Aggregator

Goal Is for Faster, Better Treatment Innovation, Drug Therapies
The U.S. Food and Drug Administration is planning to launch a pilot program aimed at advancing real-time clinical trials through the use of artificial intelligence tools and data science. The goal is to accelerate the development of promising new drugs, which often end up slowed down in bottlenecks.

Elon Musk's Lawsuit Threatens a $852B AI Empire
Elon Musk took the stand this week in a lawsuit that could unwind OpenAI's corporate structure, derail its IPO bid and transform the artificial intelligence landscape. The stakes are high for enterprise customers that bet on OpenAI's technology platform.

Federal Charges Target Recruiters, Managers in Scam Centers After Global Takedown
U.S. and international law enforcement agencies dismantled a network of overseas scam centers linked to cryptocurrency investment fraud schemes, officials said Wednesday, arresting at least 276 individuals in a crackdown across the Middle East and Southeast Asia.

Fabrix Security Buy Adds Real-Time Decisioning for Human and Machine Identities
Silverfort's acquisition of Israeli startup Fabrix Security adds AI-driven, real-time access decisioning built on a contextual knowledge graph, aiming to replace static policies and scale identity security for human, machine and agentic identities operating at machine speed.

GCC 编译器项目合并了支持海光 C86-4G CPU 的补丁。海光最早是与 AMD 合作的半导体企业，授权提供 AMD Zen 1 CPU的本地化版本，其产品仅供国内市场使用。海光去年五月宣布与中科曙光合并，但年底宣布合并计划终止。 C86-4G 为 16 核/32 线程处理器，其性能接近英特尔的 Raptor Lake CPU，支持 DDR5 和 PCIe Gen 5。海光声称 C86-4G 利用了自主研发的新微架构，但仅从 GCC 补丁看它仍然与 AMD Zen 有许多相似之处。C86-4G 包括了 C86-4G-M4 / C86-4G-M6 / C86-4G-M7 系列，其中 C86-4G-M7 支持 AVX-512 指令集。

根据国家信息安全漏洞库（CNNVD）统计，自2026年4月14日-2026年4月28日，共采集OpenClaw漏洞111个。

根据国家信息安全漏洞库（CNNVD）统计，近期（2026年4月16日至2026年4月28日）共采集重要人工智能漏洞213个

Путь от детского развлечения до уголовного дела оказался весьма коротким.

检测业务是否受到此漏洞影响，请联系长亭应急服务团队！

"永不信任，始终验证"是一个合理原则。但当组织从云工作负载转向运营系统时，理论很快与现实发生碰撞。在运营技术（OT）环境中，零信任仍然是一个关键目标，但在每个系统上统一应用IT风格的模型会带来高成本和高复杂性，却无法带来相称的风险降低。

Automated red teaming of large language models has settled into a familiar pattern over the past two years. An attacker model generates jailbreak attempts against a target model, an evaluator scores the results, and the cycle repeats. Two approaches dominate. One asks the attacker to invent strategies through trial and error, which tends to produce a narrow band of successful attacks. The other, exemplified by the WildTeaming framework, draws from large open-source pools of harmful … More →

The post Automated LLM red teaming gets a learning layer appeared first on Help Net Security.

一大波受影响系统列表请查收

Currently trending CVE - Hype Score: 23 - Spring Framework MVC applications can be vulnerable to a “Path Traversal Vulnerability” when deployed on a non-compliant Servlet container. An application can be vulnerable when all the following are true: * the application is deployed as a WAR or with an embedded Servlet ...

Currently trending CVE - Hype Score: 8 - Improper escaping of output in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to map URLs to filesystem locations that are permitted to be served by the server but are not intentionally/directly reachable by any URL, resulting in code execution or source ...

The normalization of AI and automation within internet infrastructure is changing how organizations interpret traffic. Activity that once appeared anomalous is now treated as expected behavior. AI agents have emerged as a third category of automated traffic alongside good and bad bots, according to the Thales 2026 Bad Bot Report: Bad Bots in the Agentic Age. The distinction between legitimate and malicious automation is difficult to define because both operate through similar channels, workflows, and … More →

The post Bad bots make up 40% of internet traffic appeared first on Help Net Security.

Copy Fail的根源位于Linux内核加密子系统（crypto）的authencesn AEAD模板中（用于IPsec的Extended Sequence Number支持）。 2017年，algif_aead模块引入了一个“in-place优化”，让AF_ALG socket在处理AEAD解密时，将page cache页面直接放入可写的scatterlist（分散/聚集列表）。攻击者通过splice()零拷贝机制，把任意可读文件（如/usr/bin/su）的page cache页面传入AF_ALG socket的输入/输出scatterlist。随后，crypto_authenc_esn_decrypt()函数会把调用者的目标缓冲区当作临时暂存空间（scratch space），在输出边界之外写入4字节的seqno_lo，并且永远不会恢复原始数据。这就是经典的“Copy Fail”——复制操作“失败”了，超出了缓冲区边界。整个过程不需要race、无需重试、单次直线执行即可成功。PoC利用AF_ALG + splice() + authencesn的组合，实现对任意可读文件page cache的精确4字节覆盖。

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Anonymous' was reported to the affected vendor on: 2026-04-30, 49 days ago. The vendor is given until 2026-08-28 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by '06fe5fd2bc53027c4a3b7e395af0b850e7b8a044' was reported to the affected vendor on: 2026-04-30, 49 days ago. The vendor is given until 2026-08-28 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.