Search results for 175
People
Not Found
Tweets including 175
新干货来了。这次是很多人中过招的「剪贴板安全」问题。在许多加密资产被盗事件中,受害者最困惑的一点常常是:“我根本没联网传输过私钥,怎么就被盗了?”那么,这期内容 @SlowMist_Team 就将围绕剪贴板安全展开,带你了解它的原理、攻击方式,以及防范建议,速览补电。 https://t.co/YlvYtEEIx5
Show more
0
0
0
4
4
@SlowMist_Team 再次带来新干货。这次是很多人中过招的「剪贴板安全」问题。在许多加密资产被盗事件中,受害者最困惑的一点常常是:“我根本没联网传输过私钥,怎么就被盗了?”那么,这期内容就将围绕剪贴板安全展开,带你了解它的原理、攻击方式,以及防范建议,速览补电。 https://t.co/YlvYtEEIx5
Show more
0
0
0
1
1
抽空验证了下这个利用 Browser MCP(https://t.co/xOe2ynjSDR) 读取本地任意文件的利用,在 Windows 上失败,应该是本地文件权限默认被保护了。不过这个不是重点,重点是原帖给的这个 https://t.co/F7jWQDySJ4 里的内容(如图),这个内容造成了提示词注入,会让 Cursor 等尝试按提示词要求获取本地文件(这里是 ~/.cursor/mcp.json)内容并完成所谓的验证流程,然后本地文件内容可能就泄露了...
那 Browser MCP 的作用是什么?是完成这个泄露的后续操作,即将泄露的内容通过目标 URL 传输出去。
大概就是这样的一个利用过程...
各类 MCP 工具正在百花齐放,搭配在 LLM 之上,各 AI Client 真的又强大了许多...但明显,许多安全策略是没跟上的,可能一个不小心,哪里就爆了个雷...
一定要留个心眼,别滥用了。
Show more
🔴🌎 New MCP attack on BrowserMCP
We show an MCP attack on the popular BrowserMCP.
It allows attackers to read arbitrary files from your machine, when the agent visits the website below.
Try yourself with: https://t.co/q7EalhASmZ
No bad MCP server needed.
(1/n)👇 https://t.co/l503tcOly4
Show more
0
0
1
2
1
🚨SlowMist Security Alert🚨
The root cause of the @th3r0ar exploit was the presence of a backdoor in the contract
During deployment, the R0ARStaking contract altered the balance (user.amount) of a specified address by directly modifying storage slots. Subsequently, the attacker extracted all funds from the contract through an emergency withdrawal function.
https://t.co/3G0Z1GTjt6
Show more
0
0
0
6
2
🚨SlowMist Security Alert🚨
@zksync security team has identified a compromised admin account that took control of ~$5M worth of ZK tokens — the remaining unclaimed tokens from the ZKsync airdrop.
🧾 Related Address:
0xb1027ed67f89c9f588e097f70807163fec1005d3
As always, stay vigilant!
Show more
0
0
0
4
2
0
0
13
228
7
🔗 MCP tools are crucial bridges between AI models and external systems, but bring security risks.
🛡️ SlowMist released an "MCP Security Checklist" covering Host, Client, Server layers and crypto scenarios to help safely integrate blockchain and AI. 🤖💰
Show more
0
0
1
6
4
发布了,MCP 安全检查清单:AI 工具生态系统安全指南/MCP Security Checklist: A Security Guide for the AI Tool Ecosystem
感谢 https://t.co/BK42AqzsjY 倾力相助,也欢迎更多朋友多给建议,我们会持续维护本安全清单🧾
🇨🇳中文版:
https://t.co/RE97jkF9Qk
🇺🇸英文版:
https://t.co/pB7XjOQWQA https://t.co/fsAqLATEIr
Show more
顺利的话,明天我们 @SlowMist_Team 会发布:MCP 安全检查清单:AI ⼯具⽣态系统安全指南
MCP Security Checklist: A Security Guide for the AI Tool Ecosystem
来自我们的一线有关安全审计的经验汇总,一起玩耍。👀 https://t.co/hqFdaZEFou
Show more
0
0
19
123
47
0
0
32
248
10
周末出个海🚢去深圳泡泡澡吃火锅感觉错失一个亿,评论+蓝V互关+艾特俩好友,评论区抽一个UU送50U💰💰💰
我也来蹭个热度,请各位尊贵的蓝V用户们互关一波🥰🥰
评论区留言,保证有关必回,行情不好的时候可以一起抱团暖暖🥹 https://t.co/LK00jjPLrP
Show more
0
0
71
43
7
支持抵制这种行为,不仅别向大学生推广也别向老年人推广,至于其他成年人(包括我),说了也没用,为自己的决定负责。如果涉嫌违法的,也建议直接举报。
Show more
我们呼吁:请各大交易平台停止向大学生推广合约体验金行为
最近一些币圈交易平台正向大学生群体发放所谓「合约体验金」,体验金虽然无法直接提现,但如“盈利”在朋友圈晒高额收益可获得额外激励
这一行为本质是披着「金融启蒙」外衣赌博诱导,精准收割风险意识薄弱、资金管理能力不足的大学生群体。
即便当前行业整体面临用户增长瓶颈,但这不意味能将大学生作为业务扩张的突破口
如果我们不想再次见证「裸条贷」式的灾难在加密世界重演,如果我们不想看到一个个年轻人被培养成赌徒,我们就必须从此刻起开始行动,抵制这种行为
https://t.co/e4UtOqMAEa
Show more
0
0
33
181
20
顺利的话,明天我们 @SlowMist_Team 会发布:MCP 安全检查清单:AI ⼯具⽣态系统安全指南
MCP Security Checklist: A Security Guide for the AI Tool Ecosystem
来自我们的一线有关安全审计的经验汇总,一起玩耍。👀 https://t.co/hqFdaZEFou
Show more
0
0
23
264
32
OpenLora is the designated deployment engine for specialized models in the OpenLedger ecosystem.
By leveraging just-in-time adapter switching, OpenLora enables the efficient serving of thousands of fine-tuned LoRA adapters on a single GPU, drastically reducing deployment costs.
Unlike generic models, OpenLora-powered specialized models require fewer input tokens and produce more optimized, precise outputs - minimizing both input and output token size while delivering task-specific performance at scale.
Faster, Smarter, and Specialized.
Show more
0
0
450
1.2K
441
Icon Star @alluarjun greeted his fans at his residence with love and warmth.🖤🫶
Here are a few special clicks! ✨
#AlluArjun# #IconStarAlluarjun#
#HappyBirthdayAlluArjun# #AA22# https://t.co/oIK60sRss9
Show more
0
0
0
91
21
0
0
0
921
609
Get ready to FEEL THE FIRE 🔥
Watch #AadivaaramWithStarMaaParivaaram# at 11 am only on #StarMaa#
#AadivaaramWithStarMaaParivaaram# https://t.co/J9PxzNYx8m
0
0
1
972
281
She chose MS-13 over Americans.
Huge disappointment. https://t.co/Txo6c8wp6z
0
0
4.7K
69.1K
14.3K
Let’s put this to an end , Kapeeka takes coolman down on Amazon with @WWERomanReigns Superman punch https://t.co/0oS04Umxr2
0
0
2
172
26