Microsoft

Infostealers without borders: macOS, Python stealers, and platform abuse

How modern infostealers target macOS systems, leverage Python‑based stealers, and abuse trusted platforms and utilities to ...
LinuxInsider

Weaponized Python and Linux Malware Target Executives and Cloud Systems

Two malware campaigns weaponize open-source software to target executives and cloud systems, combining social engineering ...
The Hacker News

Fake Python Spellchecker Packages on PyPI Delivered Hidden Remote Access Trojan

Two fake spellchecker packages on PyPI hid a Python RAT in dictionary files, activating malware on import in version 1.2.0.
Security Boulevard

Single Sign-On with External Security Token Services

Learn how to implement Single Sign-On with External Security Token Services (STS). A deep dive into SAML, OIDC, and token exchange for CTOs and VP Engineering.
eWeek

Google's Project Genie Grants 60-Second World Tours

Genie now pops entire 3D realms in 60 seconds while Tesla retires cars to build robot coworkers and a rogue lobster bot breaks the GitHub meter. Grab your digital passport—today's features are already ...
腾讯网Opinion

张慧敏 | AI 的狂欢与人类的疑虑:从 OpenClawd 到 Moltbook 的一周风暴

编者按:Moltbook的爆火与争议揭示了AI社交实验的双刃剑特性。其以纯文本指令驱动AI智能体交互的创意虽具前瞻性,但150万用户中高达99%的水军占比、无限制的账号注册机制及严重的数据泄露漏洞,暴露了项目在安全性与真实性上的重大缺陷。这场狂欢实质 ...
腾讯网

AI代理技能生态安全大调查:超过四分之一的技能包存在安全漏洞

通过这次大规模调查,研究团队揭示了一个令人震惊的现实:超过四分之一(26.1%)的技能包存在至少一种安全漏洞。更具体地说,他们发现了14种不同的漏洞模式,可以归纳为四大类威胁:恶意指令注入、数据窃取、权限提升和供应链攻击。