Aggregator

感谢各位安全专家长期关注阿里巴巴集团安全，帮助阿里云先知提高阿里巴巴集团和客户安全水平，保障数亿用户的安全！

A new artificial intelligence (AI)-powered penetration testing tool linked to a China-based company has attracted nearly 11,000 downloads on the Python Package Index (PyPI) repository, raising concerns that it could be repurposed by cybercriminals for malicious purposes. Dubbed Villager, the framework is assessed to be the work of Cyberspike, which has positioned the tools as a red teaming

Defensie is vandaag begonnen met de berging van een Messerschmitt BF 109 uit de Tweede Wereldoorlog. Ook stoffelijke resten van de vlieger zitten mogelijk nog in de grond. Het toestel ligt in de Gelderse gemeente Heerde vlakbij het dorp Veessen. 

Даже закрытые госсети оказались беззащитны перед новым USB-червём.

Explore passwordless authentication methods, benefits, and implementation strategies. Learn how to enhance security and user experience by eliminating passwords.

The post An Overview of Passwordless Authentication appeared first on Security Boulevard.

Explore how to build a tailored ICS/OT threat detection strategy. Gain insights into achieving deep visibility, addressing your threat landscape, and safeguarding critical operations from evolving cyber threats.

The post Building An ICS/OT Threat Detection Strategy appeared first on Sygnia.

Shopee信息安全团队招聘基础安全专家

Программа удержания экспертов превратилась в программу кормления бездарей — за $138 млн.

Analysis of nearly five million internet-exposed assets shows significant security gaps across major cloud platforms, with Google Cloud-hosted assets showing highest vulnerability rates. 

 

The post New Research Reveals One-Third of Cloud Assets Harbor Easily Exploitable Vulnerabilities appeared first on Security Boulevard.

Currently trending CVE - Hype Score: 22 - A vulnerability in the Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones, including the 6970 Conference Unit through 6.4 SP4, could allow an unauthenticated attacker to conduct a command injection attack due to insufficient parameter sanitization. A successful exploit ...

日本百岁老人数量接近 10 万，创历史新高，其中最年长老人年龄 114 岁。根据日本厚生劳动省上周五公布的数据，截至 9 月，日本百岁老人数量 99,763 人，连续 55 年创新高。其中女性 87,784 名占 88%，男性 11,979 名。预期寿命提高主要归因于心脏病和常见癌症如乳腺癌和前列腺癌死亡人数减少。由于日本饮食中红肉摄入量较少、鱼类和蔬菜摄入量较高，肥胖率较低，而肥胖是导致上述两类疾病的主要因素。女性的肥胖率尤其低，这或许可以解释为什么日本女性预期寿命远高于男性。此外日本人在晚年仍然保持活跃，比美国和欧洲老年人更多地步行和使用公共交通工具。

英伟达与铠侠合作开发固态硬盘，计划于2027年实现1亿次随机IOPS，相当于当前主流SSD的33倍。该技术将应用于AI计算，并采用XL-Flash NAND技术提升性能。

Most enterprise AI activity is happening without the knowledge of IT and security teams. According to Lanai, 89% of AI use inside organizations goes unseen, creating risks around data privacy, compliance, and governance. This blind spot is growing as AI features are built directly into business tools. Employees often connect personal AI accounts to work devices or use unsanctioned services, making it difficult for security teams to monitor usage. Lanai says this lack of visibility … More →

The post Most enterprise AI use is invisible to security teams appeared first on Help Net Security.

快速浏览！2025.9.8—9.14安全动态周回顾。

在针对Salesloft的 data theft 攻击中，威胁者的主要目标是窃取Salesforce实例中的支持工单，进而从工单中收集凭据、身份验证令牌及其他敏感信息。

欧洲公司ValueLicensing因转售微软软件许可证被起诉，微软称其拥有版权且不允许转售。案件或影响欧洲二手软件市场合法性。

A vulnerability labeled as critical has been found in PHPGurukul Beauty Parlour Management System 1.1. This affects an unknown part of the file /admin/all-appointment.php. The manipulation of the argument delid results in sql injection. This vulnerability is identified as CVE-2025-10459. The attack can be executed remotely. Additionally, an exploit exists.

Chinese-speaking users are the target of a search engine optimization (SEO) poisoning campaign that uses fake software sites to distribute malware. "The attackers manipulated search rankings with SEO plugins and registered lookalike domains that closely mimicked legitimate software sites," Fortinet FortiGuard Labs researcher Pei Han Liao said. "By using convincing language and small character

Submit #648355 / VDB-323887

前陣子收到一封讀者來信，問我能不能寫一篇來講解 XSS without parentheses and semi-colons 這篇文章，說是這裡面的 payload 看不太懂。

因此，這篇就來簡單講解一下這些 payload，參考的原文是 Gareth Heyes 的這兩篇文章：

1. XSS technique without parentheses
2. XSS without parentheses and semi-colons