aforementioned fix – Zscaler researchers flagged an email phishing campaign … More →

The post Russian hackers are exploiting recently patched Microsoft Office vulnerability (CVE-2026-21509) appeared first on Help Net Security.

There is a comforting illusion in cybersecurity leadership: when things get noisy, you add more people. More analysts. More shifts. More headcount. It feels decisive. It looks responsible. It even photographs well for internal reports.  But SOC inefficiency is rarely a staffing problem. It is a signal problem.  When More People Don’t Mean Better Security  Across industries, security […]

The post Stronger Incident Prevention Takes Just One CISO Decision  appeared first on Cyber Security News.

Autonomous AI agents are creating a new identity blind spot as they operate outside traditional IAM controls. Token Security shows why managing the full lifecycle of AI agent identities is becoming a critical CISO priority. [...]

Gremlin, the proactive reliability platform, launched Disaster Recovery Testing: a new product built to safely and efficiently test zone, region, and datacenter evacuations and failovers. These large-scale tests ensure businesses maintain digital resilience and business continuity when faced with cloud migrations, compliance concerns, and catastrophic events. There were multiple high-profile cloud outages in 2025, such as the AWS us-east-1 zone outage in October 2025 impacting 70,000 companies and incurring losses estimated at $581 million, that … More →

The post Gremlin launches Disaster Recovery Testing for zone, region, and datacenter failovers appeared first on Help Net Security.

UK Data Protection Watchdog has “serious concerns” over data privacy on Elon Musk’s social platform

Полиция задержала более 100 человек в ходе проверки закрытых офисных комплексов.

A sophisticated phishing campaign targeting macOS users has emerged, using fake compliance emails as a delivery mechanism for advanced malware. Chainbase Lab recently detected this campaign, which impersonates legitimate audit and compliance notifications to deceive users. The attack chain combines social engineering with multi-stage fileless payloads designed to steal credentials and establish persistent remote access […]

The post Beware of New Compliance Emails Weaponizing Word/PDF Files to Steal Sensitive Data appeared first on Cyber Security News.

根据发表在《Milbank Quarterly》期刊上的一项研究，哈佛、杜克和密歇根大学的研究人员认为，超加工食品（Ultra-processed foods）与香烟的相似之处远多于与水果或蔬菜的相似之处，需要更严格的监管。超加工食品是经过工业化生产、通常使用乳化剂或人工色素和香精的食品，如软饮料、薯片和饼干。研究人员称，超加工食品和香烟的生产过程存在相似之处，制造商都在努力优化产品“剂量”以及对人体奖赏通路的作用速度。宣传食品“低脂”或“无糖”都是在误导消费者，类似 1950 年代宣传香烟的过滤嘴是一种保护性创新，实际上几乎没有任何实质性益处。研究人员认为应该借鉴烟草管理去监管超加工食品。

The United Kingdom's data protection authority launched a formal investigation into X and its Irish subsidiary over reports that the Grok AI assistant was used to generate nonconsensual sexual images. [...]

A new variant of the PDFly malware has emerged with advanced techniques that challenge traditional analysis methods. The malware uses a modified PyInstaller executable that prevents standard extraction tools from working properly. This makes it difficult for security teams to examine the code and understand how the threat operates. The modified version changes key identifiers […]

The post PDFly Variant Uses Custom PyInstaller Modification, Forcing Analysts to Reverse-Engineer Decryption appeared first on Cyber Security News.