RECON

In my last blog post I introduced the new Windows feature, Administrator Protection and how it aimed to create a secure boundary for UAC where one didn’t exist. I described one of the ways I was able to bypass the feature before it was released. In total I found 9 bypasses during my research that have now all been fixed. In this blog post I wanted to describe the root cause of 5 of those 9 issues, specifically the implementation of UI Access, how this has been a long standing problem with UAC...

Code hosts like GitHub don't necessarily show the correct source of Go modules. pkg.geomys.dev is a new convenient viewer for module source.

Most Google Workspace breaches go undetected for weeks. See how attackers exploit misconfigured permissions and what to look for before it is too late.

Introducing GPT-5.3-Codex-Spark—our first real-time coding model. 15x faster generation, 128k context, now in research preview for ChatGPT Pro users.

More lessons learned from 14 years of engineering at Google, focusing on what truly matters beyond just writing great code.

AI: Good as a Research Assistant. Bad for Creating GitHub Action Workflows

Our most specialized reasoning mode is now updated to solve modern science, research and engineering challenges.

Google researchers found that government-backed hackers now use AI throughout the whole attack lifecycle

作者：Georgios Syros, Evan Rose, Brian Grinstead 译者：知道创宇404实验室翻译组 原文链接：https://arxiv.org/html/2602.09222v1/https://arxiv.org/html/2602.09222v1 摘要 基于大语言模型（LLM）的网络智能体正被广泛部署，通过直接与网站交互并代表用户执行操作，实现复杂在线任务的自动化。...

When corporate data is exposed on a dedicated leak site, the consequences linger long after the attack fades from the news cycle

Healthcare Sector Most Targeted by Ransomware Groups as Attacks Increase 49% YOY    The HIPAA Journal

RU-APT-ChainReaver-L Hijacks Trusted Sites, GitHub In Supply Chain Attack    cyberpress.org

Apple patches zero-day flaw that could let attackers take control of devices    Malwarebytes