Aggregator

The threat actor gave itself plenty of options to support command and control, tapping Microsoft Outlook, Slack, Discord, and file.io for online espionage.

The Chinese state-sponsored cyber threat is known for moving fast and trying odd attack vectors; now it's branching out in tools, victimology, and TTPs.

鹏城-西电计算机联培｜沈玉龙&谢国锐老师招收AI+计算机网络方向博士生

战意渐浓！

消息称微软 GitHub Copilot 将转向按 Token 计费；特斯拉：第三代人形机器人预计年中亮相；宇树科技展示轮足人形机器人

赋能交通运输行业数字化、智能化转型。

2026年04月23日（現地時間）、米国CISAがCISA ICS Advisory / ICS Medical Advisoryを公表しました。

过去很多年，谈中国能源转型，大家首先想到的是光伏、风电和新能源汽车。

AMA Wants Privacy, Security AI Tool Protections, Especially in Mental Health
The American Medical Association says using artificial intelligence chatbots carries risks - including data privacy and security breaches - and the largest U.S. professional association for physicians and medical students is urging Congress to take action to protect patients from potential harm.

Berlin Proposes 3 Month Requirement to Store IP Addresses
The German government says it's unlocked the secret to passing a law that would require internet service providers to keep customer data without running afoul of privacy and security concerns that sunk earlier attempts. Critics say that's impossible

Recent Package Compromises Pushed Software Component Trust to the Security Agenda
Cloudsmith raised a $72 million Series C led by TCV to expand policy enforcement, auditability and real-time package risk analysis as CISOs focus more closely on software supply-chain threats tied to open-source dependencies, AI-assisted development and compromised artifacts.

Also, Europol Cracks DDoS Networks, Mythos Finds Bugs, France Portal Hit
This week, scam compounds. Attackers exploit flaws pre-disclosure. A crackdown on DDoS-for-hire. No Mythos for CISA, yes for Mozilla. France ID portal breach. Israeli and Venezuelan critical infrastructure targeted. Russian hacking in Ukraine. An Apache flaw. A ransomware negotiator aided BlackCat.

The company said it found more evidence of compromise across its customer base. Exposure, which has yet to be defined, poses significant downstream risk.

The post Vercel attack fallout expands to more customers and third-party systems appeared first on CyberScoop.

Прочитайте эту статью перед тем как вложить деньги в крипто...

A vulnerability has been found in PackageKit up to 1.3.4 and classified as problematic. This impacts the function InstallFiles of the file src/pk-transaction.c. Performing a manipulation results in time-of-check time-of-use. This vulnerability is identified as CVE-2026-41651. The attack is only possible with local access. There is not any exploit available. The affected component should be upgraded.

Hackers are actively exploiting a critical vulnerability in the Breeze Cache plugin for WordPress that allows uploading arbitrary files on the server without authentication. [...]

Реальная мощь китайского ИИ в 6000 раз выше, чем показывает международный рейтинг Top500.