Aggregator

The Evolution of Exposure Management Most security teams have a good sense of what’s critical in their environment. What’s harder to pin down is what’s business-critical. These are the assets that support the processes the business can’t function without. They’re not always the loudest or most exposed. They’re the ones tied to revenue, operations, and delivery. If one goes down, it’s more than a

Today we cover Claude Code and a high severity vulnerability that Anthropic fixed in early June. The vulnerability allowed an attacker to hijack Claude Code via indirect prompt injection and leak sensitive information from the developer’s machine, e.g. API keys, to external servers by issuing DNS requests. Prompt Injection Hijacks Claude When reviewing or interacting with untrusted code or processing data from external systems, Claude Code can be hijacked to run bash commands that allow leaking of sensitive information without user approval.

Компании уверяют, что мера снизит нагрузку на инфраструктуру и защитит абонентов от кибермошенников.

Security researchers have uncovered a concerning vulnerability that transforms everyday USB webcams into covert attack tools capable of injecting malicious keystrokes and executing unauthorized commands on connected computers. This groundbreaking discovery represents the first documented case of weaponizing USB devices already attached to systems that were not originally designed for malicious purposes. Researchers Jesse Michael […]

The post Linux Webcams Weaponized to Inject Keystrokes and Execute Attacks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

North Korean hackers ScarCruft shift from spying to ransomware, using VCD malware in phishing attacks, targeting South Korea…

速更新

速修复

TRM Labs observed crypto payments worth $34.2m moved from victims addresses to a range of destinations likely associated with the group

Security researcher Ionuț Cernica revealed how commonplace Linux utilities can be weaponized to siphon sensitive data in multi-tenant environments. His talk, “Silent Leaks: Harvesting Secrets from Shared Linux Environments,” exposed that without any root privileges or zero-day exploits, attackers can exploit standard tools—such as ps, /proc, and temporary file handling—to harvest database credentials, API keys, and user […]

The post Legitimate System Functions Exploited to Steal Secrets in Shared Linux Setups appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

数据显示，全球最常见四种塑料有三分之二由七个国家生产，其中中国的产量是另外六个国家的总和。在聚乙烯（PE）、聚丙烯（PP）、聚对苯二甲酸乙二醇酯（PET）和聚苯乙烯（PS）四种最常用塑料中，中国占比 34%，美国 13%，沙特 5%，韩国 5%，印度 4%，日本 3% 以及 德国 2%。数据还显示，塑料生产高度集中于少数几家大型企业，18 家公司占全球塑料总产量的一半以上，其中最大的塑料生产商是中石化，占全球产量的 5.4%，其次是 埃克森美孚的 5%，巴赛尔公司（LyondellBasell）的 4.5%，沙特阿美的 4.3%，中石油的 4.2%。

近日，阿里云安全团队在AI框架供应链安全领域取得重大突破，发现全球知名深度学习框架PyTorch中存在一项高危

7月勒索软件流行态势分析报告：360国内首个解密Phobos及变种8Base

定义Agentic SOC新未来！ISC.AI 2025安全运营新范式论坛圆满落幕

共话AI时代安全生态新未来

近日，中美两国接连发布人工智能政策文件。中国发布《人工智能全球治理行动计划》，以13条具体举措勾勒出中国在全球人工智能治理上的系统设计和前瞻思考。美国白宫7月发布名为《赢得AI竞赛：美国AI行动计划》的政策文件。

近日，国家标准化管理委员会下达的推荐性国家标准计划，其中《网络安全技术 嵌入式操作系统安全技术规范》和《网络安全技术 操作系统安全技术规范》2项国家标准由全国网络安全标准化技术委员会归口管理，清单见附件。

近日，国家互联网信息办公室发布《国家信息化发展报告（2024年）》《报告》以习近平总书记关于网络强国的重要思想为指引，深入贯彻落实党的二十届三中全会精神，全面呈现了2024年各部门各地区深入推进信息化发展的生动实践和显著成果。

我国能源领域网络安全不仅关乎国计民生与社会稳定，更关系国家主权与安全。当前，随着我国数字经济与能源产业深度融合，能源行业正大力推进数字化转型、智能化发展，秉持“以安全保发展，以发展促安全”，网络安全成为数智化重要组成部分。

智商，是AI的门槛；而情商，是 AI 产品的「隐形」护城河。