今日已更新 166 条资讯 | 累计 20138 条内容
关于我们

标签:#Intel

找到 225 篇相关文章

AI 资讯

Repositioning retail for the AI era

Artificial intelligence is rapidly reshaping retail, but not in the ways consumers might immediately notice. The biggest transformation may not be flashy virtual try-ons or chatbot shopping assistants, but in how decisions are made behind the scenes: how products surface in search results, how inventory moves through supply chains, how engineers ship code faster, and…

2026-06-25 原文 →
AI 资讯

The emergence of the web data infrastructure layer for AI

AI is booming. New use cases are emerging each day. To capitalize on the technology’s potential, enterprises require data at scale. In many cases, though, the relevant information is blocked or unstructured, which limits its use by AI models. To understand this challenge, consider the foundation of the web itself. The web was not designed…

2026-06-24 原文 →
AI 资讯

Presentation: Rules for Understanding Language Models

Naomi Saphra discusses 5 rules governing language model behavior, breaking down why LLMs act like populations rather than individuals. She explains how tokenization creates strange semantic blind spots and highlights the mechanics of sycophancy, showing how models leverage subtle data associations to match user biases and demographics - even guessing political views based on favorite sports teams. By Naomi Saphra

2026-06-24 原文 →
AI 资讯

npm Supply Chain RAT: PostCSS Impersonation & Dependency Confusion

Originally published on satyamrastogi.com Three malicious npm packages masquerading as PostCSS tools delivered Windows RAT payloads. Analysis of supply chain attack mechanics, payload delivery chains, and detection gaps in dependency management. Malicious npm Packages Pose as PostCSS Tools to Deliver Windows RAT Executive Summary This is a textbook supply chain attack leveraging npm's trust model. Three packages published in June 2026 - aes-decode-runner-pro , postcss-minify-selector , and postcss-minify-selector-parser - delivered Windows RAT payloads to developers. The attack demonstrates why automated dependency management without behavioral validation is a critical vulnerability. What makes this particularly effective: PostCSS is a legitimate, widely-used build tool. Developers hunting for PostCSS plugins via search or copy-pasting dependency names from tutorials become easy prey. The attacker didn't need zero-days, social engineering sophistication, or exploit kits. Just npm account registration and package uploads. This follows the exact pattern we've seen in credential theft campaigns prioritizing convenience over complexity . Low barrier to entry, high payoff. Attack Vector Analysis MITRE ATT&CK Framework Mapping This attack chains multiple techniques: T1195.001: Compromise Third-Party Software Supply Chain - Malicious package publication on npm registry T1566.002: Phishing - Spearphishing Link - Package discovery and recommendation (implicit trust) T1059.003: Command and Scripting Interpreter - Windows Command Shell - RAT payload execution T1105: Ingress Tool Transfer - Initial RAT download mechanism T1571: Non-Standard Port - C2 communication channels (typical) Kill Chain Breakdown Stage 1: Reconnaissance & Naming Attacker identifies PostCSS as high-value target (builds present in thousands of projects) Creates names that blend legitimacy with search results: postcss-minify-selector exploits incomplete package searches The aes-decode-runner-pro variant sug

2026-06-23 原文 →
科技前沿

The $400 million machine powering the future of chipmaking

Jos Benschop is climbing a ladder to get to the top of his newest machine. It’s a bit of a schlep. The contraption is the size of a double-decker bus—more than 150 tons of gleaming precision-milled aluminum covered in thousands of snaking tubes, colored cables, and pressurized tanks. From the ground, it looks like a…

2026-06-23 原文 →