什么是 Ars Technica？

Attackers exploited Dashlane's device enrollment API via 2FA spraying to download fewer than 20 encrypted vaults before automated lockouts. By distributing requests across thousands of accounts, they increased 6-digit OTP guess probability from 1/1M to 1/1K while evading rate limits, though Argon2 hashing still protects vault contents.

Researchers discovered a zero-day vulnerability that can completely bypass the default BitLocker encryption protection on Windows 11.

Reddit's mobile site temporarily banned the author's IP due to excessive daily visits, revealing how anti-bot systems can mistakenly flag legitimate users.

A critical vulnerability in an open-source package could affect millions of AI agents, posing a significant threat to the global AI ecosystem.

The article reports that dozens of Red Hat's NPM packages were backdoored via its official channel, with attackers injecting malicious code into npm repositories using supply chain vulnerabilities, but lacks technical details or remediation steps.

This article primarily discusses website privacy settings and cookie management mechanisms rather than technical vulnerability analysis, focusing on user data permissions and ad tracking controls.