1 views collected around this technical thread.
A comprehensive study reveals that Model Context Protocol (MCP) platforms lack strict vetting, users struggle to detect malicious servers, and current large language models cannot effectively resist MCP‑level injection attacks, highlighting critical security challenges and proposing mitigation strategies.
This article explains WeChat’s hidden “recover” feature, detailing its official purpose, technical limits, step‑by‑step recovery methods, effectiveness, backup strategies, and the risks of third‑party tools, helping users safely restore lost chat records.
This comprehensive guide explains the 2025 WeChat account unblocking process, covering identification of restriction types, required evidence, self‑service five‑step recovery, advanced manual appeal tactics, common issues, and post‑unblock security measures to help users restore access efficiently.
Guangzhou police investigated a foreign cyber‑attack on a local tech firm, traced the malicious code to a Taiwan‑based hacker group linked to the DPP, and detailed the group’s low‑level tactics, extensive asset scanning, and use of VPNs and overseas cloud servers.
Google Chrome now offers an automatic password‑change function that detects leaked credentials, generates strong passwords, and updates them with minimal user effort, while websites must adopt specific autocomplete attributes and change‑password URLs to integrate seamlessly with this security enhancement.
A coordinated overseas cyber‑attack breached a Guangzhou tech firm's self‑service equipment backend, causing hours of service outage, data leakage, and significant losses, prompting swift police investigation, evidence preservation, and a detailed technical analysis of the attackers' methods.
This article explains the fundamentals of JSON Web Tokens (JWT), compares token‑based authentication with traditional session authentication, outlines common security threats such as theft, replay and forgery, and provides practical mitigation measures including HTTPS, token encryption, secure storage, expiration policies, two‑factor authentication and safe token refresh mechanisms.
The article explains why some companies prohibit IntelliJ IDEA, citing copyright risks, security vulnerabilities, efficiency losses from activation prompts, collaboration challenges, and the high cost of commercial licenses, while emphasizing the need to follow unified tool policies.
This article explains the fundamentals of JSON Web Tokens (JWT), compares token‑based authentication with traditional session authentication, outlines common token security threats such as theft, replay, and forgery, and presents practical mitigation measures including HTTPS, encryption, secure storage, short expiration, MFA, and safe token refresh mechanisms.
This article provides a comprehensive comparison of free PC firewall solutions, detailing each software's core functions, suitable scenarios, drawbacks, and source references, followed by key recommendations, compatibility notes, performance assessments, and user feedback to help readers choose the most suitable firewall.
This article explains the risks of exposing sensitive PHP files, outlines common security threats, and provides concrete best‑practice measures such as proper permission settings, .htaccess rules, placing files outside the web root, configuration safeguards, and regular security audits to protect web applications.
This article explains how to integrate the nmap4j library into a Java SpringBoot project to perform Nmap scans for service and version detection, retrieve database details, handle both Windows and Linux environments, and process the XML results with Dom4j, providing complete code examples and parameter guidance.
The ISO/IEC JTC 1/SC 27 plenary meeting in Virginia approved the ISO/IEC 25330 Part 3 standard on Oblivious Transfer Extension, a cryptographic protocol standardized by Ant Group with contributions from Chinese researchers, aiming to improve OT efficiency and interoperability for secure multi‑party computation.
The article explains why data masking is essential for protecting sensitive information, then details three implementation methods—SQL, Java (with open‑source plugins), and the MyBatis‑Mate‑Sensitive‑Jackson ORM extension—comparing their principles, code examples, advantages, limitations, performance, suitable scenarios, and cost considerations.
This guide walks you through systematic Linux password hunting techniques—including searching filenames, scanning file contents, extracting credentials from web and config files, cracking hashes with Hashcat and John, leveraging hidden files, MySQL databases, backup archives, and automating discovery with LinPEAS—to elevate privileges and gain full root access.
This article explains how to use Python's built‑in zipfile module and the third‑party rarfile library to brute‑force and decrypt encrypted zip archives, handle Chinese filename encoding issues, and generate password permutations efficiently with itertools for flexible password lengths.
This article explains how to automatically detect and block accidental commits of sensitive data such as database passwords or API keys in a PHP project by integrating the captainhook/secrets library via Composer, covering installation, predefined suppliers, custom regex, whitelist usage, and the benefits of CI/CD integration.
The article examines the often‑ignored hidden vulnerabilities in cloud architectures—such as API flaws, misconfigurations, and third‑party service risks—illustrates real‑world incidents, explains why enterprises neglect these issues, and offers concrete measures to strengthen cloud security.
Microsoft reinstated the "Material Theme - Free" and "Material Theme Icons - Free" VSCode extensions after an AI‑driven security scan mistakenly flagged them as malicious, prompting a public apology and a review of its scanning policies.
The article examines how cryptographic watermarking can secure AI‑generated content by embedding robust, undetectable, and unforgeable signatures, reviews existing methods such as SynthID and Video Seal, and discusses recent research using pseudo‑random codes, error‑correcting codes, and diffusion inversion to improve watermark resilience.