今日已更新 80 条资讯 | 累计 20052 条内容
关于我们

标签:#cybersecurity

找到 164 篇相关文章

AI 资讯

Is the US government’s Anthropic ban accidentally helping the brand?

Just as last week was ending, the US government forced Anthropic to pull its two newest models, Fable 5 and Mythos 5, citing national security concerns after Amazon researchers allegedly found a way to bypass Fable 5’s guardrails. Cybersecurity researchers have since signed an open letter calling the move dangerous, and Anthropic itself noted the same jailbreaks exist in other models. So is […]

2026-06-20 原文 →
AI 资讯

Anthropic’s Fable and the State of AI

On June 9th, Anthropic released its Fable generative AI model. Three days later, the US government classified it as a dangerous munition, and used its export-control authority to prohibit any foreign nationals from accessing it. Unable to differentiate between Americans and foreigners, the company shut off access for everyone. The government’s actions won’t help . The problem isn’t any one particular model; it’s the general trend of increasing AI capabilities. And any real solution requires the sort of collective action that just isn’t possible right now...

2026-06-19 原文 →
AI 资讯

Millions Spent on Security Tools. Zero Spent on Asking the Right Questions.

There is a comfortable lie that has taken root in information security domain. It goes like this: "We have invested in the best tools. We have CSPM. We have CNAPP. We have ASM, ASPM, EDR, SIEM. We are covered." Boards believe it. CISOs present it. Security budgets are built around it. And while everyone is looking at dashboards full of green, two things are quietly true: One — attackers are not trying to beat your tools. They are looking for what your tools were never designed to see. Two — the most dangerous gaps in your security posture today are not gaps in your tooling budget. They are gaps in visibility, knowledge, and the fundamental understanding of what your own systems are supposed to do — and whether they actually do it. No tool solves that. Only people do. The Tool Trap The security industry has industrialized the idea that protection is a purchasing decision. Spend enough. Deploy enough. Integrate enough. And you will be secure. This thinking has produced something genuinely useful — a generation of powerful tools that automate detection, surface known misconfigurations, and reduce the manual burden on security teams. CSPM catches publicly exposed storage buckets. EDR detects malware. SIEM correlates suspicious behavior across logs. These tools matter and they work — within the boundaries of what they were designed to see. But there is a boundary. And most organizations have no idea where it is. The boundary is this: every security tool operates on known patterns, defined rules, and observable configuration state. None of them operate on context. None of them understand intent. And intent — what a system was supposed to do, how it was supposed to be accessed, what data it was never supposed to expose — is exactly where the most dangerous vulnerabilities live today. The Dangerous Gap Nobody Has Named Yet Security practitioners are familiar with the concept of IoM — Indicator of Misconfiguration. A wrong setting. An overpermissioned role. A flag that flipp

2026-06-19 原文 →
AI 资讯

I Trusted My AI Coding Assistant. It Turned My Computer Into a Surveillance Server.

You think your AI is just helping you write code. In reality, it's built a logging system on your machine that you never knew existed. Every conversation. Every code snippet. Every file path. Every time you asked "what was my password again?" — permanently archived, without your knowledge. How It Started: An Accidental Discovery I was about to sell my old laptop and decided to clean up my data first. I opened Claude Code's config directory — ~/.claude/ — intending to just remove my API key. Then I saw this: history.jsonl 243 KB / 695 lines sessions/ conversation metadata session-env/ environment variables shell-snapshots/ command execution snapshots telemetry/ 63 telemetry files projects/ 19 project directories ├─ interview-prep/ 31 sessions / 20 MB ├─ spring-ai/ 11 sessions / 13 MB └─ ... 17 more I thought I was just writing code. My computer thought it should record everything. What's Inside These Files history.jsonl — Everything You Ever Asked 695 entries. Every single thing I typed into Claude Code. Including: "I forgot my database password — can you check what passwords were configured in the project files?" "How do I view the database password?" Pasted code snippets Every /model , "who are you?", and project path You casually ask about a password once. It's permanently stored. projects/ — Full Conversation Transcripts (43 MB) If you think history.jsonl only storing user input isn't so bad — you haven't seen this yet. Inside ~/.claude/projects/ , every project directory contains .jsonl files. Opening one 2.3 MB session file: Content Count AI responses 590 AI internal thinking blocks 272 Tool calls 101 Tool call results (including file paths) 100 File history snapshots 208 Every conversation. Every AI response. Every internal reasoning step. Every file operation — what was read, what was modified, what was executed — all written to this file. shell-snapshots/ — Traces of Everything You Ran Your system PATH. Installed tools. Java version. All sitting in command s

2026-06-18 原文 →
产品设计

Win Prizes at DEF CON 34 | Submit a Challenge Now!

The Prizes for the SecDim AppSec Village Wargame CtF at DEF CON 34 has been announced! Build and submit a challenge and get a chance to Win a ROG Xbox Ally if your challenge submission wins 1st Place! Challenge submissions close on 31 July. https://sessionize.com/appsec-village-wargame

2026-06-18 原文 →
AI 资讯

LLM Prompt Injection & Guardrail Security

A recall reference built from working through a 7-layer prompt-injection challenge. Focus: how each defense layer works, where it breaks, and most importantly how to defend. The one idea underneath everything LLMs have no hard boundary between instructions and data . Everything in the context window — system prompt, user message, retrieved documents — is one stream of tokens the model interprets. Prompt injection exploits exactly this: attacker-controlled data gets read as instructions . You cannot fully filter your way out of it; you manage it with defense-in-depth , knowing each individual layer is bypassable. The defense layers (and where each cracks) A progression of controls from weakest to strongest, each with the lesson it teaches. 1–2. No / weak guardrails Baseline: the model just answers. Lesson: an LLM holding secrets in its context with no controls will leak them on request. 3. Input filtering — block words in the user's message Defense: scan the incoming prompt for banned terms ("code", "secret", "reveal") and block. Weakness: keyword blocklists are trivially evaded — synonyms, misspellings, split words, leetspeak, another language, oblique references. Filtering strings doesn't filter intent . What actually helps: prefer allowlists to blocklists; classify intent semantically rather than matching keywords; treat all input as untrusted; rate-limit and log probing. 4. Output filtering — catch the secret in the response Defense: string-match the known secret in the model's output and redact. Weakness: substring matching only catches the contiguous secret. Fragmenting or transforming it (separators, per-character, encodings) means the literal string never appears, so there is nothing to match. What actually helps: don't put secrets where the model can emit them in the first place; minimize sensitive data in context; treat output filtering as a brittle last line, never a primary control. 5. Input + output filtering combined Defense: both of the above, stacked.

2026-06-18 原文 →
AI 资讯

FIFA Hack Authentication Flaw, Chrome Ad Blocker End, AI Supply Chain Security

FIFA Hack Authentication Flaw, Chrome Ad Blocker End, AI Supply Chain Security Today's Highlights Today's top security news covers a critical real-world authentication vulnerability, significant changes impacting browser privacy and ad blockers, and evolving national security concerns in the AI supply chain. I Could've Rickrolled the Entire FIFA World Cup. All I Needed Was My ID (Lobste.rs) Source: https://bobdahacker.com/blog/fifa-hack This article likely details a critical security vulnerability discovered within the systems managing the FIFA World Cup, potentially related to event access, public displays, or digital infrastructure. The phrasing "All I Needed Was My ID" strongly suggests an authentication or authorization flaw, perhaps involving an ID card or digital credential that was overly permissive or could be easily cloned/spoofed. The ability to "Rickroll the Entire FIFA World Cup" implies a widespread display or broadcast system was vulnerable, allowing an attacker to inject unauthorized content. This incident highlights the paramount importance of robust identity and access management, especially for high-profile events with extensive digital and physical infrastructure. It serves as a stark reminder for developers and security teams to conduct thorough penetration testing and review access controls for edge cases and potential over-privileges in all systems, from backend APIs to physical access credentials, to prevent widespread exploitation. Comment: This showcases how seemingly minor authentication oversights can lead to massive public exposure, urging developers to scrutinize ID-based access controls for edge cases and over-privileges. Google Chrome's next update will mark the end of popular ad blockers (Lobste.rs) Source: https://9to5google.com/2026/06/15/google-chromes-next-update-will-mark-the-end-of-popular-ad-blockers/ Google Chrome's upcoming Manifest V3 update is poised to significantly restrict the capabilities of many popular content blocker

2026-06-18 原文 →
AI 资讯

A password and a PIN aren't multifactor: the Security+ authentication trap

If you have spent any time on SY0-701 practice questions, you have hit at least one that looks trivial and then quietly fails you. Authentication factor questions are a favorite for this. The scenario sounds secure, the answer feels obvious, and the obvious answer is wrong. Here is the version that catches people. A login asks for your password, then a PIN, then your mother's maiden name. Three prompts, three steps. Is that multifactor authentication? No. It is single-factor wearing a costume. Factors are categories, not steps The exam wants you thinking about authentication in terms of categories , not how many boxes you fill in. There are three classic factors: Something you know (knowledge): a password, a PIN, a security question, a passphrase. Something you have (possession): a phone running an authenticator app, a hardware token, a smart card, a code texted to a device you are holding. Something you are (inherence): a fingerprint, a face scan, an iris pattern, a voiceprint. Multifactor authentication means pulling from different categories. A password (know) plus a code from your authenticator app (have) is two factors. A password plus a PIN plus a security question is still one factor, because all three are things you know. Stacking more knowledge on top of knowledge never changes the category. That is the entire trick. The question piles on prompts so it feels layered, and the count baits you into answering "three things, must be multifactor." Read for the category, not the quantity. The two factors people forget SY0-701 also expects you to recognize two more that sit just outside the classic three: Somewhere you are (location): access is allowed or blocked based on geolocation or which network you are on. A login permitted only from inside the corporate IP range leans on this. Something you do (behavioral): how you type, your gait, the rhythm of your swipe. This is the fuzziest one, and the exam treats it as a real but supporting signal. You will not see the

2026-06-17 原文 →
AI 资讯

Intelligence Brief: The Disinformation Machine

The Disinformation Supply Chain: How Coordinated Influence Campaigns Are Built Before They Go Viral Article from Digital HUMINT Series, For better understanding read the full report Right now, somewhere on X/forum people are fighting about a post that feels real raw, emotional, perfectly worded to hit a nerve. It has the right language, the right anger, the right timing. It sounds like someone who thinks exactly the way you do, or exactly the way you hate. It wasn't written there. It wasn't written today. And the person who wrote it doesn't care about the issue at all. That post was created two or three days earlier, on a hidden forum or a private chat group, following a set of instructions that described who to target, what emotions to trigger, which platform to use, and how much the job pays. By the time you see it, the operation has already worked. You engaging with it for or against is the whole point. I've spent almost two decades watching these hidden spaces where online manipulation is planned. What I've learned isn't that fake content exists everyone knows that by now. What most people don't realize is that it works like a factory. There's a production line. There are workers, managers, and paychecks. And just like any factory, if you know where to look, you can see the product being assembled before it ever reaches the shelf. It Works Like Any Other Business We talk about "disinformation campaigns" as if they're political movements. Some are. But more and more, what you're actually looking at is a business with four steps, each handled by different people, often in different countries. Step 1 — Someone writes the plan. A person with a goal and a budget writes a document that says: push this story, target these kinds of people, make them feel this emotion, use this language, post it on these platforms. These plans used to appear on hidden internet forums. Many have moved to private Telegram groups, but the structure hasn't changed since I first saw it in 201

2026-06-17 原文 →
AI 资讯

Startup Security Guide & LLM CISO

An open-source security guide, compliance checklist, and LLM-based virtual CISO persona for startups -- with specialized coverage for foreign companies entering the Korean market. The Problem Startups are vulnerable. Limited resources, no dedicated CISO, and security always deferred to "later." But customer data and intellectual property accumulate from day one -- and legal obligations apply regardless of company size. Three incidents from Korea in the first half of 2026 demonstrate that one misconfiguration can cascade into existential damage: Tving Data Breach (2026.06): Mass exposure of CI (Connecting Information, Korea's digital identity key) and refund bank account numbers. Classified as a "major breach" by the Personal Information Protection Commission. The leaked CI enables cross-service identity correlation, multiplying the damage. (CTI-2026-0604-TVING) CU Convenience Store Delivery Hack (2026.06): A simple web vulnerability led to the exfiltration of CI, addresses, phone numbers, and 9+ other data fields. The leaked data was linked to illegal private investigator inquiries and secondary crimes. (CTI-2026-0604-CU_BREACH) FastCampus / DayOne Company GitHub Master Key Theft (2026.06): A single GitHub master key was exfiltrated, granting attackers 30 days of undetected access to internal systems. Over 700,000 user records were exposed. The company took approximately 30 days to detect the breach, and customer notification was delayed beyond 72 hours. (CTI-2026-0611-FASTCAMPUS_DAYONECOMPANY) The common thread: All three began with a single misconfiguration or a single overlooked vulnerability. None required sophisticated zero-days. The damage was inversely proportional to organizational maturity. What startups need is not a $100K security suite. It is knowing what to do first , and a system to check it regularly . The Core Hypothesis An LLM can serve as a startup's first CISO. As of mid-2026, Claude 4, GPT-4o, and DeepSeek V3 -- alongside locally-run models via O

2026-06-17 原文 →
AI 资讯

What Is Shadow AI, and Why It's a Real Security Problem

Shadow AI is the unapproved use of AI tools at work. Here is what it actually is, why it creates security and compliance exposure, and how Bifrost Edge brings it under control at the endpoint. Somewhere in your company right now, someone is pasting a customer list into a personal ChatGPT account to clean up an email. A developer has a coding agent pointed at a repo that still has live credentials in it. Someone in marketing wired up an MCP server they found over the weekend so their assistant can pull from a CRM. None of it shows up anywhere the security team can see. That is shadow AI: people using AI tools for work faster than anyone can govern them. It is rarely reckless. The tools are genuinely useful, they are one click away, and most people have no real sense of what happens to the text they paste into them. The scale is what tends to surprise teams. A 2025 UpGuard report found that more than 80% of workers use unapproved AI tools , security professionals included, and that half use them regularly. This is not a fringe behavior at the edges of the org. It is most people, most days. What counts as shadow AI Shadow AI is any AI tool used for work without security review or central oversight. It is the AI version of shadow IT, except it moved faster and the data leaving the building is often more sensitive. It usually shows up in four shapes: Consumer chat apps used with work data: ChatGPT, Claude, and the rest, on personal accounts. AI inside the browser, where a prompt box is one tab away at all times. Coding agents in the terminal and IDE, which can read source, run commands, and touch infrastructure. MCP servers, the external tools an AI app connects to so it can read files, call APIs, and take actions. The first two leak data outward. The last two are more interesting, because they let an AI tool do things, often with whatever access the employee already has. Why it is an actual security problem, not just a policy headache The risk is not that AI is dangerou

2026-06-16 原文 →
AI 资讯

HTTP vs HTTPS — What Actually Happens When You Visit a Website

By Sailee Shingare | M.S in Computer Science, Northern Illinois University Every time you visit a website, your browser and the server have a conversation. That conversation happens over a protocol — either HTTP or HTTPS. You’ve seen both in your browser’s address bar. But what’s actually different between them, and why does it matter? Let’s break it down. What is HTTP? HTTP stands for HyperText Transfer Protocol . It’s the foundation of data communication on the web — the set of rules that defines how your browser requests information and how servers respond. When you visit a website over HTTP, here’s what happens: You type a URL in your browser Your browser sends a request to the server The server sends back the webpage Your browser displays it Simple. But there’s a problem — everything is sent in plain text . Anyone sitting between you and the server can read it. Your passwords, your credit card numbers, your messages — all visible. This is where HTTPS comes in. What is HTTPS? HTTPS stands for HyperText Transfer Protocol Secure . It’s HTTP with an extra layer of security called TLS (Transport Layer Security) — previously known as SSL. The S in HTTPS means everything between your browser and the server is encrypted . Even if someone intercepts the data, they see nothing but scrambled gibberish. What Actually Happens When You Visit an HTTPS Website When you visit an HTTPS site, your browser and the server perform a TLS Handshake before any data is exchanged. Here’s what happens step by step: Step 1 — Client Hello Your browser says hello to the server and shares which encryption methods it supports. Step 2 — Server Hello The server picks an encryption method and sends back its SSL certificate — a digital document that proves the server is who it claims to be. Step 3 — Certificate Verification Your browser checks the certificate against a list of trusted authorities. If it’s valid, the connection proceeds. If not, you see a warning — “Your connection is not private.”

2026-06-16 原文 →
AI 资讯

PyPI Supply Chain, OWASP LLM Top 10, & eBPF Cloud-Native Security

PyPI Supply Chain, OWASP LLM Top 10, & eBPF Cloud-Native Security Today's Highlights Today's security highlights include a critical new malicious PyPI package targeting developers, a comprehensive guide to the OWASP Top 10 vulnerabilities for LLM applications, and practical insights into leveraging eBPF for advanced cloud-native security monitoring. New Malicious PyPI Package 'ColorLib' Targets Developers with Info-Stealing Malware (The Hacker News) Source: https://thehackernews.com/2026/06/new-malicious-pypi-package-colorlib.html This story details the discovery of a malicious package named 'ColorLib' uploaded to the Python Package Index (PyPI). The package is designed to act as info-stealing malware, specifically targeting developers who might inadvertently incorporate it into their projects. Upon execution, the malware attempts to exfiltrate sensitive data, such as environment variables, cryptocurrency wallet details, and various credentials, from the compromised system. This incident underscores the ongoing threat of software supply chain attacks, where attackers inject malicious code into commonly used open-source repositories. Developers relying on public package managers like PyPI must exercise extreme caution and implement robust security practices, including vetting packages, using dependency scanners, and maintaining a principle of least privilege. The rapid proliferation of such attacks necessitates constant vigilance and proactive security measures to prevent widespread compromise. Comment: Developers should immediately check their requirements.txt and pip freeze output for 'colorlib' and ensure all dependencies are from trusted sources, as these attacks are increasingly common. Exploring the OWASP Top 10 for LLM Applications (The Hacker News) Source: https://thehackernews.com/2026/06/exploring-owasp-top-10-for-llm.html The Open Worldwide Application Security Project (OWASP) has released its highly anticipated Top 10 list specifically tailored for Large

2026-06-16 原文 →