安珀警报附带垃圾链接?
作者收到一则安珀警报,其中的链接却指向一个可疑的3gp文件转换网站,看起来像是垃圾链接。经核实,该警报是真实的,但链接可能是由于紧急服务警报的字符限制或复制粘贴错误而导致。39分钟后,一条修正信息被发送出去。此事暴露了安珀警报系统在链接测试和错误修正机制上的不足。
相关报道
A new wave of the Shai-Hulud malware campaign has compromised approximately 600 NPM packages, targeting developers by embedding malicious code into open-source dependencies to steal credentials and sensitive data.
Researchers discovered a critical authentication bypass vulnerability (CVE-2026-9058) in Poland's Social Insurance (ZUS), eCourt, and eHealth systems. The flaw, linked to improper e-signature validation, could allow unauthorized access to sensitive citizen and medical data. Security experts warn that unpatched systems pose a serious risk of cyber chaos.
Patrick McKenzie notes that an LLM-produced blog post analyzing supply chain attack clusters, published by msuiche, is the first AI-generated public artifact he finds professionally relevant and complete enough that the lack of a human author does not materially compromise its utility.
The FTC fined Cox Media $4.5 million for claiming it could use AI to eavesdrop on phone microphones to target ads, a practice the company marketed to clients but never actually deployed.
A developer describes being targeted in a sophisticated malware campaign likely linked to North Korea (DPRK), involving fake job offers and malicious code designed to compromise their system.