Aggregator

A surge in phishing attacks exploiting Microsoft’s OAuth device code flow has been identified by Proofpoint

ATLANTIS: AI-driven Threat Localization, Analysis, and Triage Intelligence Syste by ourren

更多最新文章，请访问SecWiki

Иммунитет решает за часы: впустить или уничтожить.

Nederlandse militairen mogen weer met 120mm mortiergranaten oefenen. Begin deze maand stelde Defensie hiervoor uit voorzorg een tijdelijk verbod in. Dit omdat een Belgische militair dodelijk gewond raakte bij het gebruik van een 120mm mortiersysteem. Dat gebeurde tijdens een oefening van de multinationale battlegroup in Litouwen.

《2025年青少年状况报告》整合了3000多名5-17岁儿童的设备使用记录、500多组亲子长期追踪数据，以及针对2000组美国家长与子女的全国性调查，最终揭示了人工智能对青少年的深度影响。 一、AI陪伴类应用中暴力内容频发。 孩子使用AI时，42%的时间用于寻求陪伴，其中37%的聊天涉及暴力； 沉迷暴力情节的孩子，每天在这些应用中输入的文字超1000字，远超其他话题。 更值得注意的是，半数暴力内容还会与性相关角色扮演同时出现。 调查显示，59%的孩子去年至少看过一个暴力视频，主要来源是YouTube（62%）和TikTok（50%）。 尽管半数孩子坦言，若自己是家长也会担心屏幕使用时长，但仍难以避开网络暴力内容的侵扰。 二、AI聊天加速孩子心智成熟。 11岁寻求AI陪伴的孩子中，44%的聊天涉及暴力，这一比例在所有年龄段中最高； 13岁时，性或浪漫相关角色扮演成为AI陪伴聊天的最常见话题（占比63%），15岁后该话题占比大幅下降； 16岁时，19%的聊天目的是寻求情感安慰。 86%的家长认为，现在的孩子比前代成长得更快，34%的家长表示，孩子在11、12岁时就已显现出青少年的特质。 三、上网相关的压力很难摆脱。 13-17岁青少年花在社交媒体上的时间越长，感受到的上网相关压力就越大； 8-12岁孩子中，使用社交媒体的比不使用的，上网相关的压力高出近40%。 女孩在易引发压力的平台上活跃度更高：64%的女孩使用社交媒体（男孩仅52%），57%的女孩使用AI工具（男孩仅41%）。 近半数家长认为科技会损害孩子的心理健康，其中51%担心女孩，担心男孩的仅36%。 不少家长已开始收紧家庭电子设备使用规则，比如超半数家长会限制孩子的电子设备使用时长。 四、设备使用规则加剧家庭矛盾。 90%的家长曾因孩子使用电子设备与孩子发生争吵，这一矛盾远超家务或作业问题； 59%的家长表示，没收设备往往会引发更激烈的冲突，且57%的家长承认自己的用机时间比孩子还多。 孩子的想法与之呼应，他们同样将科技相关问题视为亲子冲突的首要原因：56%的孩子会因丢失设备感到沮丧，50%会感到恼火，仅16%认可这种惩罚方式，甚至62%的孩子希望能反过来没收家长的手机。 亲子双方都认同的争吵诱因包括：屏幕使用超时、睡前用机、玩游戏、用餐或家庭时间用电子设备、社交媒体使用及接触不适宜内容。 欢迎畅聊

Три условия, без которых ваш «Битрикс» не взломать.

When they strike cryptocurrency-related targets, North Korean hacking groups are increasingly aiming for large services where a single breach can move serious money, a new Chainalysis report on crypto theft in 2025 revealed. “North Korean hackers stole $2.02 billion in cryptocurrency in 2025, a 51% year-over-year increase, pushing their all-time total to $6.75 billion despite fewer attacks,” the company says. How are they achieveing this? For years, a big part of their playbook involved placing … More →

The post Crypto theft in 2025: North Korean hackers continue to dominate appeared first on Help Net Security.

NIS2 puts identity and access controls under the spotlight, with weak passwords and poor authentication now a compliance risk. Specops Software explains how to align password policies and MFA with NIS2 requirements. [...]

JetBrains, Figma и Cursor первыми получат доступ к корпоративной версии Gemini 3 Flash.

《情报科学》和《情报杂志》入围“最具国际影响力学术期刊”；《图书情报工作》入围“国际影响力优秀期刊”。《情报杂志》的ICCI指数居全国社科期刊第57位，进入全国社科期刊TOP2%。

在整体对外资金大幅缩减的大背景下，唯一大幅增长的是印太地区军事融资（FMF）增加107%，反映美国战略竞争导向在印太地区，其目标是谁，大家都很清楚。

Hewlett Packard Enterprise (HPE) has resolved a maximum-severity security flaw in OneView Software that, if successfully exploited, could result in remote code execution. The critical vulnerability, assigned the CVE identifier CVE-2025-37164, carries a CVSS score of 10.0. HPE OneView is an IT infrastructure management software that streamlines IT operations and controls all systems via a

CISA has added a new ASUS vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, signaling urgent risk for affected users and organizations. The flaw, tracked as CVE-2025-59374, affects ASUS Live Update, a utility commonly used to deliver firmware and software updates to ASUS devices. According to the advisory, specific ASUS Live Update clients were distributed with embedded malicious […]

The post CISA Adds ASUS Embedded Malicious Code Vulnerability to KEV List Following Active Exploitation appeared first on Cyber Security News.

奥斯卡颁奖典礼自 1976 年起一直由迪士尼的 ABC 转播，但从 2029 年起它将由全球最大的视频平台、Google 的 YouTube 免费转播。ABC 转播权到 2028 年第 100 届颁奖典礼截至。YouTube 的转播除了颁奖典礼外，还将提供大量花絮，包括红地毯前秀、幕后花絮、访谈、电影教育节目，播客等等。Google 还将为美国电影艺术与科学学院博物馆藏品数字化提供协助。YouTube 的目标是打造成为全世界最强大的平台，获得全球最有知名度的颁奖典礼无疑是其一大成就。

Кристаллы оливина — чёрный ящик марсианских недр. Они помнят, как планета остывала 4 миллиарда лет назад.

A critical security alert warns customers about a severe vulnerability in HPE OneView Software that could allow remote attackers to execute arbitrary code without authentication. The flaw, tracked as CVE-2025-37164, carries a CVSS severity score of 10.0, indicating maximum critical risk. Attribute Details CVE ID CVE-2025-37164 Product HPE OneView Software Vulnerability Type Remote Code Execution […]

The post HPE OneView Software Vulnerability Let Attackers Execute Remote Code appeared first on Cyber Security News.

Apiiro introduced Apiiro AI SAST, a new approach to static application security testing (SAST) that automates code risk detection, validation and fixes with the precision and cognitive process of an expert application security engineer. Grounded in Apiiro’s patented Deep Code Analysis (DCA), Apiiro AI-SAST combines call flow, data flow and reachability analysis with AI reasoning to eliminate false positives, validate exploitable risks, and fix true business risks. AI coding assistants have increased code delivery by … More →

The post Apiiro unveils AI SAST built on deep code analysis to eliminate false positives appeared first on Help Net Security.

A critical security advisory addressing multiple severe vulnerabilities in Cisco Unified Contact Center Express (Unified CCX). That could allow unauthenticated remote attackers to execute arbitrary commands and compromise affected systems. The vulnerabilities were disclosed on November 5, 2025, with the advisory updated on November 13, 2025. Two distinct vulnerabilities have been identified in the Java […]

The post Cisco Unified Contact Center Express Vulnerabilities Enables Remote Code Execution Attacks appeared first on Cyber Security News.

A vulnerability was found in Campcodes Advanced Voting Management System 1.0. It has been classified as critical. The impacted element is an unknown function of the file /admin/voters_edit.php of the component Password Handler. Performing manipulation of the argument ID results in improper authorization. This vulnerability is reported as CVE-2025-14889. The attack is possible to be carried out remotely. Moreover, an exploit is present.

Microsoft has officially acknowledged a disruptive bug in its latest Windows updates, confirming that the November 2025 non-security preview update KB5070311 (OS builds 26200.7309 and 26100.7309) and subsequent patches are causing RemoteApp connection failures in Azure Virtual Desktop (AVD) environments. The issue primarily affects enterprise users running Windows 11 versions 24H2 and 25H2, as well […]

The post Microsoft Confirms Recent Windows 11 24H2/25H2 and Server 2025 Update Breaks RemoteApp Connections appeared first on Cyber Security News.