Aggregator

关键词🔒 一、Coinbase数据泄露余波事件升级泄露规模：确认69,461名用户敏感信息被盗，含住址、证件

OpenAI is following Perplexity and is working on its own AI-powered browser codenamed "Aura." [...]

Socket has identified a new malware loader called XORIndex incorporated into malicious packages published to the npm registry, with over 9000 downloads so far

Meme coins started as internet jokes, but by 2025, they’ve become one of the most volatile and talked-about…

Governmental organizations in Southeast Asia are the target of a new campaign that aims to collect sensitive information by means of a previously undocumented Windows backdoor dubbed HazyBeacon. The activity is being tracked by Palo Alto Networks Unit 42 under the moniker CL-STA-1020, where "CL" stands for "cluster" and "STA" refers to "state-backed motivation." "The threat actors behind this

高档车型使用的车载芯片通常来自英伟达和高通，但在普通车型使用性价比更高的中国半导体厂商日益受到青睐。截至 2024 年 9月 底，成立于 2015 年的地平线机器人公司的 SoC 已经获得 27 家汽车厂商的 285 款车型采用。地平线的下一个目标是走向世界。其战略是与欧洲的大型供应商联手，将自己的 SoC 销往世界市场。它的合作伙伴包括了德国博世（Bosch）和德国大陆集团（Continental）。另一家公司芯驰科技的 SoC 被本田和日产汽车的中国合资公司在其车型中采用。德国大众（VW）集团在巴西和印度等地销售的新车型采用了吉利控股集团旗下的芯擎科技开发的座舱用 SoC“龙鹰一号”。地缘政治风险是中国车载芯片厂商全球化计划面临的巨大挑战，至少美国汽车厂商不太可能会使用中国的 SoC。

US Authorities Say Daniil Kasatkin, 26, Worked as Negotiator for Ransomware Group
A Paris criminal court on Tuesday held an extradition hearing for a Russian professional basketball player who U.S. authorities say worked as a negotiator for an undisclosed ransomware group. French police on June 21 arrested Daniil Kasatkin, 26, at Charles de Gaulle Airport.

Experts Warn Federal Cyber Cuts Are Hindering Public-Private Threat Sharing Efforts
The White House has continued to sharply reduce the size of cybersecurity teams across the federal government while cutting information technology budgets and funding for key programs. Experts warn public-private information sharing around critical cyberthreats has slowed.

CEO Doug Merritt: GenAI, Workload Sprawl Raise Zero Trust Stakes for Aviatrix
Aviatrix is addressing cloud network security gaps with its new Cloud Native Security Fabric. CEO Doug Merritt says companies need zero trust across ephemeral workloads, especially with agentic AI multiplying data pathways. The company’s pivot includes a new C-suite and product strategy overhaul.

Remote Code Execution Flaw Affects More Than 5,000 Servers
Threat actors are actively exploiting a critical vulnerability in a server file transfer solution. Researchers say the flaw in Wing FTP Server could allow threat actors to execute system-level commands remotely, using null byte and Lua injection without authentication.

AI agents promise to automate everything from financial reconciliations to incident response. Yet every time an AI agent spins up a workflow, it has to authenticate somewhere; often with a high-privilege API key, OAuth token, or service account that defenders can’t easily see. These “invisible” non-human identities (NHIs) now outnumber human accounts in most cloud environments, and they have

Cybersecurity researchers have charted the evolution of a widely used remote access trojan called AsyncRAT, which was first released on GitHub in January 2019 and has since served as the foundation for several other variants. "AsyncRAT has cemented its place as a cornerstone of modern malware and as a pervasive threat that has evolved into a sprawling network of forks and variants," ESET

黑客组织借社工突破服务台，滥用特权账户实施云-本地混合打击，防御需兼顾人技双维度。

美参议院2026财年国防授权法案草案“网络安全”条款

该漏洞很可能已被实际利用

速修复

根据报告： “首席信息官和相关负责人可以使用本技术成熟度曲线来确定实用的、高价值的技术和实践，以保持组织的安全性和灵活性。” 开源卫士（SCA）位列其中。

平台在创新应用算法技术时，应严守法律红线和伦理底线，综合采用技术创新、业务合规、内部管理优化等多元方式提升算法应用的安全可靠性。

意见反馈截止时间为2025年9月12日24:00前。