Aggregator

文章指出当前环境异常，需完成验证后方可继续访问，并提供验证链接。

卡巴斯基实验室发现Google Play和App Store中的多款应用感染恶意SDK，用于窃取加密货币钱包助记词或恢复密钥。黑客通过类似阿里云的域名发起攻击，受影响应用下载量超24.2万次。建议用户检查是否安装相关应用，并及时转移资产以避免损失。

A vulnerability, which was classified as critical, has been found in VMware ESXi and ESX up to 4.1. This issue affects the function data pointers. The manipulation leads to memory corruption. The identification of this vulnerability is CVE-2012-1516. The attack may be initiated remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Google Chrome up to 56. It has been declared as critical. This vulnerability affects unknown code of the component Blink. The manipulation leads to cross site scripting (Universal). This vulnerability was named CVE-2017-5007. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Oracle Database Server 11.1.0.7. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to an unknown weakness. The identification of this vulnerability is CVE-2009-1995. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in ISC BIND. It has been rated as critical. This issue affects some unknown processing of the component DNS Cache. The manipulation leads to use of cache containing sensitive information. The identification of this vulnerability is CVE-2002-2211. The attack may be initiated remotely. There is no exploit available.

A vulnerability, which was classified as critical, was found in Apache HTTP Server up to 1.3.3. This affects the function ap_proxy_send_fb of the component mod_proxy. The manipulation leads to numeric error. This vulnerability is uniquely identified as CVE-2010-0010. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Ajsquare Aj Auction Pro-oopd 2.0. This issue affects some unknown processing of the file store.php. The manipulation of the argument id leads to sql injection. The identification of this vulnerability is CVE-2009-3203. The attack may be initiated remotely. Furthermore, there is an exploit available.

安卓开源应用商店 F-Droid 获得 39.6 万美元赞助，用于解决可持续发展挑战。资金将支持代码重构、政策制定、本地化改进及捐赠基础设施建设，以继续为全球用户提供隐私保护的开源应用。

继续为保障国家网络安全作出更加突出的贡献！

继续为保障国家网络安全作出更加突出的贡献！

Apple上调iPhone AppleCare+费用；华硕发布ROG Phone 9 FE游戏手机；软银与OpenAI成立日本AI合资企业；Apple Watch推出情人节特别挑战；2025年春节档电影总票房创纪录；微信测试新功能；Sonos计划推出流媒体机顶盒。

蚂蚁集团任命刘政担任新 CFO 超算互联网上线 DeepSeek 模型 Google 更新 AI 政策，移除「不将 AI 用于武器和监视」承诺

OpenAI推出无需注册即可使用的ChatGPT搜索功能；蚂蚁集团任命新CFO刘政；DeepSeek模型上线国家超算平台；Google调整AI政策移除部分承诺；特斯拉推出Model 3全系保险补贴；华为小艺助手接入DeepSeek服务；Keep宣布All in AI并拓展全球化布局；小米SU7内饰升级提升舒适性；苹果计划发布新款Apple TV支持更高效性能和连接；AMD CEO苏姿丰称赞DeepSeek为公司创造增长机会。

Lazarus APT组织利用跨平台JavaScript窃取工具针对加密钱包展开攻击。该组织通过伪造LinkedIn上的加密货币、旅行和金融领域的工作机会引诱受害者，并要求提供个人信息以获取恶意代码。最终payload可窃取浏览器数据和登录凭证，并部署恶意软件进行进一步攻击。此次行动被归因于朝鲜关联的Lazarus集团。

The North Korea-linked APT group Lazarus uses a cross-platform JavaScript stealer to target crypto wallets in a new hacking campaign. Bitdefender researchers reported that the North Korea-linked Lazarus group uses fake LinkedIn job offers in the cryptocurrency and travel sectors to deliver a cross-platform JavaScript stealer to target crypto wallets in a new hacking campaign. Scammers lure […]

WhatsApp披露一起黑客活动，七名意大利人及十几个欧洲国家的受害者遭间谍软件攻击。意大利政府否认参与，并称正调查Paragon Solutions公司的行为。受害者包括记者和移民倡导者等。WhatsApp称攻击者使用恶意PDF文件，并已关闭攻击途径。

本文介绍了播客《Smashing Security》第403集的内容，探讨了Coinbase用户损失6500万美元事件、PowerSchool数据泄露问题及QR码安全风险。主持人Graham Cluley和Carole Theriault邀请嘉宾Geoff White参与讨论，并提醒听众内容可能包含成人主题和粗俗语言。

文章探讨了人工智能（AI）技术的快速发展及其在网络安全领域的双刃剑作用。从历史里程碑到当前应用，AI不仅提升了威胁检测和防御能力（如漏洞挖掘、异常行为检测），也为攻击者提供了更高效的工具（如自动化攻击链）。尽管技术进步显著，但安全研究仍滞后于技术发展。未来需关注AI自身的安全性及潜在风险。

AI技术是一把双刃剑。