Aggregator

致力于第一时间为企业级用户提供权威漏洞情报和有效解决方案。

Critical Start has released SOC AI, a production-proven multi-agent framework powering its AI-led Managed Detection and Response (MDR). SOC AI coordinates ten specialized agents across the full alert investigation and response lifecycle, covering detection, triage, response, threat hunting, and continuous improvement. Each agent operates with a discrete function, a defined scope, and a complete audit trail on every action taken. After implementation of SOC AI, Investigation Agent enhanced thousands of investigations, compressing analyst time-to-investigate to … More →

The post Critical Start expands MDR capabilities with multi-agent AI system appeared first on Help Net Security.

То, что выглядело хаотичным набором символов, внезапно обрело голос.

MazeBolt has announced the launch of RADAR VectorAI, a new MazeBolt module that creates AI-generated DDoS attacks. As AI outpaces human response, enterprises need to have access to validated DDoS vulnerability data about both known and AI-generated attack vectors. Mythos has raised awareness of the cybersecurity risks created by AI. But while Mythos makes it faster and easier for attackers to identify exploitable gaps in software, it does not address DDoS vulnerabilities. VectorAI functions as … More →

The post MazeBolt brings AI-generated attack simulation to DDoS security testing appeared first on Help Net Security.

根据国家信息安全漏洞库（CNNVD）统计，本周（2026年05月25日至2026年05月31日）安全漏洞情况如下

A security researcher has released exploit code for a Visual Studio Code (VS Code) zero-day vulnerability that allows attackers to steal GitHub authentication tokens by tricking users into clicking a link. [...]

中级： 12h：1200-1600元左右/天高级：12h：1600-2000元左右/天注意：人员能力特别突出

Как работает уязвимость в Citrix, позволяющая читать содержимое чужой памяти без единого пароля.

Netskope has announced Netskope One AI Command Center, bringing together AI discovery, risk intelligence, and autonomous response capabilities in a single platform. As the latest expansion of the Netskope One AI Security suite, it helps security teams understand what AI is running in their environments, determine which risks require action, and accelerate response efforts. Among enterprises tracked by Netskope Threat Labs, the average enterprise organization saw the number of AI applications in use grow fivefold … More →

The post Netskope adds AI asset discovery and AISecOps agent to AI security portfolio appeared first on Help Net Security.

美国总统特朗普周二签署了一项行政令，要求 AI 公司让政府先行评估其新模型的能力。行政令还要求 AI 公司在自愿的基础上参与基准测试流程，以评估模型的“高级网络能力”，确定其是否应被视为“受保护的前沿模型”。行政令要求 AI 公司在正式发布新模型前提前最多 30 天给予政府访问权限。

Cybersecurity researchers have flagged a new campaign targeting Minecraft players via YouTube to spread malware capable of gaining control of victims' systems. The Minecraft-focused malware-as-a-service (MaaS) campaign has been codenamed Weedhack by McAfee Labs, stating the activity has been active since January 2026 and impersonates Minecraft clients and mods to infect users. In all, 3820

Чем теплее диалог, тем дороже может обойтись откровенность.

Vim 项目在 2025 年 12 月宣布了生成式 AI 政策：只要大模型生成代码予以披露以及代码风格与现有代码保持一致，那么 AI 代码就可以接受。但项目的多位资深参与者对接受 AI 代码持反对意见，不想看到 AI 代码泛滥，他们选择了创建没有 AI 代码的分支，其中一个分支就是 Drew DeVault 的 Vim Classic。出于长期维护的考虑，Vim Classic 不是基于较新的 Vim 9 系列，而是基于 Vim 8.2.0148。他刚刚释出了 Vim Classic 8.3，主要是从上游版本移植了部分 bug 修正和补丁。由于缺乏资源，部分 Vim 插件与 Vim Classic 不兼容。

Submit #829543 / VDB-367927

В сети оказались чертежи всей цифровой архитектуры шведского бренда.

根据内部电子邮件，欧洲议会内部计算机的默认搜索引擎将于 6 月 4 日起从 Google 切换到法国搜索引擎 Qwant，此举是出于对数字主权和隐私的考虑。Qwant 被描述为以隐私为中心的欧洲搜索引擎，不追踪用户或收集个人数据。Qwant 成立于 2013 年，突出了隐私保护，为用户提供了 Google 之外的一种选择。通过 Firefox 和 Edge 浏览器地址栏进行的搜索将自动路由到 Qwant，但欧洲议会议员仍然可以自由使用其它搜索引擎或更改其默认设置。欧盟委员会正在加强技术主权，减少对外国技术供应商的依赖，扶持欧洲本土技术。

Online fraud complaints, ransomware cases, and phishing tips reach Slovenia’s national cyber response center in steady volume, and a team of around a dozen analysts sorts through them. Gorazd Božič, who manages SI-CERT at the public agency ARNES, described that work in an interview conducted in person at the Span Cyber Security Arena conference. He put the original proposal for a Slovenian CERT to ARNES leadership in 1994, and the center now records about 6,000 … More →

The post A small Slovenian team handles 6,000 cyber incidents a year appeared first on Help Net Security.

A vulnerability, which was classified as problematic, was found in cilium ebpf up to 0.21.0. This affects the function loadRawSpec of the file btf/btf.go of the component LoadCollectionSpec/LoadCollectionSpecFromReader. Such manipulation leads to integer overflow. This vulnerability is referenced as CVE-2026-10722. The attack can only be performed from a local environment. Furthermore, an exploit is available. A patch should be applied to remediate this issue.

Submit #818291 / VDB-368091

CERT/CCから本件に関するアドバイザリが公表されました。