Космос — это дорого, сложно и очень красиво. NASA начинает обратный отсчет для полета Orion
Команда NASA очищает площадку, проверяет скафандры экипажа и переводит отсчёт под контроль автоматики.
Aggregator
嘶吼安全动态|国家计算机病毒应急处理中心检测发现71款违法违规收集使用个人信息的移动应用 OpenAI Codex爆出严重漏洞:黑客可劫持GitHub访问令牌
1 day ago
嘶吼安全动态
【国内新闻】
国家计算机病毒应急处理中心检测发现71款违法违规收集使用个人信息的移动应用
摘要:依据《网络安全法》《个人信息保护法》等法律法规,经国家计算机病毒应急处理中心检测,71款移动应用存在违法违规收集使用个人信息情况,含泡泡玛特、丝芙兰等。
原文链接:https://www.toutiao.com/group/7623582912746734131/
标题:国安部警示智能穿戴设备泄密风险,军官手表泄露军事GPS数据
摘要:国安部披露案例,某国军官智能手表公开高精度GPS致军事机密泄露。全球多起类似事件频发,警惕公开记录功能,防范敏感信息泄露。
原文链接:https://finance.sina.com.cn/jjxw/2026-04-01/doc-inhsxvfk1597663.shtml
标题:工信部NVDB预警:警惕OpenClaw仿冒下载网站,谨防植入远程木马
摘要:监测发现攻击者仿冒OpenClaw站点,分发含恶意程序安装包。运行后将隐蔽加载木马,或导致设备被控、数据泄露。
原文链接:https://news.cnr.cn/native/gd/kx/20260331/t20260331_527568648.shtml
国家知识产权局警示OpenClaw用于专利申请存在重大安全风险
摘要:OpenClaw默认配置脆弱,用于专利撰写易致技术信息泄露,或构成不诚信申请。申请人务必审慎选择工具,机构杜绝违规使用。
原文链接:https://www.toutiao.com/group/7623594612027933194/
深圳落地首单公共服务类人工智能数据综合保险
摘要:深圳市罗湖区近日签署首单公共服务领域AI数据综合保险。此举填补了公共服务AI风险保障空白。
原文链接:https://www.sznews.com/news/content/2026-04/01/content_32000206.htm
【国外新闻】
英国企业网安危机:过去一年遭受攻击增速是全球平均水平的4倍
摘要:据Check Point报告显示,英国企业平均每周遭受1504次攻击,同比增长36%。AI助手的普及被认为是主因,数据监测发现企业内部每31次AI提示词中就有1次涉及敏感数据泄露风险。
原文链接:https://www.infosecurity-magazine.com/news/cyberattacks-uk-firms-increase/
OpenAI Codex爆出严重漏洞:黑客可劫持GitHub访问令牌
摘要:研究人员披露了OpenAI Codex的一个高危漏洞,攻击者可利用该漏洞非法获取开发者的GitHub认证Token。此漏洞可能导致大规模私有代码库泄露。
原文链接:https://www.securityweek.com/critical-vulnerability-in-openai-codex-allowed-github-token-compromise/
2026欧洲数字安全与信任峰会(INCYBER)在里尔开幕
摘要:欧洲最具规模的网安盛会于3月31日正式开启。本届论坛聚焦“战略自主权”,重点讨论欧盟《网络弹性法案》(CRA)落地后的供应链安全管理。
原文链接:https://europe.forum-incyber.com/en/home-en/
伪造VS Code弹窗散播恶意软件,GitHub开发者遭定向攻击
摘要:网络犯罪分子正在诱骗GitHub发送欺诈性电子邮件通知,引诱软件开发人员下载恶意软件。
原文链接:https://www.cybersecurity-review.com/github-developers-targeted-by-fake-vs-code-alerts-spreading-malware/
胡金鱼
Claude Code Source Leaked via npm Packaging Error, Anthropic Confirms
1 day ago
Anthropic on Tuesday confirmed that internal code for its popular artificial intelligence (AI) coding assistant, Claude Code, had been inadvertently released due to a human error.
"No sensitive customer data or credentials were involved or exposed," an Anthropic spokesperson said in a statement shared with CNBC News. "This was a release packaging issue caused by human error, not a security
The Hacker News
Кража ключей, слежка и полный доступ к системе. Рассказываем, как хакеры взломали главную библиотеку интернета и внедрили в неё бэкдор
1 day ago
В популярных версиях Axios 1.14.1 и 0.30.4 обнаружен троян удалённого доступа.
Axios npm 供应链攻击从TTP层面特征的归属分析
1 day ago
近日,热门JS库axios遭供应链攻击,攻击者劫持维护者npm账户,发布含恶意依赖[email protected]的1.14.1/0.30.4版本。技术特征(预部署诱饵包、多平台载荷、反取证手段)与朝鲜LABYRINTH CHOLLIMA组织高度吻合,多家安全机构高置信度将攻击归因于该组织。
嘶吼安全动态|国家计算机病毒应急处理中心通报71款违法违规收集使用个人信息的APP OpenAI Code爆出严重漏洞:黑客可劫持GitHub访问令牌
1 day 1 hour ago
此举填补了公共服务AI风险保障空白。
Trivy供应链攻击持续扩散,波及Docker镜像与GitHub代码仓库
1 day 1 hour ago
供应链安全防护厂商Socket发布专项报告,正式确认Docker Hub官方镜像仓库已出现恶意篡改的Trivy污染制品包。
锦行科技入选《2026 年网络与信息安全行业全景图》,六大领域全面上榜
1 day 1 hour ago
认可加持✅ 锦行科技入选2026深圳网络安全全景图,覆盖6大领域、20+细分赛道,深耕安全,守护数字防线。
Тихий взлом и полная невидимость. Рассказываем, как новый вирус RoadK1ll захватывает корпоративные сети
1 day 1 hour ago
Знакомые инструменты администрирования превратились в опасное оружие.
New Windows 11 emergency update fixes preview update install issues
1 day 1 hour ago
Microsoft released an emergency update to fix the March 2026 KB5079391 non-security preview update, which was pulled over the weekend due to installation issues. [...]
Sergiu Gatlan
JSAC2026 -Day 1-
1 day 1 hour ago
JPCERT/CC hosted JSAC2026 from January 21 to 23, 2026. JSAC is an annual conference dedicated to advancing the capabilities of security analysts by fostering the exchange of technical knowledge and operational insights related to incident analysis and response. Now in...
JPCERT/CC
Study of Binaries Created with Rust through Reverse Engineering
1 day 1 hour ago
Rust has been gaining attention in recent years as a language expected to replace C and C++, due to its memory safety and high performance. While Rust continues to be adopted as a programming language, malware developed using Rust (hereinafter...
JPCERT/CC
Роутер пора выбрасывать. Ученые перевели беспроводной интернет на лазеры и выжали 362 гигабита в секунду
1 day 1 hour ago
Привычные радиоканалы забиты трафиком под завязку. Но решение есть…
Mimecast makes enterprise email security deployable in minutes
1 day 2 hours ago
Most organizations running Microsoft 365 rely on native email controls as their primary line of defense. According to Mimecast research, 38% of organizations depend exclusively on those native controls for collaboration security, and 64% say those controls are insufficient against the threat landscape. Ranjan Singh, Chief Product and Technology Officer at Mimecast, outlines how the company’s API-based approach delivers protection on par with a traditional Secure Email Gateway without requiring infrastructure changes, and why that … More →
The post Mimecast makes enterprise email security deployable in minutes appeared first on Help Net Security.
Mirko Zorz
ZDI-CAN-30215: TrendAI
1 day 2 hours ago
A CVSS score 7.8 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Lays (@_L4ys) of TRAPA Security' was reported to the affected vendor on: 2026-04-01, 1 days ago. The vendor is given until 2026-07-30 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
ZDI-CAN-30180: TrendAI
1 day 2 hours ago
A CVSS score 7.8 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Lays (@_L4ys) of TRAPA Security' was reported to the affected vendor on: 2026-04-01, 1 days ago. The vendor is given until 2026-07-30 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
ZDI-CAN-30052: Microsoft
1 day 2 hours ago
A CVSS score 7.0 AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'mad31k' was reported to the affected vendor on: 2026-04-01, 1 days ago. The vendor is given until 2026-07-30 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
ZDI-CAN-30179: TrendAI
1 day 2 hours ago
A CVSS score 7.8 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Lays (@_L4ys) of TRAPA Security' was reported to the affected vendor on: 2026-04-01, 1 days ago. The vendor is given until 2026-07-30 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
ZDI-CAN-30288: Samsung
1 day 2 hours ago
A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Michael DePlante (@izobashi) of TrendAI Zero Day Initiative' was reported to the affected vendor on: 2026-04-01, 1 days ago. The vendor is given until 2026-07-30 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
ZDI-CAN-30002: TrendAI
1 day 2 hours ago
A CVSS score 7.8 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Lays (@_L4ys) of TRAPA Security' was reported to the affected vendor on: 2026-04-01, 1 days ago. The vendor is given until 2026-07-30 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.