Aggregator

Generative AI is changing how businesses work, learn, and innovate. But beneath the surface, something dangerous is happening. AI agents and custom GenAI workflows are creating new, hidden ways for sensitive enterprise data to leak—and most teams don’t even realize it. If you’re building, deploying, or managing AI systems, now is the time to ask: Are your AI agents exposing confidential data

生成式AI正在改变企业运作方式，但也带来了数据泄露风险。AI代理和自定义流程可能无意中暴露敏感数据，如内部薪资或产品设计。研讨会将探讨如何防范这些风险，并提供实际案例和解决方案。

Выглядят как настоящие, но работают на тех, кто вас обворовывает.

Cybersecurity researchers have disclosed two security flaws in the Sudo command-line utility for Linux and Unix-like operating systems that could enable local attackers to escalate their privileges to root on susceptible machines. A brief description of the vulnerabilities is below - CVE-2025-32462 (CVSS score: 2.8) - Sudo before 1.9.17p1, when used with a sudoers file that specifies a host

Sudo工具发现两个安全漏洞（CVE-2025-32462和CVE-2025-32463），允许本地攻击者提升权限至root。前者涉及sudoers文件中主机配置问题，后者利用chroot选项加载恶意库。修复版本1.9.17p1已发布，多个Linux发行版已更新公告。

A sophisticated technique to bypass Content Security Policy (CSP) protections using a combination of HTML injection and browser cache manipulation.  The method exploits the interaction between nonce-based CSP implementations and browser caching mechanisms, specifically targeting the back/forward cache (bfcache) and disk cache systems.  Key Takeaways1. Researchers exploit browser caching to bypass Content Security Policy protections.2. […]

The post New Sophisticated Attack Bypasses Content Security Policy Using HTML-Injection Technique appeared first on Cyber Security News.

Hydrografisch opnemingsvaartuig Zr.Ms. Snellius is vandaag teruggekeerd in Den Helder. Het schip opereerde op de Oostzee. Daar maakte het afgelopen 3 maanden deel uit van de Standing NATO Mine Countermeasures Group 1 (SNMCMG1). Beveiliging van onderzeese infrastructuur stond centraal binnen dit NAVO-vlootverband.

微信上线聊天记录备份与恢复功能，支持U盘备份、自动备份及自定义备份。用户可清空群聊或联系人聊天记录以释放空间，并在需要时恢复。然而部分用户更新后未发现该功能，怀疑官宣不实。

Currently trending CVE - Hype Score: 17 - The TeleMessage service through 2025-05-05 is based on a JSP application in which the heap content is roughly equivalent to a "core dump" in which a password previously sent over HTTP would be included in this dump, as exploited in the wild in May 2025.

文章介绍了Phi-3系列语言模型及其变体（mini、small、medium），探讨了其技术规格、训练方法及优化策略。Phi-3-mini采用Transformer解码器架构，支持长上下文处理，并通过量化技术实现在移动设备上的高效运行。Phi-3-small引入分组查询注意力机制和块稀疏注意力模块以优化性能与效率。训练采用高质量过滤数据与合成数据结合，并通过监督微调和直接偏好优化提升模型能力。

HUMAN’s Satori Threat Intelligence and Research Team has dismantled a sprawling ad fraud operation named IconAds, which infiltrated the Google Play Store with 352 malicious apps. At its peak, this scheme generated a staggering 1.2 billion bid requests daily, flooding users’ screens with out-of-context ads while employing cunning tactics to hide app icons and obscure […]

The post Massive Android Ad Fraud ‘IconAds’ Uses Google Play to Target and Exploit Users appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Microsoft is currently investigating a significant service disruption affecting Microsoft Forms, leaving numerous users unable to access the popular online survey and quiz platform. The issue, identified as incident FM1109073, began on July 4, 2025, at 12:42 PM GMT+5:30 and has been classified as a service degradation affecting global users. The outage is preventing users […]

The post Microsoft Investigating Forms Service Issue Not Accessible for Users appeared first on Cyber Security News.

当前环境出现异常，请完成验证后继续访问。

当前环境异常，需完成验证后方可继续访问。

👍👍👍

👍👍👍

新增功能，实战详解！

当前环境出现异常提示，需完成验证后方可继续访问。