Aggregator

The threat actor Sarcoma has been held responsible for a ransomware attack on a Swiss health foundation

该研究基于第三方专家执行的独立调查，覆盖17个国家、3400名来自规模在100-5000名员工企业的IT及网络安全领导者，所有受访者均在过去12个月内遭遇过勒索软件攻击。

当你的 ClickHouse 查询再次陷入泥潭时，不妨试试布隆过滤器这个简单而强大的黑科技

Disclosure: This article was provided by ANY.RUN. The information and analysis presented are based on their research and findings.

一年一度的“大考”火热进行中，攻防演练期间本公众号会每日更新当天鲜活情报和热点漏洞，欢迎大家对我们进行收藏和关注！

Cybersecurity researchers have unveiled a new attack—dubbed the “C4 Bomb” (Chrome Cookie Cipher Cracker)—that successfully bypasses Google Chrome’s much-touted AppBound Cookie Encryption. This breakthrough exposes millions of users to renewed risks of cookie theft, credential compromise, and potential data breaches, despite Google’s recent efforts to harden Chrome against infostealer malware. AppBound Cookie Encryption In July […]

The post New C4 Bomb Attack Breaks Through Chrome’s AppBound Cookie Protections appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

本次，我们将以53K Star的开源明星项目LLaMA-Factory为战场，详细展示悟空AI Agent如何在实际场景中，精准挖掘高危远程代码执行0day漏洞（CVE-2025-53002），并推动官方修复的技术实战。

用 AI 解决经营问题，关键在于把商家的需求落地。

Google has released a security update for Chrome to address a zero‑day vulnerability (CVE-2025-6554) that its Threat Analysis Group (TAG) discovered and reported last week. “Google is aware that an exploit for CVE-2025-6554 exists in the wild,” the company said. About CVE-2025-6554 CVE-2025-6554 is a type confusion vulnerability in V8, the JavaScript and WebAssembly engine at the heart of Chrome and Chromium-based browsers. Remote, unauthenticated attackers can exploit this flaw by serving crafted HTML pages … More →

The post Google patches actively exploited Chrome (CVE‑2025‑6554) appeared first on Help Net Security.

Что будет, если хакеры выключат Америку?

Europol busted a crypto scam ring that laundered €460M from 5,000+ victims. Operation Borrelli involved Spain, the U.S., France, and Estonia. Europol has taken down a massive cryptocurrency fraud ring that scammed over 5,000 people worldwide, laundering around €460 million ($540 million). The international operation, dubbed Operation Borrelli, began in 2023 and was led by […]

It’s Content Independence Day: Cloudflare, along with a majority of the world's leading publishers and AI companies, is changing the default to block AI crawlers unless they pay creators for content.

手机已经成为日常生活的一部分，它储存了用户大量的敏感私密信息，而针对手机的攻击也日益常见，其中一种攻击方法被称为 Stingrays，利用假基站引诱手机连接，从而泄漏用户私人通信信息。假基站还可以发动降级攻击，引诱手机使用低安全性的通信方式如 2G，攻击者能拦截通话和消息。Google 已经在 Android 16 中尝试解决该安全，问题主要在于缺乏硬件支持。要识别假基站，Android 手机需要搭载 Google IRadio 硬件抽象层的 v3.0 版本，即使是 Google 最新的 Pixel 系列手机也不支持该功能。今年晚些时候推出的 Android 16 手机如 Pixel 10 将能识别假基站，能向用户发出警告。

Bots can start authenticating to Cloudflare using public key cryptography, preventing them from being spoofed and allowing origins to have confidence in their identity.

From May 2024 to May 2025, crawler traffic rose 18%, with GPTBot growing 305% and Googlebot 96%.

Pay per crawl is a new feature to allow content creators to charge AI crawlers for access to their content. 

Cloudflare is making it easier for publishers and content creators of all sizes to prevent their content from being scraped for AI training by managing robots.txt on their behalf.

Cloudflare Radar now shows how often a given AI model sends traffic to a site relative to how often it crawls that site. This helps site owners make decisions about which AI bots to allow or block.

一次付费：终身学习 + 持续更新