360集团创始人周鸿祎谈到，风险还是很多的。他举例到，比如说做一个常规的it系统，它肯定会有漏 洞、有数据隐私的泄露问题，但他提到，这些传统安全都不足为虑，最要命的是有三个安全问题： 他提到，大模型降低了每个人的使用门槛，没学过编程的人现在通过跟大模型交流也能写程序，这就使 得大模型被攻击的门槛也降得很低。通过精心构造了指令，可以让大模型完全听从指令，比如说可以把 企业的机密文件交给你，这种事情已经发生了，这叫做"注入攻击"。"甚至我有时候开玩笑说，一个前 台小姐姐可能不会编程，她对老板不满意，她都可以对大公司的大模型和智能体进行攻击。" 第一个问题，大模型会有错觉，会胡说八道，会出错，甚至还有幻觉。 周鸿祎表示，当大模型有些事情不明白的时候，就会一本正经的瞎编，这个在大模型被当作玩具的时候 可以一笑而过，但是今天大模型带着智能体将要进到很多工业生产制造产品，以及很多政府部门的办公 领域，这种出错可能就是比较可怕的。他强调，特别是有了智能体之后，智能体又有能力去操纵各种工 具，这个危害影响就会更大。 第二个问题，大模型使得任何人攻击人工智能变成可能性。 专题：2025中国互联网大会 7月23日上午消息，202 ...

Core Insights - A significant security vulnerability in Microsoft's SharePoint server software has led to global cyberattacks targeting U.S. government agencies, universities, energy companies, and an Asian telecom company [1][2] - The attacks are classified as "zero-day attacks," exploiting previously unknown vulnerabilities, allowing attackers to impersonate trusted entities and potentially manipulate financial markets [1] - Microsoft has released a security patch for one version of the software but acknowledges that two other versions remain vulnerable and are still under development for patches [2] Group 1: Attack Details - Thousands of SharePoint servers are at risk, with evidence of attempts to exploit the vulnerability before the patch was released [2] - At least two U.S. federal agencies have reported server breaches, with one state government official noting that attackers compromised a public government document repository [3] - The Cybersecurity and Infrastructure Security Agency (CISA) received reports of the vulnerability and immediately contacted Microsoft for coordination [3] Group 2: Expert Opinions - Cybersecurity experts have labeled the vulnerability as severe, indicating that all users hosting SharePoint servers are at risk [2] - Concerns have been raised that even after applying patches, hackers may retain access due to previously obtained keys [2] - The White House's Cyber Safety Review Board has previously criticized Microsoft's security culture following past incidents, indicating ongoing concerns about the company's cybersecurity practices [3]

Group 1 - Singapore is facing a "serious" cyber attack targeting critical infrastructure, attributed to a complex entity known as UNC3886 [1] - The attack is characterized as an "advanced persistent threat," aiming at high-value strategic targets, which could lead to espionage and significant disruption to Singapore's national security [1] - This is the first time Singapore has publicly named a hacker organization responsible for attacks, although the government did not directly link UNC3886 to any specific country [1] Group 2 - The Chinese Embassy in Singapore expressed strong discontent regarding media claims linking UNC3886 to China, emphasizing that China opposes any unfounded accusations [2] - The Embassy highlighted that China has also been a victim of cyber attacks, citing over 270,000 attacks on the Asian Winter Games information system and more than 1,300 instances of "advanced persistent threat" attacks in 2024 [2]

SharePoint是微软面向企业提供的文档管理和协作平台，广泛用于文件共享、项目管理、企业内部信息 门户等关键业务系统。全球成千上万家企业、机构、政府部门都在使用SharePoint。一旦被攻破，黑客 就可能进入整个组织的"神经中枢"——文档系统、用户权限、后台接口等全部暴露。 消息公布后，微软股价在周一美股盘初跌近0.9%，随后震荡转涨。 微软发布紧急补丁，但漏洞仍未彻底封堵 微软核心产品SharePoint文档系统遭大规模黑客攻击，安全研究人员警告全球可能出现大规模数据泄 露。 微软公司近日警告称，黑客正主动攻击其文档管理软件SharePoint的用户。据美国网络安全与基础设施 安全局（CISA）上周日警告，黑客正大规模利用SharePoint的安全漏洞对企业和政府机构展开攻击，可 能造成全球范围的大规模入侵。 攻击规模正在扩大，全球多个行业受波及 微软方面表示，当前黑客攻击的重点是那些自行在本地网络中部署SharePoint服务器的客户，而不是使 用微软托管服务的用户，这可能在一定程度上限制了影响范围。 根据美国网络安全公司Censys研究员Silas Cutler的估计，全球约有超过1万家企业部署了 ...

结合近期重点工作，检查组对企业做好网络安全工作提出具体要求：一是提高政治站位，落实网络安全 主体责任和重保要求，排查防范风险，加强值班值守和应急处置，着力提高安全防护能力；二是持续加 强合规化建设，定期梳理信息资产清单，做到家底清、底数明；对照网络安全法律法规和主管部门工作 要求，及时修订完善公司规章制度体系，把最新标准落实到制度、手册和程序中，以制度机制筑牢网络 安全防线。三是强化应急预案编制与演练，完善不同场景应急预案，提高应急预案针对性实用性，通过 跨部门、全流程的演练活动，锻炼应急队伍在极端情况下的处置能力，不断提升队伍能力；四是强化数 据安全制度体系建设和数据全生命周期管理，认真做好旅客个人信息的保护。昌北机场和江西航空均表 示将以此次网络安全检查为契机，进一步提高思想站位，对于检查中发现的问题，建立问题清单，逐项 整改，全力做好各项网络安全工作。 本次华东局人教处组织的联合检查，既是对辖区企业的"系统体检"，也是对监管队伍的"精准赋能"，通 过"跨区监管资源协同+国家队级技术支撑"相结合方式，汇聚监管强大合力，交互式校验，多角度查 摆，更加有效识别企业网络安全薄弱环节。下一步，江西监管局将在华东局 ...

Group 1 - The article emphasizes the significance of cybersecurity, highlighting that it affects personal privacy, corporate secrets, and national security [1] - It explains the concept of "technical backdoors," which allow unauthorized access to systems and sensitive information if not properly managed [1][3] - The article warns that foreign-produced chips, smart devices, or software may contain intentionally embedded backdoors that can be exploited for remote control or data theft [3] Group 2 - The national security agency suggests that sensitive positions should adopt domestically controlled chips and operating systems to mitigate risks from foreign hardware and software backdoors [5] - It recommends enhancing technical protective measures, such as patch strategies, regular operating system updates, and monitoring for unusual traffic to reduce potential security risks from technical backdoors [5] - Citizens and organizations are encouraged to cooperate with national security agencies in reporting suspicious activities related to cyber espionage [5]

帕洛阿尔托网络公司警告称"这些漏洞利用真实存在且构成严重威胁"。 谷歌威胁情报小组通过邮件声明表示，已观测到黑客利用该漏洞的行为，指出其可导致"持续的未授权 访问，对受影响组织造成重大风险"。 智通财经APP获悉，微软(MSFT.US)服务器软件正遭受不明黑客攻击，网络安全分析师警告全球范围内 可能出现大规模安全漏洞。 微软表示，已发布针对SharePoint服务器的新安全补丁"以缓解针对本地服务器的活跃攻击"，并称正在 部署更多修复程序。 美国网络安全和基础设施安全局确认该漏洞存在，指出黑客可利用其访问文件系统、内部配置并通过网 络执行代码。 密歇根州网络安全公司Censys研究员西拉斯·卡特勒估计，全球超过10,000家使用SharePoint服务器的企 业面临风险，其中美国受影响企业数量最多，荷兰、英国和加拿大紧随其后。 "这简直是勒索软件运营者的美梦，很多攻击者这个周末要加班了，"他补充道。 美国媒体援引州政府官员和独立研究人员的消息称，美国联邦和州级机构、大学、能源公司及一家亚洲 电信运营商已遭入侵。 这已是微软近期遭遇的系列网络攻击之一。该公司曾在3月警告，亚洲黑客正瞄准远程管理工具和云应 用程序 ...

微软公司的企业服务器软件正遭受不明身份黑客的攻击。7月20日，微软称检测到针对SharePoint服务器 客户的主动攻击。7月21日，微软发布安全更新，称全面保护使用SharePoint订阅版和SharePoint2019的 客户免受本次攻击带来的风险，客户应立即应用这些更新。美国网络安全和基础设施安全局20日表示， 已经意识到了这一漏洞，并称该漏洞允许黑客访问文件系统和内部配置。 ...

Group 1 - The importance of cybersecurity is increasingly prominent in today's highly digitalized era, affecting personal privacy, corporate secrets, and even national security [1] - There is a warning about malicious designs or implanted backdoors that could lead to data leaks [1] - The National Security Department has disclosed potential "invisible eavesdropping channels" that may be present around individuals [1]

智通财经7月21日电，据"国家安全部"公众号消息，在如今高度数字化的时代，网络安全的重要性愈发 凸显，不仅关乎着个人隐私、企业秘密，甚至影响着国家安全。需要警惕的是，一些别有用心的设计或 恶意植入的技术后门，可能成为失泄密的导火索。 ...