Aggregator

提供 Flatpak 打包应用的 Linux 应用商店 Flathub 更新了其生成式 AI 政策，事实上禁止 AI 生成应用。Flathub 声明：不允许提交包含 AI 生成或 AI 辅助代码、文档或其它内容的应用。提交 AI 应用会直接被拒绝而无需进一步审查。屡次违反政策会导致被永久禁止提交应用。开发者表示他们受够了此类应用，但以前递交和批准的 AI 辅助编程应用不会被追溯，仍然可以正常使用。

LitCTF2026 web方向全解

先知技术社区

9 hours ago

lit_ezsql一个SQL注入，正常查询的话id=1或id=2能查询出数据，下面我们测试一下闭合常见的几种组合都没有报错，并且能正常返回查询的数据，下面测试一些特殊的组合这些都返回了id=2的数据，说明对传进去的参数进行了处理，下面我们尝试一下宽字节注入用sqlmap指定宽字节注入就能注出来下面介绍一下手注的流程测试 payload：其中：%bf 是宽字节前导%27 是单引号 '后面拼接 OR

java内存马排查

先知技术社区

9 hours 3 minutes ago

Linux中的java内存马排查

中转钓鱼攻击劫持 opencode，claudecode，openclaw

先知技术社区

9 hours 3 minutes ago

通过构造恶意的中转站来劫持 opencode，claudecode，openclaw 从而实现命令执行，乃至于上线 c2

Linux内核漏洞分析之CVE-2025-39682

先知技术社区

9 hours 5 minutes ago

CVE-2025-39682漏洞分析

JINX-0164 Threat Actor Using LinkedIn Social Engineering to Deploy Custom macOS Malware

Cyber Security News

9 hours 6 minutes ago

A new threat actor tracked as JINX-0164 has been running calculated attacks against cryptocurrency organizations, using LinkedIn profiles to lure developers into downloading custom macOS malware. Active since at least mid-2025, the group has combined social engineering, credential theft, and supply chain sabotage into a seamless operation that puts the entire software development pipeline at […]

The post JINX-0164 Threat Actor Using LinkedIn Social Engineering to Deploy Custom macOS Malware appeared first on Cyber Security News.

Tushar Subhra Dutta

LitCTF2026webwp

先知技术社区

9 hours 7 minutes ago

LitCTF2026webwp，这次比赛题目质量比较高，好好学习，天天向上

Google 恨你和我

Solidot

9 hours 12 minutes ago

Google 从本世纪初开始就支配着搜索引擎市场。为了让自家内容被搜索到所有媒体都要遵守 Google 制定的规则并以此进行优化，但如果有一天搜索引擎只为自己优化？这一天已经到来，Google 上周宣布将使用 Gemini 处理所有搜索查询。此前 Google 已经通过 AI Overview 冲击了所有媒体，导致它们的流量下降了四分之一之多。如今搜索巨人准备完全切断新闻业的生存之道。Facebook 和 X 等社媒平台通过限制链接（throttling links）确保用户留在自己的网站上而不是点击链接离开。通过转向 AI 搜索 Google 正在拥抱这一趋势，让用户在获取信息上更依赖机器而不是真人。鉴于 Google 的无处不在和无法避开，它正引领科技行业贬值人类的思想和人类本身。Google 恨你也恨我。

Attackers Abuse Trusted Developer Tooling to Exfiltrate Source Code and Secrets

Cyber Security News

9 hours 17 minutes ago

A wave of sophisticated supply chain attacks has put millions of software developers on high alert, with threat actors turning everyday developer tools into weapons for stealing credentials, cloud tokens, and source code. What makes these campaigns especially alarming is how they exploit the very systems developers trust most: their editors, automated pipelines, and version […]

The post Attackers Abuse Trusted Developer Tooling to Exfiltrate Source Code and Secrets appeared first on Cyber Security News.

Tushar Subhra Dutta