npm平台遭供应链投毒攻击,涉及600余个恶意版本,开发者需立即更新Token和密钥。
IT之家 5 月 25 日消息,国家网络安全通报中心今日发布预警,称监测发现,全球主流 JavaScript 软件包管理平台 npm 遭“沙虫”(Shai-Hulud)供应链投毒攻击。 攻击者攻陷了 npm 官方维护者账户 ,并在短时间内批量投放大量恶意软件包, 涉及 300 余个独立程序包的 60…
指令微调LLM面临的任务级定向投毒威胁,首个系统性基准PoisonForge发布,助力模型安全评估。
arXiv:2605.23168v1 Announce Type: cross Abstract: When practitioners fine-tune LLMs on unvetted datasets, an adversary can exploit the data supply cha…
多模态大模型在不同语言与模态下呈现截然不同的脆弱性,为AI安全防御提供关键新视角。
arXiv:2605.23157v1 Announce Type: new Abstract: The attack surface of a multimodal large language model (MLLM) is language-dependent in ways that reve…
首个针对语音大语言模型的煤气灯攻击基准测试,揭示模型安全隐患。
arXiv:2509.19858v2 Announce Type: replace Abstract: As Speech Large Language Models (Speech LLMs) become increasingly integrated into voice-based appl…
关注Claude AI模型带来的金钱安全隐患,揭示AI如何放大网络攻击能力。
Article URL: https://www.rte.ie/brainstorm/2026/0517/1572343-claude-ai-model-security-issues-humans-work-information-data/ Comments URL: https://news.…
无需点击就可能被黑?介绍几项手机和App内置的免费功能,帮你有效抵御间谍软件攻击。
Apple, Meta, and Google offer special security modes that provide your devices more secure against targeted spyware attacks. Here are how those modes …
揭秘针对工具增强LLM的新型语义攻击,聚焦模型上下文协议(MCP)中的描述级操纵,为AI安全防御提供关键洞见。
arXiv:2512.06556v2 Announce Type: replace-cross Abstract: The Model Context Protocol (MCP) enables Large Language Models (LLMs) to interact with exter…
新研究用可证明方式保护微调大模型免遭训练数据窃取,同时维持模型效能,隐私与实用兼得。
arXiv:2602.00688v2 Announce Type: replace Abstract: Fine-tuning large language models (LLMs) on sensitive datasets raises privacy concerns, as trainin…
提出自进化元认知策略优化方法,让LLM红队测试更智能高效地发现安全漏洞。
arXiv:2605.10067v3 Announce Type: replace-cross Abstract: Red teaming is critical for uncovering vulnerabilities in Large Language Models (LLMs). Whil…
通过选择性几何控制,提升大模型安全对齐的鲁棒性,为AI防御攻击提供新思路。
arXiv:2602.07340v2 Announce Type: replace Abstract: Safety alignment of large language models remains brittle under domain shift and noisy preference …
用一致性训练算法对抗社交网络政治操纵,为AI安全提供新思路
arXiv:2605.22771v1 Announce Type: new Abstract: Large language models (LLMs) exhibit systematic political bias across a variety of sensitive contexts.…
黑客通过VSCode扩展投毒开源代码,GitHub遭供应链攻击,规模史无前例。
GitHub is just the latest victim of TeamPCP, a gang that has carried out a spree of software supply chain attacks.
针对音频大模型的攻击新范式,能在编解码预处理下依然生效,突破现有防御机制。
arXiv:2605.20519v1 Announce Type: cross Abstract: Prior attacks on Audio Large Language Models (Audio LLMs) demonstrated that carefully crafted wavefo…
从一枚恶意VS Code扩展说起,揭秘GitHub内部3800个仓库泄露的供应链攻击链条,开发者必看的安全警示。
多模态大模型多人图像输入的安全漏洞:组合攻击框架DMN揭示新的越狱风险。
arXiv:2605.18915v1 Announce Type: cross Abstract: Multimodal Large Language Models (MLLMs) are vulnerable to jailbreak attacks, which can elicit harmf…
恶意VSCode扩展致GitHub 3800个仓库被入侵,供应链安全警钟再响
Previous thread in sequence: GitHub is investigating unauthorized access to their internal repositories - https://news.ycombinator.com/item?id=4820131…
针对LLM越狱新方法,采用自适应探针引导,克服了传统对比引导的偏差和手动调参局限,提升鲁棒性与有效性。
arXiv:2605.20286v1 Announce Type: cross Abstract: Recent work has demonstrated the potential of contrastive steering for jailbreaking Large Language M…
首个专攻AI Agent监控器逃避攻击的基准测试,揭示安全漏洞新维度。
arXiv:2605.16626v2 Announce Type: replace-cross Abstract: Since autonomous coding agents generate complex behaviors at high-volume, we may want to use…
多轮多模态攻击防不胜防?这篇论文提出预测性防御机制,应对未见过的新型攻击。
arXiv:2605.18988v1 Announce Type: cross Abstract: The expansion of Multimodal Large Language Models (MLLMs) and their integration into autonomous agen…
富士康遭黑客入侵,超30份苹果服务器文档样本泄露,安全危机持续发酵
IT之家 5 月 21 日消息,科技媒体 AppleInsider 昨日(5 月 20 日)发布博文,通过分析泄露样本,发现今年 5 月富士康北美设施遭遇的网络攻击事件中, 已流出超过 30 份苹果机密文件。 IT之家曾于 5 月 13 日报道,富士康(Foxconn)确认其位于美国威斯康星州 Mo…