Aggregator

Submit #792283 / VDB-360419

Enterprise developers routinely send prompts to external large language models that contain customer emails, support transcripts, and other identifying information, often without a sanitization layer between the application and the API. Dataiku has released Kiji Privacy Proxy, an open-source local gateway that detects and masks personally identifiable information before requests leave the network. The tool sits between local applications and external AI APIs such as OpenAI and Anthropic. Inbound requests pass through a machine learning … More →

The post Open-source privacy proxy masks PII before prompts reach external AI services appeared first on Help Net Security.

Combined Platform Spans Dependencies, Extensions, Developer Tools
Socket’s acquisition of Secure Annex extends software supply-chain security beyond open-source dependencies into browser and IDE extensions, addressing AI-driven development risks and fragmented visibility across modern developer workflows.

Bipartisan Deal Funds DHS Components After Record 75-Day Shutdown
The House passed a bipartisan bill funding the Department of Homeland Security, ending a 75-day shutdown that forced the Cybersecurity and Infrastructure Security Agency into a reactive posture and disrupted preventive cyber operations, even as workforce losses and proposed cuts threaten long-term resilience.

Tightening Budgets and AI-Enabled Attacks Stretch State Cyber Defenses
State CISO confidence has collapsed, with just 22% saying their data is protected from cyberthreats. The 2026 NASCIO-Deloitte study points to AI-enabled attacks, third-party vendor risk and the worst budget picture in years as states rethink how they defend public data.

Also, HexDex Arrest, Black Axe Crackdown, LeRobot RCE Flaw
This week, election threats resurfaced. A prolific hacker arrested. Black Axe network disrupted. China-linked disinformation targets Tibet. Exploited ScreenConnect and Windows flaws raise alarms. Minecraft gamers hit with stealer malware. A critical AI framework bug enables remote code execution.

近期披露的Linux内核高危本地提权漏洞（Copy Fail，CVE-2026-31431）由 Xint Co

Случайность в корейской лаборатории обернулась открытием нового состояния воды.

环境异常 当前环境异常，完成验证后即可继续访问。 去验证

cPanel CVE-2026-41940认证绕过零日|CVE-2026-7469 Tenda路由器命令注入|n8n原型污染RCE|Defender零日持续活跃

Between one-fifth and one-third of workers use AI outside the influence and governance of the IT function, according to a global survey of 6,000 full-time employees at enterprise organizations. Researchers found a widening gap between employee AI adoption and the controls organizations have in place to manage it. The Lenovo Work Reborn Research Series 2026 report documents a workforce split into two groups: employees equipped with IT-managed tools, training, and oversight, and those operating independently … More →

The post Shadow AI risks deepen as 31% of users get no employer training appeared first on Help Net Security.

Wireshark, the world’s most widely used open-source network protocol analyzer, has released a major security update addressing over 40 vulnerabilities, several of which enable arbitrary code execution through malformed packet injection or malicious capture files. Organizations and individuals relying on Wireshark for network monitoring, forensics, and traffic analysis should update immediately to Wireshark 4.6.5. Critical […]

The post Critical Wireshark Vulnerabilities Let Attackers Execute Arbitrary Code Via Malformed Packets appeared first on Cyber Security News.

Так кто кого победил на самом деле?

An open-source Life Operating System for your Digital AssistantApril 30, 2026Hey all, Kai here. Supe

Teleport CEO Ev Kontsevoy makes the case that distributed infrastructure, across cloud, Kubernetes, databases, and servers, can’t be secured by layering more tools on top of fragmented identity systems. He argues for fewer credentials, fewer entry points, and a single identity layer that gives security and engineering teams unified visibility and control.

The post Identity is the control plane for distributed infrastructure appeared first on Help Net Security.

New StorybyRitvik PandyabyRitvik Pandya@ritvikpandyaEngineering leader at JPMorgan Chase building s

New StorybyPriyanka NeelakrishnanbyPriyanka Neelakrishnan@hackerclup7sajo00003b6s2naft6zwAuthor: Pr

Бесконечность сломала самую “точную” науку и заставила придумывать законы на ходу.

AI workflows need storage that supports repeated movement across the model lifecycle. Large datasets are ingested, transformed, exported for training, pulled back for evaluation, and refreshed as models evolve. Backblaze’s Q1 2026 Network Stats report says this creates a shift from diffuse internet-style traffic to large, high-bandwidth flows between fewer endpoints. Monthly view of all bits transferred to each network type (2025-05 to current) (Source: Backblaze) “From a network perspective, this represents a meaningful shift … More →

The post AI traffic is getting bigger, louder, and less predictable appeared first on Help Net Security.

微软深度解析：2026年Q1邮件威胁格局——