Aggregator

Five OpenClaw 0-Days let Attackers to Hijack Trusted AI Agent Access

Cyber Security News
1 week 6 days ago

Five zero-day flaws in OpenClaw allowed attackers to bypass trust boundaries and hijack AI agent access across multiple messaging platforms. OpenClaw, which integrates AI agents with services such as Slack, Discord, Microsoft Teams, Matrix, and Telegram, relies heavily on user-defined allowlists to determine who can interact with an agent. This trust model assumes that only […]

The post Five OpenClaw 0-Days let Attackers to Hijack Trusted AI Agent Access appeared first on Cyber Security News.

Abinaya

WordPress Plugin Vulnerability Exposes 500,000+ Websites to Privilege Escalation Attacks

Cyber Security News
1 week 6 days ago

A critical security flaw in the widely used Kirki WordPress plugin has exposed over 500,000 websites to potential account takeover attacks, with researchers warning that approximately 150,000 sites are actively vulnerable due to affected versions. Tracked as CVE-2026-8206 with a CVSS score of 9.8, the vulnerability impacts Kirki plugin versions 6.0.0 through 6.0.6. The issue […]

The post WordPress Plugin Vulnerability Exposes 500,000+ Websites to Privilege Escalation Attacks appeared first on Cyber Security News.

Abinaya

数学家警告 AI 对数学专业的威胁

Solidot
1 week 6 days ago
数学家联合发表了获得国际数学联盟支持的宣言《Leiden Declaration》,警告 AI 通过产生大量看似合理但不可靠甚至错误的证明、削弱归因、改变激励机制以及赋予科技公司对研究优先事项过大的影响力去破坏数学。已有数百人签署了这一宣言,它警告 AI 的发展威胁到了数学研究的固有价值。宣言首先指出,区分 AI 产生的证明和正确的数学证明非常困难,给审稿人带来了越来越大的压力,生成 AI 论文成本低廉但验证论文代价昂贵,如果后续研究是基于错误的前提,那么错误会扩大。其次 AI 的训练是基于已有的数学论文,但它输出论文时经常不能正确引用,AI 模型的训练也普遍存在版权侵犯问题。第三 AI 的激励机制与数学专业的价值观背道而驰。宣言敦促数学家将 AI 视为一种工具,而非人类责任的替代品。数学家个人应公开 AI 的使用情况,对其工作的正确性承担责任。宣言还警告,数学可能被用于战争、压迫、大规模监控和破坏民主,因此数学家应谨慎权衡与科技行业合作的伦理问题。

Russia’s FSB Says Foreign Spies Infected Officials’ Phones With Malware

Security Affairs
1 week 6 days ago
Russia’s FSB claims foreign intelligence planted malware on senior officials’ phones to intercept calls and activate cameras. No technical evidence, no country named. On June 2, 2026, Russia’s Federal Security Service (FSB) published a statement claiming it had uncovered and documented a large-scale foreign intelligence operation targeting the mobile devices of senior Russian officials. The […]
Pierluigi Paganini

Hackers Using AI Tools to Automate Active Directory Attacks and EDR Evasion

Cyber Security News
1 week 6 days ago

A threat actor used AI-assisted tools to automate Active Directory discovery and test endpoint detection and response (EDR) evasion techniques, highlighting the rise of AI-supported post-exploitation frameworks. The activity was identified after a suspicious endpoint triggered alerts tied to payloads stored in a user directory. Investigation revealed a collection of malicious components forming a structured […]

The post Hackers Using AI Tools to Automate Active Directory Attacks and EDR Evasion appeared first on Cyber Security News.

Abinaya

Impersonation, Click Hijacking, and TDS: Inside a Malware Distribution Ecosystem

Check Point Research
1 week 6 days ago

Research by: Alexey Bukhteyev Key Takeaways Introduction When we search Google for a popular piece of software, we usually click the first result, sometimes without even looking at the rest, because official project sites tend to rank highest and appear near the top of the results. After landing on a site with a professional design and […]

The post Impersonation, Click Hijacking, and TDS: Inside a Malware Distribution Ecosystem appeared first on Check Point Research.

stcpresearch

Managed ad