Aggregator

As part of Dark Reading's 20th anniversary package, we asked readers for a cybersecurity-related caption that captures their thoughts about the industry's last two decades.

Threat actors are abusing ChatGPT's content-sharing feature to display fake OpenAI outage pages that direct users to download malware disguised as the ChatGPT desktop application. [...]

California Attorney General Rob Bonta filed a lawsuit against 23andMe, now Chrome Holding Co., over the company's failure to protect sensitive customer genetic and personal information. [...]

Cybersecurity researchers have disclosed details of a vulnerability in OpenAI ChatGPT that leverages the artificial intelligence (AI) assistant's implicit trust in Markdown links and images to trigger prompt injections and open the door to phishing attacks. The technique has been codenamed ChatGPhish by Permiso Security. "The chatgpt.com response renderer trusts Markdown links and Markdown

Our top AI security actions are designed to help organizations of all sizes and sectors strengthen their cyber resilience.

一个越狱调参实验

本文基于泛微e9（9.00.210804版本），系统阐述OA系统的安全审计方法。文章涵盖环境搭建、六大类路由（/weaver/、/api/、/services/*、/dwr/*等）的分析，详细剖析SecurityMain安全过滤机制、XssRequestWeblogic参数过滤、登录绕过等技术要点。通过FileDownloadLocation文件读取、browser.jsp SQL注入等实战案例，

一次攻防下钓鱼GO木马的详细分析，拿下CS shellcode

WebShell 免杀

某池WAF SQL注入Bypass

讲述如何在Coze空间部署cs流量转发

钓鱼网站利用AI生成逼真页面、仿冒官方域名排名，诱导用户下载携带恶意载荷的“WinRAR安装包”。

海量IP地址字符串转码生成shellcode、Beacon木马伪造Referer请求头为10086官网

一款伪装成豆包Claw的恶意项目仍在活跃

Agentic / Context