PSA.ngo
LightNews LightNews
banner
psa.ngo
PSA.ngo
@psa.ngo
33 followers 1 following 1.3K posts
关注数字隐私、信息安全、知识可及性

🌐 https://psa.ngo

#数字隐私 #隐私 #信息安全 #安全 #资安 #可及性 #privacy #security #accessibility #infosec
Posts Replies Media Videos
psa.ngo
Veeam曝新漏洞:备份服务器或遭远程代码执行

BleepingComputer称Veeam曝出新漏洞,或使备份服务器面临RCE攻击风险。鉴于细节未明,建议管理员尽快关注官方通告并实施防护与更新。

📰 https://psa.ngo/news/veeam-rce-backup-servers-new-vulnerabilities/
New Veeam vulnerabilities expose backup servers to RCE attacks
Veeam released security updates to patch multiple security flaws in its Backup & Replication software, including a critical remote code execution (RCE) vulnerability.
www.bleepingcomputer.com
January 8, 2026 at 3:11 AM
psa.ngo
网络攻击冲击Jaguar Land Rover:批发销量骤降43%

BleepingComputer称,Jaguar Land Rover在遭遇网络攻击后批发销量下滑43%。报道未披露更多细节,影响范围与恢复时间仍待确认。

📰 https://psa.ngo/news/cyberattack-hits-jaguar-land-rover-wholesale-down-43/
Jaguar Land Rover wholesale volumes down 43% after cyberattack
Jaguar Land Rover (JLR) revealed this week that a September 2025 cyberattack led to a 43% decline in third-quarter wholesale volumes.
www.bleepingcomputer.com
January 7, 2026 at 9:11 AM
psa.ngo
围绕Copilot提示注入的界定之争:漏洞还是AI的能力边界?

BleepingComputer提出:Copilot提示注入究竟是可修复的安全漏洞,还是LLM固有能力边界,引发行业对AI风险归类与披露规范的讨论。当前缺乏更多细节与官方回应。

📰 https://psa.ngo/news/copilot-prompt-injection-vulnerability-or-ai-limits/
Are Copilot prompt injection flaws vulnerabilities or AI limits?
Microsoft has pushed back against claims that multiple prompt injection and sandbox-related issues raised by a security engineer in its Copilot AI assistant constitute security vulnerabilities. The development highlights a growing divide between how vendors and researchers define risk in generative AI systems.
www.bleepingcomputer.com
January 7, 2026 at 4:11 AM
psa.ngo
黑客盯上云端文件分享平台 企业数据外泄风险攀升

报道称,攻击者正在滥用云端文件分享网站对企业实施数据窃取。由于缺乏更多公开细节,具体受影响平台和攻击规模尚未明确。

📰 https://psa.ngo/news/hackers-target-cloud-file-sharing-for-corporate-data-theft/
Cloud file-sharing sites targeted for corporate data theft attacks
A threat actor known as Zestix has been offering to corporate data stolen from dozens of companies likely after breaching their ShareFile, Nextcloud, and OwnCloud instances.
www.bleepingcomputer.com
January 6, 2026 at 6:11 PM
psa.ngo
US宽带商Brightspeed就疑似入侵与数据泄露说法展开调查

US宽带服务商 Brightspeed 正调查网上流传的入侵与数据泄露说法,目前尚未披露影响范围与细节,相关主张的真实性仍待确认。

📰 https://psa.ngo/news/brightspeed-investigates-breach-claims/
US broadband provider Brightspeed investigates breach claims
Brightspeed, one of the largest fiber broadband companies in the United States, is investigating security breach and data theft claims made by the Crimson Collective extortion gang.
www.bleepingcomputer.com
January 6, 2026 at 4:11 PM
psa.ngo
Ledger称第三方Global-e数据泄露波及其部分客户

Ledger称其部分客户因第三方合作伙伴Global-e的数据泄露事件受到影响,正与对方调查,尚未公开波及范围与泄露细节。

📰 https://psa.ngo/news/ledger-global-e-breach-impacts-customers/
Ledger customers impacted by third-party Global-e data breach
Ledger is informing some customers that their personal data has been exposed after hackers breached the systems of third-party payment processor Global-e.
www.bleepingcomputer.com
January 6, 2026 at 1:11 PM
psa.ngo
Resecurity疑遭黑客入侵 公司称为蜜罐诱捕并非真泄露

黑客称已攻破Resecurity并获取数据,Resecurity则表示遭攻击的是用于研究的蜜罐系统,并非生产数据。目前泄露有效性尚未获独立证实,企业称核心业务未受影响。

📰 https://psa.ngo/news/hackers-claim-resecurity-hack-honeypot-dispute/
Hackers claim to hack Resecurity, firm says it was a honeypot
The ShinyHunters hacking group claims it breached the systems of cybersecurity firm Resecurity and stole internal data, while Resecurity says the attackers only accessed a deliberately deployed honeypot containing fake information used to monitor their activity.
www.bleepingcomputer.com
January 6, 2026 at 7:11 AM
psa.ngo
Covenant Health通报5月数据事故 近48万名患者受影响

Covenant Health披露一起发生于5月的数据泄露,影响近47.8万名患者。更多技术细节与后续处置尚未公开。

📰 https://psa.ngo/news/covenant-health-may-data-breach-impacts-478k-patients/
Covenant Health says May data breach impacted nearly 478,000 patients
The Covenant Health organization has revised to nearly 500,000 the number of individuals affected by a data breach discovered last May.
www.bleepingcomputer.com
January 6, 2026 at 4:11 AM
psa.ngo
Trust Wallet称850万美元加密资产被盗与“Shai-Hulud”NPM攻击相关

Trust Wallet称约850万美元加密资产被盗,并将事件与“Shai-Hulud”针对NPM的供应链攻击相关联。细节与影响范围尚未公布,调查仍在进行。

📰 https://psa.ngo/news/trust-wallet-8-5m-crypto-theft-shai-hulud-npm-attack/
Trust Wallet links $8.5 million crypto theft to Shai-Hulud NPM attack
Trust Wallet believes the compromise of its web browser to steal roughly $8.5 million from over 2,500 crypto wallets is likely related to an "industry-wide" Sha1-Hulud attack in November.
www.bleepingcomputer.com
January 6, 2026 at 12:11 AM
psa.ngo
IBM警示API Connect严重认证绕过漏洞

IBM警告API Connect存在严重认证绕过漏洞,可能在未验证身份的情况下被滥用。公司敦促尽快采取修复或缓解措施,细节有待进一步披露。

📰 https://psa.ngo/news/ibm-api-connect-auth-bypass-critical-warning/
IBM warns of critical API Connect auth bypass vulnerability
IBM urged customers to patch a critical authentication bypass vulnerability in its API Connect enterprise platform that could allow attackers to access apps remotely.
www.bleepingcomputer.com
January 2, 2026 at 1:11 AM
psa.ngo
前Facebook公共政策主管回忆录《Careless People》:从理想主义到“放任邪恶”

隐私博客The New Oil评介前Facebook公共政策总监Sarah Wynn-Williams的回忆录《Careless People》,呈现这家科技巨头从“理想主义平台”坠落为放大仇恨与滥权工具的过程。书评认为,该书虽少有全新爆料,但以亲历视角勾勒出Meta内部决策如何一步步演变为对社会的系统性伤害。

📰 https://psa.ngo/news/careless-people-meta-facebook-memoir-review/
Book Review: "Careless People" by Sarah Wynn-Williams
When people started buzzing about Careless People, I admit that I found myself thinking "who cares? Meta is a morally rotten company run by greedy, out-of-touch sleezeballs? This isn't news." But as more and more people talked about it and I began to hear it discussed on non-privacy-focused mainstream outlets,
ghost.thenewoil.org
December 31, 2025 at 3:21 AM
psa.ngo
Meta前高管揭露公司内部变迁与道德危机,回忆录《Careless People》引发关注

Meta前高管Sarah Wynn-Williams新书《Careless People》以亲历视角揭示Meta平台内部的道德困境和社会争议,呼吁行业反思科技力量带来的深远影响。

📰 https://psa.ngo/news/meta-executive-memoir-careless-people-reveals-internal-crisis/
Book Review: "Careless People" by Sarah Wynn-Williams
When people started buzzing about Careless People, I admit that I found myself thinking "who cares? Meta is a morally rotten company run by greedy, out-of-touch sleezeballs? This isn't news." But as more and more people talked about it and I began to hear it discussed on non-privacy-focused mainstream outlets,
ghost.thenewoil.org
December 31, 2025 at 3:21 AM
psa.ngo
Google将允许用户更改@gmail.com邮箱地址,突破历史限制

Google宣布将首次为用户提供更改@gmail.com邮箱地址的选项,打破长期以来邮箱地址无法修改的局限,有望提升账号管理灵活性与用户体验。

📰 https://psa.ngo/news/google-gmail-address-change-feature-launch/
Google will finally allow you to change your @gmail.com address
Google will finally allow you to change your @gmail address or create a new alias, according to a new support document.
www.bleepingcomputer.com
December 26, 2025 at 11:10 AM
psa.ngo
Apple将开放巴西iOS用户使用第三方应用商店,响应反垄断诉求

Apple同意在巴西开放iOS第三方应用商店和外部支付,以达成反垄断诉讼和解,并将对新平台收取服务费,但也警告用户隐私与安全风险将增加。

📰 https://psa.ngo/news/apple-brazil-ios-alternative-app-stores-antitrust-settlement/
Apple to Allow Alternative App Stores for iOS Users in Brazil
Apple will soon allow alternative iOS app stores in Brazil after agreeing to settle an antitrust lawsuit in the country.
www.thurrott.com
December 26, 2025 at 10:10 AM
psa.ngo
冒充MAS的激活网站传播PowerShell恶意软件被曝光

仿冒MAS激活网站通过伪装脚本向用户传播PowerShell恶意软件,安全专家呼吁用户警惕此类攻击风险,务必通过正规渠道获取工具。

📰 https://psa.ngo/news/fake-mas-windows-activation-domain-powershell-malware-campaign/
Fake MAS Windows activation domain used to spread PowerShell malware
A typosquatted domain impersonating the Microsoft Activation Scripts (MAS) tool was used to distribute malicious PowerShell scripts that infect Windows systems with the 'Cosmali Loader'.
www.bleepingcomputer.com
December 26, 2025 at 9:10 AM
psa.ngo
Microsoft Teams将支持通过Defender统一门户屏蔽外部用户

Microsoft将为Teams引入通过Defender门户集中屏蔽外部用户的新功能,将提升企业协作安全性。该功能有助于防范外部安全风险,细节将在后续公布。

📰 https://psa.ngo/news/microsoft-teams-defender-portal-block-external-users/
Microsoft Teams to let admins block external users via Defender portal
Microsoft announced that security administrators will soon be able to block external users from sending messages, calls, or meeting invitations to members of their organization via Teams.
www.bleepingcomputer.com
December 26, 2025 at 8:10 AM
psa.ngo
法院叫停德州年龄验证法,Apple暂停当地App Store调整

德州强制应用商店年龄验证法被法院叫停,Apple宣布暂停当地App Store相关调整,关注法律进展。该案涉及用户隐私争议,德州州政府计划继续上诉。

📰 https://psa.ngo/news/apple-pauses-app-store-texas-court-blocks-age-assurance-law/
Apple pauses app store changes in Texas after court blocks age-assurance law | TechCrunch
Apple said it will pause its plans for compliance with the new law in Texas but notes other age-assurance tech remains available to developers.
techcrunch.com
December 26, 2025 at 6:10 AM
psa.ngo
EFF指国会草率通过网络言论治理法案,恐损言论自由与隐私

EFF等组织批评美国国会匆忙通过TAKE IT DOWN法案,认为其威胁言论自由与隐私,并可能导致正当内容被错误下架。

📰 https://psa.ngo/news/eff-warns-take-it-down-act-threatens-free-speech-and-privacy/
Politicians Rushed Through An Online Speech “Solution.” Victims Deserve Better.
Earlier this year, both chambers of Congress passed the TAKE IT DOWN Act. This bill, while well-intentioned, gives powerful people a new legal tool to force online platforms to remove lawful speech that they simply don't like. The bill, sponsored by Senate Commerce Chair Ted Cruz (R-TX) and Rep....
www.eff.org
December 26, 2025 at 5:10 AM
psa.ngo
MongoDB紧急警告管理员:迅速修补严重远程执行漏洞

MongoDB警告管理员立即修补一个高危远程代码执行漏洞,避免攻击者远程入侵威胁数据库安全。

📰 https://psa.ngo/news/mongodb-warns-admins-patch-severe-rce-flaw-immediately/
MongoDB warns admins to patch severe RCE flaw immediately
MongoDB has warned IT admins to immediately patch a high-severity vulnerability that may be exploited in remote code execution (RCE) attacks targeting vulnerable servers.
www.bleepingcomputer.com
December 26, 2025 at 4:10 AM
psa.ngo
FBI查封涉盗取美国受害者银行凭据的非法网站

FBI查封了一个涉及窃取美国受害者银行凭据的网站,防止被盗信息进一步用于犯罪,并持续追查涉案黑客网络。

📰 https://psa.ngo/news/fbi-seizes-domain-storing-stolen-us-bank-credentials/
FBI seizes domain storing bank credentials stolen from U.S. victims
The U.S. government has seized the 'web3adspanels.org' domain and the associated database used by cybercriminals to host bank login credentials stolen in account takeover attacks.
www.bleepingcomputer.com
December 26, 2025 at 3:10 AM
psa.ngo
Microsoft为Windows 11引入硬件加速BitLocker提升数据安全

Microsoft宣布在Windows 11中推出硬件加速BitLocker功能,利用现代处理器提升加密效率并减少性能影响,进一步加强用户数据安全。

📰 https://psa.ngo/news/microsoft-windows11-hardware-accelerated-bitlocker/
Microsoft rolls out hardware-accelerated BitLocker in Windows 11
Microsoft is rolling out hardware-accelerated BitLocker in Windows 11 to address growing performance and security concerns by leveraging the capabilities of system-on-a-chip and CPU.
www.bleepingcomputer.com
December 26, 2025 at 2:10 AM
psa.ngo
全能AI代理时代到来,用户数据隐私面临新挑战

AI代理和助手的普及要求用户开放更多个人数据访问权限,令隐私与数据安全挑战不断升级。用户和企业都需重新审视技术便利和隐私保护的平衡。

📰 https://psa.ngo/news/age-of-ai-agents-user-data-privacy-challenge/
The Age of the All-Access AI Agent Is Here
Big AI companies courted controversy by scraping wide swaths of the public internet. With the rise of AI agents, the next data grab is far more private.
www.wired.com
December 26, 2025 at 1:10 AM
psa.ngo
Jeffrey Epstein案涉密文件遭技术手段解密,敏感信息外泄社交媒体

Jeffrey Epstein案件被打码的文件通过技术手段被部分还原,相关敏感内容已在社交媒体上广泛传播,引发隐私与信息安全关注。

📰 https://psa.ngo/news/epstein-case-redacted-files-exposed-on-social-media/
Some Epstein file redactions are being undone with hacks
Un-redacted text from released documents began circulating on social media on Monday evening
www.theguardian.com
December 26, 2025 at 12:10 AM
psa.ngo
欧盟酝酿扩大数据保留范围,VPN服务商或将面临新监管

欧盟正计划扩大数据保留政策,将VPN服务商纳入监管范围,引发对隐私和个人自由的新讨论。业界与隐私倡导者呼吁在安全与自由之间寻求平衡。

📰 https://psa.ngo/news/eu-data-retention-vpn-regulation/
The EU prepares ground for wider data retention – and VPN providers are among the targets
A legislative proposal is expected to be introduced in the first half of 2026
www.techradar.com
December 24, 2025 at 9:10 PM
psa.ngo
WebRAT恶意软件通过伪装漏洞利用工具在GitHub传播

WebRAT木马正通过假冒安全漏洞利用工具在GitHub上传播,安全专家呼吁用户警惕来源不明的开源项目。

📰 https://psa.ngo/news/webrat-malware-fake-vulnerability-github/
WebRAT malware spread via fake vulnerability exploits on GitHub
The WebRAT malware is now being distributed through GitHub repositories that claim to host proof-of-concept exploits for recently disclosed vulnerabilities.
www.bleepingcomputer.com
December 24, 2025 at 8:10 PM