Aggregator

A vulnerability, which was classified as critical, has been found in Fortinet FortiTester up to 3.9.1/4.2.0/7.1.0. The affected element is an unknown function of the component Command Line Interpreter. The manipulation leads to os command injection. This vulnerability is documented as CVE-2022-33870. The attack needs to be performed locally. There is not any exploit available.

Google подтвердила существование рабочего эксплойта и призвала немедленно установить обновление.

面对美国、欧洲等海外市场对第三方供应商治理、数据主权、隐私保护和跨境数据流动的复杂要求，隐私合规是中国企业出海最昂贵的“签证”。面对复杂的海外法规，，利用 AI 自动化识别和分类敏感数据，守住法律和信任的底线，品牌出海的船才能开得稳。

针对近日披露的Ivanti Sentry最高危漏洞（CVE-2026-10520），安全监测组织Shadows

看雪论坛作者ID：孤木落

活动时间：6月10日-6月21日

AI Agent正在从对话走向行动，但每一步调用背后，都有新的攻击面在生长。

Fortinet patched a critical FortiSandbox vulnerability that could let unauthenticated attackers remotely execute commands via crafted HTTP requests. Fortinet released security updates to address several vulnerabilities affecting FortiSandbox, FortiOS, FortiProxy, and FortiPortal. The most severe issue, tracked as CVE-2026-25089 (CVSS score of 9.8), is an OS command injection flaw in FortiSandbox products. The vulnerability could […]

The Vietnam-aligned threat actor known as OceanLotus has been attributed to two distinct campaigns that targeted domestic entities and stock investors with a backdoor known as SPECTRALVIPER. The campaigns involve a prolonged cyber espionage operation aimed at a Vietnamese infrastructure and transport construction corporation between mid-2024 and February 2026, as well as a supply chain attack

Пока все гонятся за 8K, этот парень сделал плеер, который намеренно ухудшает картинку.

连续多次获评上海市 “专精特新” 中小企业！

Online fraud is becoming harder to distinguish from legitimate activity as AI-generated messages, voices, photos, reviews, and identities become more convincing. Nearly nine in ten adults say they can no longer tell what is real from AI-generated content, according to the latest Malwarebytes survey. The share increased from 66% in 2025 to 85% in 2026. The survey covered 1,500 adults aged 18 and older in the United States, the UK, Austria, Germany, and Switzerland. Trust … More →

The post 9 out of 10 people can no longer distinguish real from AI-generated content appeared first on Help Net Security.

作者：Anlan Zheng, Tiantian Zhu 原文链接：https://arxiv.org/html/2606.05567v1 摘要 LLM驱动的自动化渗透测试智能体通常是在既不会检测也不会响应攻击的静态目标上进行评估的，因此它们在智能防御下的行为仍然未经测试。多步攻击链的因果一致性同样依赖于不稳定的LLM推理，而智能体的决策对人类分析人员来说仍然是不透明的。这三个缺陷——真实性、一致...

Tenet Security researchers reveal how new “agentjacking” attacks could trick coding agents into executing arbitrary code

将在下个月推出新版本

速修复

OpenAI 周三发布报告称，公司发现一些源自中国的账户利用 AI 生成英文社交媒体帖子，称数据中心推高了美国居民的电费。OpenAI 称，这些账户可能与一家未具名的中国私营科技公司有关。OpenAI 表示，这些帖子传播范围有限，但应引起外界对外国势力试图削弱美国战略性产业的关注。该公司补充称，美国对 AI 和数据中心存在“合理的讨论”，但这些账户通过伪装成普通美国民众，通过发布有争议的 AI 生成内容来试图操纵讨论。

Рунет докупает мощности: 154 сервера, чтобы видеть весь трафик россиян.

韩国电商巨头酷澎（coupang）因其数千万用户信息泄露被罚 6247 亿韩元（约合人民币 27.7 亿元）。韩国个人信息保护委员会认定，酷澎在认证签名密钥管理及访问控制等方面存在疏漏，基本安全管理体系不完善，导致约 3750 万名用户个人信息泄露，并就此处以 4235.75 亿韩元罚款。这是针对单一个人信息泄露事故开出的最高罚款。委员会还认定，酷澎在缺乏法律依据的情况下，擅自收集约 1117 万名访问其他公司网站和应用程序用户的在线活动记录，并在可识别个人身份的状态下将相关信息储存到数据库中，因此另行处以 2011.066 亿韩元罚款。