Researchers found a shell injection flaw in 10 of 11 popular open-source AI agents, allowing attackers to bypass command filters. Adversa AI just published a survey, titled “GuardFall: a universal shell injection vulnerability in open-source AI agents,” of eleven open-source AI coding and computer-use agents, and the headline finding is uncomfortable: ten of them leave […]
大语言模型不断编造出不存在的网址。攻击者已开始抢在其他人之前注册这些虚构域名,然后在上面托管钓鱼页面,以截获 AI 工具引导过来的流量。Palo Alto Networks 的 Unit 42 将这种技巧称为"幻影抢注",其新研究表明这已在野外发生。其重要性在于信任。开发者和 AI 助手越来越倾向于将模型返回的链接视为真实的。当模型编造出一个尚不存在的域名时,第一个注册它的人就继承了所有这种错位的...
A vulnerability classified as critical was found in Mozilla Firefox up to 147. This affects an unknown function of the component Audio/Video. Such manipulation leads to integer overflow.
This vulnerability is traded as CVE-2026-2774. The attack may be launched remotely. There is no exploit available.
Upgrading the affected component is advised.