Aggregator

AI时代正催生三类安全需求的集中爆发，这是政企机构必须抓住的战略窗口期。

大会早鸟票与招商通道已同步开启。

Red Hat npm生态遭Miasma攻击；CISA发布AI系统SBOM指南；荷兰捣毁1700万设备僵尸网络。

Кто взломал крупнейший чит-сервис для GTA V и зачем это было сделано.

写在前面：这是重度用户视角，不是功能清单 我是工程师，也是重度 AI 编码用户。过去一年，我长期同时订阅和高频 […]

Google is introducing a new Android security feature that will detect and flag phone calls in which scammers use artificial intelligence to impersonate a user's personal contacts. [...]

6月6日不见不散～

The emergence of AI models capable to autonomously find and fix vulnerabilities at scale is having a significant impact on patching management, experts say

Your child’s first data breach may happen before they’ve even opened a bank account. Here’s how to keep their digital life safe.

Android is introducing fake call detection to help protect users from impersonation scams. The feature can detect and flag suspected spoofed calls when both parties use Phone by Google on Android 12 or later. It will roll out globally this month, starting with Pixel devices. Story of two calls from “Mom” (Source: Google) “Fake call detection helps protect you, your family and friends by identifying when a caller isn’t who they claim to be, giving … More →

The post New Android feature promises to spot deepfake scam calls appeared first on Help Net Security.

Что делать тем, кто забронировал отель в Европе?

Cybersecurity researchers have discovered a remote denial-of-service exploit that affects major web servers, including NGINX, Apache HTTPD, Microsoft IIS, Envoy, and Cloudflare Pingora. The vulnerability has been codenamed HTTP/2 Bomb by Calif. "The vulnerable behavior exists in each server's default HTTP/2 configuration," the company said, adding it was discovered by OpenAI Codex by chaining

高通 CEO Cristiano Amon 在台北电脑展上发表主题演讲，宣称抵抗是徒劳的，AI 智能体将会变得不可见，不可避开，并且能跨设备跟踪用户。他表示智能体将会从根本上改变人类与技术的关系。今天的手机是数字生活的中心，一切都围绕着手机展开，不久的将来智能体将取代手机。而手机就像可穿戴设备一样成为智能体的延伸。“智能体不局限于设备，它会随着用户移动。无论你使用什么设备，它都与你同在，”他解释道。“一旦你理解这种变化，你就能明白整个移动行业将如何变革。”

Workplace AI assistants have mostly waited for a prompt before doing anything. A user asks, the tool answers, and the exchange ends there. Microsoft is putting a different kind of agent inside its Office applications, one designed to keep operating in the background once a person stops paying attention. The company introduced Microsoft Scout, calling it the first entry in a category it labels Autopilots. What an Autopilot does Autopilots are always-on agents that run … More →

The post Microsoft Scout agent opens a new category of always-on Autopilots appeared first on Help Net Security.

Anthropic is expanding Project Glasswing, its cybersecurity initiative built around the Claude Mythos Preview model, by adding about 150 organizations following several weeks of work with its initial group of partners, security firms, open-source maintainers, and government agencies. Organizations joining the program must meet security requirements before gaining access, Anthropic noted. The expansion brings the program to organizations in more than 15 countries and includes sectors such as healthcare, energy, communications, technology, and other infrastructure … More →

The post Anthropic expands Project Glasswing to 150 organizations in more than 15 countries appeared first on Help Net Security.

Private firms are being targeted by nation-state groups for reasons beyond finance, argued ISACA’s Bharat Thakrar

A single forgotten development flag left active in production code silently handed Microsoft account tokens to any app on an Android device, exposing billions of users across six major Microsoft 365 apps to account takeover without any interaction or consent. The vulnerability, dubbed FlagLeft, allowed any third-party app on the same Android device to silently request […]

The post Microsoft 365 Android Apps Account Takeover Vulnerability Impacted Billions of Android Users appeared first on Cyber Security News.

A newly disclosed flaw in the Windows search URI handler can silently leak NTLMv2 hashes to attacker-controlled servers with nothing more than a single link click. This behavior is the same bug class as CVE-2026-33829 in the Snipping Tool, but Microsoft has assigned no CVE and shipped no fix for this variant. On April 14, 2026, Microsoft […]

The post Windows Search URI Handler Flaw Leaks NTLMv2 Hashes to Attacker-Controlled Servers appeared first on Cyber Security News.

Инженер Netflix открыл код Headroom для всех.

Anthropic表示，参与"玻璃翼计划"（Project Glasswing）的50多家合作伙伴，已在其软件产品中发现了约1万个关键或高危漏洞。