Aggregator

作者：Parth Atulbhai Gandhi, Akansha Shukla, David Tayouri, Beni Ifland, Yuval Elovici, Rami Puzis, Asaf Shabtai 译者：知道创宇404实验室翻译组 原文链接：https://arxiv.org/html/2506.02859v1 摘要 评估由大型语言模型（LLMs）驱动的多智能体系统（M...

Pathlock announced a major expansion of its SAP cybersecurity offerings, introducing a new portfolio of value-driven and easy-to-deploy SAP cybersecurity solutions, including a Free Edition. Designed to deliver maximum value and fast time-to-protection, the launch marks a significant step toward democratizing SAP security for organizations of all sizes. Meeting the urgent need for SAP cybersecurity As SAP ERP continues to serve as the digital core for thousands of enterprises worldwide, the need for easy, effective … More →

The post Pathlock helps organizations protect their SAP environments from development to deployment appeared first on Help Net Security.

亚马逊正在为人形机器人开发软件，这些类人机器人可能最终将取代人类送货员快递包裹。亚马逊正在其旧金山办公室建造了一座咖啡店大小的室内测试设施，测试坐在亚马逊 Rivian 电动货车后部的送货机器人。在完成室内受控测试之后，亚马逊计划让机器人在真实的街道上测试配送包裹。亚马逊计划测试多种型号的类人机器人，其中包括宇树科技售价 1.6 万美元的机器人。

Он прячется в системе, ждёт 300 секунд и лишь потом начинает охоту.

A previously unknown zero-click vulnerability in Apple’s iMessage appears to have been exploited by sophisticated threat actors targeting high-profile individuals across the United States and the European Union. The vulnerability, dubbed “NICKNAME,” affected iOS versions up to 18.1.1 and was silently patched by Apple in iOS 18.3. The discovery, made by cybersecurity firm iVerify, reveals […]

The post Hackers Using New Sophisticated iMessage 0-Click Exploit to Attack iPhone Users appeared first on Cyber Security News.

A vulnerability, which was classified as critical, has been found in Short URL Plugin up to 1.6.8 on WordPress. This issue affects some unknown processing. The manipulation leads to sql injection. The identification of this vulnerability is CVE-2023-2921. The attack may be initiated remotely. There is no exploit available.

Claroty announced new capabilities in its SaaS-based Claroty xDome platform that provide organizations with an impact-centric view of their CPS environment. The new additions, Device Purpose and Risk Benchmarking, allow users to see how the overall risk of an environment is affected by the processes involved in a device’s use – as production lines, building floors, hospital wings, and more – and prioritize risk reduction efforts based on potential impact to business outcomes, while bridging … More →

The post Claroty enhances xDome platform with Device Purpose and Risk Benchmarking capabilities appeared first on Help Net Security.

AGI уже существует. Просто люди постоянно поднимают планку и не хотят этого признавать.

A vulnerability classified as problematic was found in Google Go up to 1.23.9/1.24.3. This vulnerability affects the function VerifyOptions.KeyUsages of the component crypto-x509. The manipulation leads to improper certificate validation. This vulnerability was named CVE-2025-22874. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Google Go up to 1.23.9/1.24.3. This affects the function os.OpenFile of the component File Handler. The manipulation leads to symlink following. This vulnerability is uniquely identified as CVE-2025-0913. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Google Go up to 1.23.9/1.24.3. It has been rated as problematic. Affected by this issue is some unknown functionality of the component net-http. The manipulation of the argument Proxy-Authorization/Proxy-Authenticate leads to permissive cross-domain policy with untrusted domains. This vulnerability is handled as CVE-2025-4673. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

邀请函丨2025第五届数字安全大会邀您参会

新考古勘查结果挑战了长期以来的假设：北美的集约化农业仅存于中央集权社会或宜人的气候环境。这些发现揭示，在密歇根的上半岛（Upper Peninsula）存在着前哥伦布时期的幅员辽阔的种植景观；表明尽管当时气候寒冷且种植条件恶劣，美洲原住民社群在公元 1000 年至 1600 年间是以集约化方式种植玉米的。在美国东部大部分地区，前哥伦布时期集约化农业生产的直接证据极为罕见，因为大多数原住民的农耕景观已被殖民时期欧美人的耕作、定居和工业活动不可逆转地改变了。然而密歇根上半岛的六十岛（Sixty Islands）考古遗址保存了罕有的前哥伦布时期复杂的抬高垄作农田和玉米种植证据。证据表明，原住民拥有先进的土壤管理方法，其中包括将堆肥化的家庭生活垃圾和富含养分的湿地土壤掺入田中以增强土壤肥力。研究还表明，这一复杂的农耕系统是由小规模的平等社区创建的。

In this Help Net Security interview, Benny Porat, CEO at Twine Security, discusses applying AI agents to security decisions. He explains why identity and access management (IAM) is the ideal starting point for both augmentation and automation, and shares advice on building trust in AI agents and integrating them into existing workflows.

The post Why IAM should be the starting point for AI-driven cybersecurity appeared first on Help Net Security.

2025全球数字经济大会数字安全主论坛暨第七届北京网络安全大会（BCS）开幕峰会6月5日在北京国家会议中心举行。

Skitnet感染开始于一个基于rust的加载程序，该加载程序在目标系统上卸载并执行，它解密ChaCha20加密的Nim二进制文件并将其加载到内存中。

Hitachi Energyが提供する複数の製品には、複数の脆弱性が存在します。

Америка рвётся в бой с порезанным штабом, пустым кошельком и назначенцем без опыта.

Hitachi Energy社が提供するRelion 670, 650およびSAM600-IO Seriesには、データの信頼性確認が不十分な脆弱性が存在します。

Hitachi Energy社が提供する複数の製品には、複数の脆弱性が存在します。