OpenAI could rival Google Shopping with ChatGPT Shop 文章指出，OpenAI和Perplexity等AI公司正努力成为“全能公司”。OpenAI近期推出ChatGPT“购物”功能测试版，允许用户直接在应用内购买商品。通过与Shopify合作，OpenAI将从中获得销售分成，并拓展收入来源。... 2025-7-28 15:30:32 | 阅读: 10 | 收藏 | Over Security - Cybersecurity news aggregator - www.bleepingcomputer.com chatgpt openai cloud converts cdr

Free Tool Autoswagger Finds The API Flaws Attackers Hope You Miss 文章指出API是现代应用的核心但易受攻击，并通过Optus数据泄露等案例说明其风险。Autoswagger工具可扫描API授权问题，发现多个真实漏洞如微软配置端点和Salesforce记录暴露。文章强调隐藏不必要的API文档以减少攻击面，并推荐使用Intruder服务进行持续安全监控。... 2025-7-28 14:16:14 | 阅读: 10 | 收藏 | Over Security - Cybersecurity news aggregator - www.bleepingcomputer.com autoswagger intruder attackers security

Scattered Spider is running a VMware ESXi hacking spree Scattered Spider黑客组织通过社会工程学手段攻击美国企业虚拟化环境，冒充员工获取初始访问权限后，扫描网络设备寻找高价值目标，并利用SSH连接重置密码。最终部署勒索软件加密虚拟机文件。... 2025-7-27 15:15:27 | 阅读: 15 | 收藏 | Over Security - Cybersecurity news aggregator - www.bleepingcomputer.com spider scattered security ssh ransomware

Post SMTP plugin flaw exposes 200K WordPress sites to hijacking attacks 超过20万WordPress网站使用Post SMTP插件的漏洞版本（CVE-2025-24000），允许黑客接管管理员账户。该漏洞源于REST API访问控制缺陷，低权限用户可获取敏感信息并重置管理员密码。尽管已修复并发布新版本（3.3.0），但仍有大量网站未更新，面临风险。... 2025-7-26 18:15:24 | 阅读: 16 | 收藏 | Over Security - Cybersecurity news aggregator - www.bleepingcomputer.com security wordpress patchstack 24000 cloud

Allianz Life confirms data breach impacts majority of 1.4 million customers Allianz Life保险公司确认其140万客户的个人信息在本月早些时候的数据泄露中被暴露。黑客通过社会工程学手段入侵了第三方云CRM系统。公司已采取措施并通知FBI，目前调查仍在进行中。... 2025-7-26 18:15:23 | 阅读: 15 | 收藏 | Over Security - Cybersecurity news aggregator - www.bleepingcomputer.com allianz salesforce security insurance

Amazon AI coding agent hacked to inject data wiping commands 一位黑客向亚马逊生成式AI助手Q Developer Extension植入恶意代码，试图清除系统数据并删除文件和云资源。该恶意代码通过随机账户提交，并在未经亚马逊察觉的情况下发布至Visual Studio Code市场。尽管恶意代码因格式错误未运行，但此事件仍被视为重大安全漏洞。亚马逊随后发布修复版本并删除受影响版本。... 2025-7-25 20:45:27 | 阅读: 15 | 收藏 | Over Security - Cybersecurity news aggregator - www.bleepingcomputer.com security unapproved developer vsc malicious

Microsoft investigates outage affecting Microsoft 365 admin center Microsoft正在调查一起影响管理员访问Microsoft 365管理中心的持续服务中断问题，并已在其服务健康状态页面上更新相关信息。这是本周第二次出现此类问题，此前类似事件也曾发生。... 2025-7-25 19:0:27 | 阅读: 17 | 收藏 | Over Security - Cybersecurity news aggregator - www.bleepingcomputer.com microsoft outage security deck cisos

The role of the cybersecurity PM in incident-driven development 现代网络安全面临复杂威胁，攻击者利用漏洞和工具链展开智能化攻击。产品经理需关注高风险行为与工具，并通过多层次防御和实时响应机制保护企业环境。同时需持续优化安全策略与产品功能，平衡安全与用户体验。... 2025-7-25 17:15:25 | 阅读: 19 | 收藏 | Over Security - Cybersecurity news aggregator - www.bleepingcomputer.com pms vpns software powershell

US sanctions North Korean firm, nationals behind IT worker schemes The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) has sanctioned... 2025-7-25 12:45:23 | 阅读: 19 | 收藏 | Over Security - Cybersecurity news aggregator - www.bleepingcomputer.com dprk north korea sobaeksu schemes

Woman gets 8 years for aiding North Koreans infiltrate 300 US firms Christina Marie Chapman, a 50-year-old woman from Arizona, was sentenced to 102 months in pr... 2025-7-25 11:45:26 | 阅读: 18 | 收藏 | Over Security - Cybersecurity news aggregator - www.bleepingcomputer.com north chapman korean remote conspiracy

Microsoft lifts Windows 11 update block for Easy Anti-Cheat users Microsoft has removed a compatibility hold that prevented some Easy Anti-Cheat users from in... 2025-7-25 10:15:26 | 阅读: 11 | 收藏 | Over Security - Cybersecurity news aggregator - www.bleepingcomputer.com windows cheat microsoft 24h2 safeguard

BlackSuit ransomware leak sites seized in Operation Checkmate 执法部门查封了BlackSuit勒索软件团伙的暗网网站，并展开国际联合行动。该团伙过去几年攻击全球数百个组织，并可能更名为Chaos。... 2025-7-24 21:45:20 | 阅读: 11 | 收藏 | Over Security - Cybersecurity news aggregator - www.bleepingcomputer.com ransomware blacksuit royal seized security

New Koske Linux malware hides in cute panda images 一种名为Koske的新Linux恶意软件可能由AI开发,利用熊猫图片隐藏恶意代码,直接在内存中部署CPU和GPU优化的加密货币矿工,支持挖掘18种硬币,具备高度自动化和适应性。... 2025-7-24 21:0:29 | 阅读: 14 | 收藏 | Over Security - Cybersecurity news aggregator - www.bleepingcomputer.com aquasec koske memory panda

OpenAI confirms ChatGPT Agent is now rolling out for $20 Plus users ChatGPT Agent功能现已向订阅Plus的用户推出，并将逐步完成推广。该模式允许ChatGPT自主完成复杂任务，如处理日程安排、采购食材及分析竞争对手等。Agent模式利用计算机和浏览器模拟人类操作，并能执行分析、制作幻灯片等任务。目前仅限Plus和Pro用户使用。... 2025-7-24 21:0:28 | 阅读: 11 | 收藏 | Over Security - Cybersecurity news aggregator - www.bleepingcomputer.com chatgpt deck openai cloud dummies

Hacker sneaks infostealer malware into early access Steam game EncryptHub入侵Steam游戏《Chemia》，植入HijackLoader和Fickle Stealer恶意软件窃取用户数据。这是今年第三次Steam游戏被植入恶意软件事件，《Chemia》为Early Access游戏。... 2025-7-24 17:0:29 | 阅读: 15 | 收藏 | Over Security - Cybersecurity news aggregator - www.bleepingcomputer.com chemia encrypthub malicious prodaft stealer

Mitel warns of critical MiVoice MX-ONE authentication bypass flaw Mitel修复了其通信平台MX-ONE中的关键认证绕过漏洞，并披露MiCollab平台的高危SQL注入漏洞。建议用户更新至最新版本并限制访问以降低风险。... 2025-7-24 15:30:26 | 阅读: 4 | 收藏 | Over Security - Cybersecurity news aggregator - www.bleepingcomputer.com mx mitel mivoice security micollab

Hackers breach Toptal GitHub account, publish malicious npm packages 黑客入侵Toptal GitHub账户，在NPM发布10个恶意包窃取GitHub令牌并删除系统文件；事件影响开发者及企业安全；Toptal已处理问题但未公开说明；建议用户回滚至安全版本以避免风险。... 2025-7-24 13:30:29 | 阅读: 14 | 收藏 | Over Security - Cybersecurity news aggregator - www.bleepingcomputer.com toptal picasso malicious github security

SonicWall urges admins to patch critical RCE flaw in SMA 100 devices SonicWall警告客户修复SMA 100系列设备中的关键漏洞（CVE-2025-40599），该漏洞允许攻击者上传任意文件并执行远程代码。尽管需管理员权限且尚未发现活跃利用迹象，但建议用户升级固件并采取安全措施以防范潜在攻击。... 2025-7-24 11:30:36 | 阅读: 16 | 收藏 | Over Security - Cybersecurity news aggregator - www.bleepingcomputer.com sma remote exploited security appliances

Microsoft: SharePoint servers also targeted in ransomware attacks 中国黑客组织Storm-2603利用微软SharePoint服务器的零日漏洞部署Warlock勒索软件，通过提取凭据横向移动传播。微软和CISA已发布警告，建议用户立即更新安全补丁。此次攻击影响了全球至少400个服务器和148个组织，包括美国能源部等政府机构。... 2025-7-24 10:0:29 | 阅读: 16 | 收藏 | Over Security - Cybersecurity news aggregator - www.bleepingcomputer.com microsoft security ransomware 2603 breached

Brave blocks Windows Recall from screenshotting your browsing activity Brave浏览器默认阻止Windows Recall功能捕获其窗口截图以保护用户隐私。Windows Recall可截取活动窗口并搜索文本，但可能泄露敏感数据。Brave利用微软API设置隐私模式防止内容被捕获，并计划在几周内推广该功能至稳定版本。... 2025-7-23 22:45:25 | 阅读: 11 | 收藏 | Over Security - Cybersecurity news aggregator - www.bleepingcomputer.com windows brave recall security microsoft