Aggregator

制造出的虚假信息更具迷惑性，“AI（人工智能）幻觉”带来“一本正经地胡说八道”……易传播、难防治的“AI谣言”，对政府监管部门、互联网平台、技术研发者以及社会各界提出了新挑战。

随着人工智能、大数据、云计算等新一代信息技术的广泛应用，数字经济以前所未有的速度与广度渗透到社会生产生活的各个领域，成为推动经济社会发展的重要引擎。然而值得注意的是，数字技术的蓬勃发展，也为社会安全治理带来了一系列挑战。

《人工智能生成合成内容标识办法》及配套的强制性国家标准的出现标志着我国在制度层面率先完成从“0”到“1”的突破，我国对生成式人工智能的治理正式从原则性规范迈向精细化规制新阶段。

分析美国对华人工智能政策的演变过程及其背后的动因逻辑，对我国科技自主创新和本土人才培养，增强我国科技实力和建设科技强国，具有重要意义。

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Sitecore, Android, and Linux flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Sitecore, Android, and Linux to its Known Exploited Vulnerabilities (KEV) catalog. Below are the descriptions for these flaws: This week, Google released security updates to address 120 Android […]

Одна из крупнейших утечек за последние годы после атаки на компанию Nexar.

Attack Surface Management (ASM) is a proactive cybersecurity discipline that helps organizations identify, analyze, and remediate all of their internet-facing assets and potential vulnerabilities. It goes beyond traditional vulnerability scanning to find and continuously monitor unknown or unmanaged assets, such as rogue cloud instances, misconfigured APIs, and shadow IT, that attackers use as entry points. […]

The post 10 Best Attack Surface Management (ASM) Companies in 2025 appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Trend Micro observed the attackers using terminal-based installation methods for the AMOS malware, luring macOS users into installing cracked versions of apps

AI agents can be tricked into covertly performing malicious actions by websites that are hidden from regular users’ view, JFrog AI architect Shaked Zychlinski has found. This novel approach allows attackers to inject prompts / instructions into these autonomous AI-powered “assistants”, allowing them to hijack agent behavior for their own malicious goals. Indirect prompt-injection poisoning attacks where hidden harmful instructions are embedded inside the same page the human visitor sees will rarely be detected by … More →

The post Stealthy attack serves poisoned web pages only to AI agents appeared first on Help Net Security.

A critical security flaw in SAP S/4HANA, tracked as CVE-2025-42957, is being actively exploited by attackers, according to research from SecurityBridge. The vulnerability, which carries a CVSS score of 9.9 out of 10, allows a low-privileged user to execute code injection and gain full control of an SAP system. Organizations running SAP S/4HANA on-premise or […]

The post Critical SAP S/4HANA Vulnerability Actively Exploited, Allowing Full System Takeover appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability classified as critical has been found in Linux Kernel up to 6.16.1. This vulnerability affects the function stack_top. Performing manipulation results in null pointer dereference. This vulnerability is known as CVE-2025-38696. Access to the local network is required for this attack. No exploit is available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Linux Kernel up to 6.16.1. The affected element is an unknown function of the component jfs. The manipulation leads to out-of-bounds read. This vulnerability is traded as CVE-2025-38697. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Apache Kafka up to 3.9.0. This affects an unknown part of the component SASL JAAS LdapLoginModule Handler. Performing manipulation results in deserialization. This vulnerability is cataloged as CVE-2025-27818. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Apache Kafka up to 3.3.2. This vulnerability affects unknown code of the component SASL JAAS JndiLoginModule Handler. Executing manipulation can lead to deserialization. This vulnerability is registered as CVE-2025-27819. It is possible to launch the attack remotely. No exploit is available. Upgrading the affected component is advised.

A vulnerability described as critical has been identified in Apache Kafka Client up to 3.9.0. Affected by this issue is some unknown functionality. Such manipulation leads to server-side request forgery. This vulnerability is listed as CVE-2025-27817. The attack may be performed from remote. There is no available exploit. Upgrading the affected component is recommended.

A vulnerability was found in Coolforum 0.5 Beta. It has been declared as critical. This affects an unknown function of the file avatar.php. The manipulation of the argument img results in path traversal. This vulnerability is reported as CVE-2002-1515. The attack can be launched remotely. No exploit exists.

A vulnerability was found in Nulllogic Null HTTP Server up to 0.5.0. It has been declared as problematic. Impacted is an unknown function of the component 404 Error Message. Executing manipulation can lead to basic cross site scripting. This vulnerability appears as CVE-2002-1497. The attack may be performed from remote. In addition, an exploit is available.

A vulnerability was found in Nulllogic Null HTTP Server up to 0.5.0. It has been classified as critical. This issue affects some unknown processing of the component Content-Length Header Handler. Performing manipulation results in memory corruption. This vulnerability is reported as CVE-2002-1496. The attack is possible to be carried out remotely. Moreover, an exploit is present. Upgrading the affected component is recommended.

A vulnerability classified as critical has been found in Cooolsoft PowerFTP 2.03/2.10/2.23/2.24. This issue affects some unknown processing. This manipulation of the argument User causes memory corruption. The identification of this vulnerability is CVE-2002-1522. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.