RALord
You must login to view this content
Aggregator
Думали, блокчейн защитит ваш сайт? Взлом eth.limo доказал: человеческий фактор сильнее
1 month 3 weeks ago
Хроника взлома eth.limo, который обнажил уязвимость якобы защищенного веба.
AI-Powered Exploitation May Collapse the Patch Window for Defenders
1 month 3 weeks ago
Artificial intelligence is reshaping cybercrime in ways that defenders can no longer treat as distant or theoretical. New frontier AI models are showing a growing ability to find software flaws, understand attack paths, and help move an intrusion from one stage to the next with far less human effort than before. This change matters because […]
The post AI-Powered Exploitation May Collapse the Patch Window for Defenders appeared first on Cyber Security News.
Tushar Subhra Dutta
CVE-2026-40496 | freescout-help-desk freescout up to 1.8.212 Attachments random values (GHSA-2783-wxmm-wmwr / EUVD-2026-24049)
1 month 3 weeks ago
A vulnerability identified as problematic has been detected in freescout-help-desk freescout up to 1.8.212. Affected by this issue is some unknown functionality of the component Attachments Handler. This manipulation causes insufficiently random values.
This vulnerability is handled as CVE-2026-40496. The attack can be initiated remotely. There is not any exploit available.
You should upgrade the affected component.
vuldb.com
清华姚班到全球 3D AI 第一:胡渊鸣的 Meshy ARR 已超 4000 万美元
1 month 3 weeks ago
当文字、图像、视频已经先后被生成式 AI 重写,3D 很可能就是下一站。
因第三方AI工具受陷,Vercel 内部系统遭未授权访问
1 month 3 weeks ago
这条攻击链的完整过程值得了解,因为它揭示了现代“供应链”入侵越来越多地通过身份提供商(而非代码)进行传播的典型路径。
Anthropic MCP 设计漏洞可导致 RCE,威胁 AI 供应链安全
1 month 3 weeks ago
Flowise 及多个 AI 框架存在一个严重漏洞,导致数百万用户面临远程代码执行(RCE)风险
3555 дыр за год. В банковских приложениях из App Store и Google Play нашли рекордное число уязвимостей
1 month 3 weeks ago
Исследователи нашли 1541 случай, когда конфиденциальные данные хранились прямо в коде приложения.
The US NSA is using Anthropic’s Claude Mythos despite supply chain risk
1 month 3 weeks ago
Axios reports the National Security Agency uses Anthropic Mythos model despite Department of Defense concerns, blurring AI risk vs defense lines. The reported use of Anthropic’s Mythos model by the U.S. National Security Agency is a reminder that the line between AI as a defensive tool and AI as a security risk is getting harder […]
Pierluigi Paganini
12 Browser Extensions Mimic as TikTok Video Downloaders Compromised 130k Users
1 month 3 weeks ago
A massive malware campaign known as “StealTok” involves at least 12 interrelated browser extensions. These extensions masquerade as TikTok video downloaders but secretly track user activity and harvest sensitive data. The campaign uncovered by LayerX security has affected over 130,000 users worldwide, with approximately 12,500 installations still active across the Google Chrome and Microsoft Edge […]
The post 12 Browser Extensions Mimic as TikTok Video Downloaders Compromised 130k Users appeared first on Cyber Security News.
Abinaya
英国计划学校期间禁止使用手机
1 month 3 weeks ago
英国计划禁止学生在校期间使用手机。政府计划修订《儿童福祉与学校法案(children’s wellbeing and schools bill)》,将学校手机禁令的指导意见变成具有法律效力的正式禁令。英国大部分学校已经制定政策禁止使用手机,数据显示 99.8% 的小学和 90% 的中学限制或禁止学生在校期间使用手机。《儿童福祉与学校法案》被视为英国数十年来最重要的儿童保护立法,其中包括对未入学儿童进行强制性登记、打击儿童社会福利领域的牟利行为,以及创建一个唯一标识符帮助相关机构追踪儿童福利状况等。
Google Patches Antigravity IDE Flaw Enabling Prompt Injection Code Execution
1 month 3 weeks ago
Cybersecurity researchers have discovered a vulnerability in Google's agentic integrated development environment (IDE), Antigravity, that could be exploited to achieve code execution.
The flaw, since patched, combines Antigravity's permitted file-creation capabilities with an insufficient input sanitization in Antigravity's native file-searching tool, find_by_name, to bypass the program's Strict
The Hacker News
科技云报到:当AI闯入特教行业,一场颠覆变革正在发生!
1 month 3 weeks ago
科技云报到
Hackers Could Weaponize GGUF Models to Achieve RCE on SGLang Inference Servers
1 month 3 weeks ago
A critical vulnerability in the SGLang inference server that allows threat actors to execute arbitrary code. Tracked as CVE-2026-5760, this flaw allows hackers to weaponize standard GGUF machine learning models to compromise the underlying servers that host them. As enterprise artificial intelligence deployments grow, this discovery highlights the severe infrastructure risks posed by loading untrusted […]
The post Hackers Could Weaponize GGUF Models to Achieve RCE on SGLang Inference Servers appeared first on Cyber Security News.
Abinaya
CISA Warns Axios npm Package Was Compromised in Major Supply Chain Attack
1 month 3 weeks ago
The Cybersecurity and Infrastructure Security Agency (CISA) has released a critical alert regarding a severe software supply chain compromise. The attack targets Axios, a massively popular HTTP client for JavaScript that developers worldwide rely on for Node.js and browser environments. Supply chain attacks have become a top priority for security teams, as compromising a single […]
The post CISA Warns Axios npm Package Was Compromised in Major Supply Chain Attack appeared first on Cyber Security News.
Abinaya
Former ransomware negotiator pleads guilty to BlackCat attacks
1 month 3 weeks ago
41-year-old Angelo Martino, a former employee of cybersecurity incident response company DigitalMint, has pleaded guilty to targeting U.S. companies in BlackCat (ALPHV) ransomware attacks in 2023. [...]
Sergiu Gatlan
强化安全防护,筑牢安全底座,工程中心大模型安全检测服务再升级!
1 month 3 weeks ago
我手搓了一套Agent,让旧设备变新战力
1 month 3 weeks ago
ИИ врёт так же, как раньше. Но теперь он делает это мило — и вы ему доверяете
1 month 3 weeks ago
Проанализировали 2000 диалогов с чат-ботами и выяснили: вежливость повышает доверие, даже когда они несут бред.
Mythos can find the vulnerability. It can’t tell you what to do about it.
1 month 3 weeks ago
Anthropic’s new model can find vulnerabilities faster and cheaper than ever. The hardest part is still everything that comes after.
The post Mythos can find the vulnerability. It can’t tell you what to do about it. appeared first on CyberScoop.
Greg Otto