Aggregator

Один неосторожный клик открывает двери туда, куда пользователь точно не собирался.

Autonomous AI is taking action inside enterprise IT environments. Software is restarting services, isolating risky devices, and applying patches without waiting for a human to approve the step. The capability is spreading at the same time IT professionals are reporting frequent encounters with AI output errors that can carry operational impact. Ivanti’s 2026 AI Maturity Report, drawn from responses by 1,500 IT professionals across six countries, finds that 68% have personally seen AI produce hallucinations … More →

The post Most pros have seen AI hallucinations in IT operations appeared first on Help Net Security.

根据美国联邦调查局、英国安全局以及澳大利亚、加拿大和新西兰政府的联合通告，为中国情报机构工作的间谍正利用包括领英在内的求职和招聘网站，引诱西方工作者分享敏感信息。该通告称，中国间谍伪装成在线招聘人员和

在和 AI 代码模型打交道的时代，原生终端那点效率早就不够榨取了。很多时候我们频繁地在本地部署 AI Agen […]

Чтобы Вселенная работала так, как она работает, в квантовом коде должна быть ошибка.

Dashlane has disclosed that threat actors successfully brute-forced two-factor authentication (2FA) protections to register unauthorized devices and download encrypted password vaults belonging to fewer than 20 personal plan users, with a completed investigation confirming no broader impact on its internal systems. Beginning Sunday, May 31, 2026, an external threat actor launched a high-volume brute-force campaign […]

The post Dashlane Details How Hackers Managed to Download Encrypted Password Vaults appeared first on Cyber Security News.

Meta借鉴特斯拉在帐篷里建造数据中心正当你以为人工智能数据中心的热潮不能再疯狂时，Meta公司竟然已在帐篷里建造了数据中心。该策略似乎同等程度上借鉴了特斯拉和xAI。据追踪数据中心部署的Cleanv

Here’s a look at the most interesting products from the past week, featuring releases from Asimily, depthfirst, Diligent, Hyland, MazeBolt, and Noma. Asimily turns device risk into automated network policy Asimily has launched Segmentation Orchestration, enabling connected-device risk intelligence to flow directly into enforceable network policy without manual translation. No other platform combines full asset visibility, vulnerability prioritization, and segmentation orchestration in a single system. Hyland platform innovations focus on AI governance, context, and agent … More →

The post New infosec products of the week: June 5, 2026 appeared first on Help Net Security.

环境异常 当前环境异常，完成验证后即可继续访问。 去验证

环境异常 当前环境异常，完成验证后即可继续访问。 去验证

Note: if images or formatting is broken, blame Blogger.   (from discord)What's going on?Last week w

June 5, 2026Over on the

A vulnerability labeled as critical has been found in Apache MINA up to 2.1.11/2.2.6. Impacted is the function AbstractIoBuffer.resolveClass. The manipulation results in deserialization. This vulnerability is reported as CVE-2026-42779. The attack can be launched remotely. No exploit exists. The affected component should be upgraded.

A vulnerability was found in SharpCompress up to 0.20.x and classified as critical. Impacted is an unknown function of the component Extraction. Executing a manipulation with the input ../ as part of ZIP Archive can lead to path traversal (Zip-Slip). This vulnerability is tracked as CVE-2018-1002206. The attack is restricted to local execution. No exploit exists. It is suggested to upgrade the affected component.

A vulnerability identified as critical has been detected in Copeland XWEB 300D PRO, XWEB 500D PRO and XWEB 500B PRO up to 1.12.1. The impacted element is an unknown function of the component Firmware Update Handler. This manipulation of the argument Devices causes os command injection. This vulnerability is handled as CVE-2026-20910. The attack can be initiated remotely. There is not any exploit available.

A vulnerability classified as critical was found in Copeland XWEB 300D PRO, XWEB 500D PRO and XWEB 500B PRO up to 1.12.1. Affected by this issue is some unknown functionality. The manipulation of the argument Devices results in os command injection. This vulnerability is identified as CVE-2026-25109. The attack can be executed remotely. There is not any exploit available.

A vulnerability categorized as critical has been discovered in Python CPython up to 3.14.x. This vulnerability affects the function ElementDeclHandler of the component Expat Parser. Executing a manipulation can lead to stack-based buffer overflow. This vulnerability is registered as CVE-2026-4224. It is possible to launch the attack remotely. No exploit is available. It is advisable to upgrade the affected component.

A vulnerability was found in Intrado 911 Emergency Gateway 5.x/6.x/7.x and classified as critical. This affects an unknown function of the component EGW Management Interface. The manipulation results in path traversal: '.../...//'. This vulnerability is reported as CVE-2026-6074. The attack can be launched remotely. No exploit exists.

A vulnerability described as critical has been identified in Linux Kernel up to 6.12.74/6.18.15/6.19.5. Impacted is the function devm_kmemdup of the component wifi. Executing a manipulation can lead to memory leak. This vulnerability is handled as CVE-2025-71273. The attack can only be done within the local network. There is not any exploit available. Upgrading the affected component is recommended.

A vulnerability identified as critical has been detected in Siemens Simcenter Femap up to 2512.2. This issue affects some unknown processing of the component IPT File Handler. Performing a manipulation results in heap-based buffer overflow. This vulnerability is known as CVE-2025-12659. Remote exploitation of the attack is possible. No exploit is available. You should upgrade the affected component.