Aggregator

CVE-2026-44546 | djangoproject daphne up to 4.2.1 Websocket Handshake splitlines request smuggling

VulDB Recent Entries
1 week 5 days ago
A vulnerability has been found in djangoproject daphne up to 4.2.1 and classified as problematic. The impacted element is the function splitlines of the component Websocket Handshake Handler. Performing a manipulation results in http request smuggling. This vulnerability was named CVE-2026-44546. The attack may be initiated remotely. There is no available exploit. The affected component should be upgraded.
vuldb.com

CVE-2026-37460 | FRRouting FRR 10.0/10.6 BGP rfapi_rib.c rfapiRibBi2Ri denial of service (EUVD-2026-34083)

VulDB Recent Entries
1 week 5 days ago
A vulnerability, which was classified as problematic, was found in FRRouting FRR 10.0/10.6. The affected element is the function rfapiRibBi2Ri of the file rfapi_rib.c of the component BGP Handler. Such manipulation leads to denial of service. This vulnerability is uniquely identified as CVE-2026-37460. The attack can be launched remotely. No exploit exists. It is advisable to implement a patch to correct this issue.
vuldb.com

Meta 给予员工每次最多 30 分钟退出跟踪

Solidot
1 week 5 days ago
Meta 最近开始在美国员工电脑上安装追踪软件,捕捉员工鼠标移动、点击和按键数据以用于训练 AI 模型,此举是该公司构建能自动执行工作任务的 AI 智能体的大计划的一部分。被称为 Model Capability Initiative(MCI)的工具在公司内部引发了强烈反对,部分员工为此发起了一项请愿活动,已有逾 1500 人签名。有匿名员工认为公司的行为“非常反乌托邦”。根据周二发给员工的一份内部备忘录,Meta 略微后退了一步,允许员工退出跟踪,“每次最长 30 分钟”,员工也可以申请永久退出该跟踪计划。

Microsoft responds to security challenges facing code, AI agents, and models

Help Net Security
1 week 5 days ago

Microsoft has introduced a series of security tools and capabilities focused on AI-driven vulnerability discovery, AI agents, and AI models. The updates include a multi-agent vulnerability discovery system, new controls for managing and securing AI agents, data protection capabilities, and tools designed to identify potentially vulnerable or compromised AI models before deployment. MDASH targets exploitable vulnerabilities Microsoft expanded the preview of MDASH, a multi-model agentic vulnerability discovery system that now integrates with Microsoft Defender. The … More →

The post Microsoft responds to security challenges facing code, AI agents, and models appeared first on Help Net Security.

Sinisa Markovic

Five OpenClaw 0-Days let Attackers to Hijack Trusted AI Agent Access

Cyber Security News
1 week 5 days ago

Five zero-day flaws in OpenClaw allowed attackers to bypass trust boundaries and hijack AI agent access across multiple messaging platforms. OpenClaw, which integrates AI agents with services such as Slack, Discord, Microsoft Teams, Matrix, and Telegram, relies heavily on user-defined allowlists to determine who can interact with an agent. This trust model assumes that only […]

The post Five OpenClaw 0-Days let Attackers to Hijack Trusted AI Agent Access appeared first on Cyber Security News.

Abinaya

WordPress Plugin Vulnerability Exposes 500,000+ Websites to Privilege Escalation Attacks

Cyber Security News
1 week 5 days ago

A critical security flaw in the widely used Kirki WordPress plugin has exposed over 500,000 websites to potential account takeover attacks, with researchers warning that approximately 150,000 sites are actively vulnerable due to affected versions. Tracked as CVE-2026-8206 with a CVSS score of 9.8, the vulnerability impacts Kirki plugin versions 6.0.0 through 6.0.6. The issue […]

The post WordPress Plugin Vulnerability Exposes 500,000+ Websites to Privilege Escalation Attacks appeared first on Cyber Security News.

Abinaya

数学家警告 AI 对数学专业的威胁

Solidot
1 week 5 days ago
数学家联合发表了获得国际数学联盟支持的宣言《Leiden Declaration》,警告 AI 通过产生大量看似合理但不可靠甚至错误的证明、削弱归因、改变激励机制以及赋予科技公司对研究优先事项过大的影响力去破坏数学。已有数百人签署了这一宣言,它警告 AI 的发展威胁到了数学研究的固有价值。宣言首先指出,区分 AI 产生的证明和正确的数学证明非常困难,给审稿人带来了越来越大的压力,生成 AI 论文成本低廉但验证论文代价昂贵,如果后续研究是基于错误的前提,那么错误会扩大。其次 AI 的训练是基于已有的数学论文,但它输出论文时经常不能正确引用,AI 模型的训练也普遍存在版权侵犯问题。第三 AI 的激励机制与数学专业的价值观背道而驰。宣言敦促数学家将 AI 视为一种工具,而非人类责任的替代品。数学家个人应公开 AI 的使用情况,对其工作的正确性承担责任。宣言还警告,数学可能被用于战争、压迫、大规模监控和破坏民主,因此数学家应谨慎权衡与科技行业合作的伦理问题。

Russia’s FSB Says Foreign Spies Infected Officials’ Phones With Malware

Security Affairs
1 week 5 days ago
Russia’s FSB claims foreign intelligence planted malware on senior officials’ phones to intercept calls and activate cameras. No technical evidence, no country named. On June 2, 2026, Russia’s Federal Security Service (FSB) published a statement claiming it had uncovered and documented a large-scale foreign intelligence operation targeting the mobile devices of senior Russian officials. The […]
Pierluigi Paganini

Hackers Using AI Tools to Automate Active Directory Attacks and EDR Evasion

Cyber Security News
1 week 5 days ago

A threat actor used AI-assisted tools to automate Active Directory discovery and test endpoint detection and response (EDR) evasion techniques, highlighting the rise of AI-supported post-exploitation frameworks. The activity was identified after a suspicious endpoint triggered alerts tied to payloads stored in a user directory. Investigation revealed a collection of malicious components forming a structured […]

The post Hackers Using AI Tools to Automate Active Directory Attacks and EDR Evasion appeared first on Cyber Security News.

Abinaya

Managed ad