Aggregator

AI Kill Chain in Action: Devin AI Exposes Ports to the Internet with Prompt Injection

不安全
4 months 1 week ago
Devin AI系统中隐藏的工具可将本地端口暴露至互联网,可能被攻击者利用间接提示注入攻击暴露敏感信息或创建后门访问。该工具允许Devin在开发或测试中将本地服务公开,但存在安全风险。攻击者可通过多阶段注入控制Devin创建Web服务器并暴露文件系统。漏洞已报告但未修复。

AI Kill Chain in Action: Devin AI Exposes Ports to the Internet with Prompt Injection

Embrace The Red
4 months 1 week ago
Today let’s explore Devin’s system prompt a bit more. Specifically, an interesing tool that I discovered when reading through it. Hidden in Devin’s capabilities is a tool that can open any local port to the public Internet. That means, with the right indirect prompt injection nudge, Devin can be tricked into publishing sensitive files or services for anyone to access. This tunneling feature can be invoked without a human in the loop.

Who are the Top Ransomware Threat Actors of H1 2025

不安全
4 months 1 week ago
2025年上半年勒索软件激增,CL0P、Akira和Qilin三大威胁行为者主导全球超千次攻击。CL0P擅长零日漏洞攻击,Akira针对制造业和关键行业,Qilin通过RaaS模式快速扩张。新威胁者如Dire Wolf等也浮现,数据窃取成主要手段。勒索软件生态化发展,企业需加强主动防御。

Linux 桌面市场份额达到 6%

不安全
4 months 1 week ago
Lansweeper 分析显示 Linux 桌面市场份额超 6%,多数据支持这一结论,并指出欧洲和北美在不同部门的应用情况。

Linux 桌面市场份额达到 6%

Solidot
4 months 1 week ago
IT 资产盘点和库存公司 Lansweeper 称,对逾 1500 万消费者桌面操作系统的分析显示,Linux 桌面市场份额达到 6% 以上。有多项统计数据都显示 Linux 桌面在 6% 左右,如统计访问美国联邦政府网站和应用的 US Federal Government Website and App Analytics 显示,过去 90 天 Linux 桌面操作系统市场份额达到创记录的 6.3%,StatCounter 数据显示 7 月 Linux 桌面操作系统的市场份额创下了 5.24% 的新高。欧洲商业服务和政府等部门的 Linux 普及率高于北美,但北美科技、电信、金融和保险等部门的 Linux 普及率则高于欧洲。

I need help with my FYP

不安全
4 months 1 week ago
r/netsecstudents 是一个网络安全部门的学生社区,用于分享资源、提问和帮助学习。用户寻求FYP的项目建议,特别是网络安全工具或项目创意。

CVE-2025-6572 | OpenStreetMap for Gutenberg and WPBakery Page Builder Plugin Block Option cross site scripting (EUVD-2025-23980)

VulDB Recent Entries
4 months 1 week ago
A vulnerability, which was classified as problematic, was found in OpenStreetMap for Gutenberg and WPBakery Page Builder Plugin up to 1.2.0 on WordPress. Affected is an unknown function of the component Block Option Handler. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2025-6572. It is possible to launch the attack remotely. There is no exploit available.
vuldb.com

August 2025 Patch Tuesday forecast: Try, try again

Help Net Security
4 months 1 week ago

July turned into a surprisingly busy month. It started slowly with a fairly ‘calm’ Patch Tuesday as I forecasted in my last blog. Although there were 130 new CVEs addressed across all the Microsoft releases, there was only one publicly disclosed CVE, so the risk was low. But a short time later, two CVEs in SharePoint were reported exploited, and the month started to heat up with hotfixes near the end of the month. Mix … More →

The post August 2025 Patch Tuesday forecast: Try, try again appeared first on Help Net Security.

Help Net Security

OpenAI 发布 GPT-5

不安全
4 months 1 week ago
OpenAI发布新模型GPT-5,在智能性和速度上有所提升,并显著降低了幻觉率。用户可免费使用基础版或升级至Pro版体验更高级功能。

OpenAI 发布 GPT-5

Solidot
4 months 1 week ago
OpenAI 发布了新模型 GPT-5。相比旧模型,GPT-5 仍然是一个渐进改变的版本,并不是一次巨大的飞跃。OpenAI 称,GPT-5 更智能和更快,显著减少了幻觉率。CEO Sam Altman 声称,和 GPT-5 对话就像是和一位博士水平的专家对话。GPT-5 提供给所有用户,免费用户的配额用光之后将改用 PT-5 mini,Pro 会员将使用 GPT-5 Pro 版本。

Managed ad