Aggregator

Submit #777352 / VDB-353559

Submit #776245 / VDB-353558

Как Datadog спасает облачный бизнес от самодельных нейросетей.

中国信通院指出普及型AI智能体存在权限失控隐患，建议技术落地前强化安全评估与公众提示。

《2026 AI+网络安全产业生态图谱》调研报名时间即将截止！

影子AI（Shadow AI），这个2024年还略显生僻的术语，在2025年已成为数据安全领域最棘手的灰犀牛。

Prompt engineering has become a standard part of how large language models are deployed in production, and it introduces an attack surface most organizations have not yet addressed. Researchers have developed and tested a prompt-based backdoor attack method, called ProAttack, that achieves attack success rates approaching 100% on multiple text classification benchmarks without altering sample labels or injecting external trigger words. A defense paradigm for mitigating backdoor attacks through LoRA-based fine-tuning of language models (Source: … More →

The post A nearly undetectable LLM attack needs only a handful of poisoned samples appeared first on Help Net Security.

Технологии развиваются быстрее, чем законы, которые должны их сдерживать.

In this Help Net Security interview, Christa Dodoo, Global Chair at IFMA, discusses how facility managers are managing supply chain risk in critical building systems. She explains how sourcing, localized redundancy, and flexible infrastructure design are being integrated into resilience planning. Dodoo also shares practical approaches such as regional vendor networks, alternative contracts, and strategic inventory to maintain continuity during disruptions. Supply chains for critical building systems, HVAC components, fire suppression materials, access control hardware, … More →

The post Your facilities run on fragile supply chains and nobody wants to admit it appeared first on Help Net Security.

加拿大移民局在使用生成式 AI 帮助处理移民申请，而它的 AI 不可避免的产生了幻觉，以虚构的工作描述拒绝了一位科学家的移民申请。这位申请人在加拿大从事医疗健康方面的科研工作，拥有衰老免疫学博士学位，但 AI 将她的工作描述为“连接和组装控制电路、装配控制和机器人面板、编程和故障排除”。移民局以其工作职责与她所声称的加拿大工作经验不符拒绝了申请。申请人的律师对此倍感震惊。加拿大移民局坚称生成式 AI 并未参与决策，最终决定是由人类官员在审查后做出的。

AI agents are operating across production enterprise environments at scale, and the identity infrastructure managing their access has not kept up with their deployment. A January 2026 survey of 228 IT and security professionals, conducted by the Cloud Security Alliance, finds that the majority of organizations have AI agents active in core systems, with fragmented ownership of how those agents authenticate and what they can access. Agents are embedded in production systems Task-automation agents are … More →

The post Who owns AI agent access? At most companies, nobody knows appeared first on Help Net Security.

Американская студентка решила главную проблему владельцев смартфонов.

A sophisticated evolution of Kerberoasting dubbed the “Ghost SPN” attack that allows adversaries to extract Active Directory credentials while erasing all traces of their activity, rendering traditional detection models effectively blind to the intrusion. The attack revealed by Trellix security researchers utilizes delegated administrative permissions, creating temporary exposure windows. Kerberoasting is a well-documented post-exploitation technique […]

The post Ghost SPN Attack Lets Hackers Conduct Stealthy Kerberoasting Under the Radar appeared first on Cyber Security News.

Many enterprise Linux deployments rely on hardware-level memory isolation to protect sensitive workloads from co-tenants and compromised hypervisors. Oracle’s Unbreakable Enterprise Kernel 8.2 (UEK 8.2) extends that capability on Oracle Linux with support for Intel Trust Domain Extensions, along with a set of file system and memory management changes intended to reduce downtime and improve diagnostic visibility. UEK 8.2 is based on the mainline long-term stable Linux 6.12 kernel and carries the release number 6.12.0-200. … More →

The post Unbreakable Enterprise Kernel 8.2 ships with confidential computing support, XFS live repair appeared first on Help Net Security.

Name: Espilon CTF 2026 (an Espilon CTF event.)
Date: March 11, 2026, noon — 26 March 2026, 00:00 UTC  [add to calendar]
Format: Jeopardy
On-line
Offical URL: https://ctf.espilon.net/
Rating weight: 0
Event organizers: Espilon

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Mat Powell of TrendAI Zero Day Initiative' was reported to the affected vendor on: 2026-03-26, 5 days ago. The vendor is given until 2026-07-24 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Bongeun Koo (@kiddo_pwn)' was reported to the affected vendor on: 2026-03-26, 5 days ago. The vendor is given until 2026-07-24 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Mat Powell of TrendAI Zero Day Initiative' was reported to the affected vendor on: 2026-03-26, 5 days ago. The vendor is given until 2026-07-24 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Mat Powell of TrendAI Zero Day Initiative' was reported to the affected vendor on: 2026-03-26, 5 days ago. The vendor is given until 2026-07-24 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Mat Powell of TrendAI Zero Day Initiative' was reported to the affected vendor on: 2026-03-26, 5 days ago. The vendor is given until 2026-07-24 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.