Aggregator
模型供应链风险初探:依赖、演化、质量与风险传播的首次全景扫描
3 weeks 6 days ago
百万级模型的复杂供应链背后的元数据缺失、依赖关系隐形,正加剧供应链风险的传播。
腾讯旗下 LightVela,提供免费一个月 Hermes,带 Kimi K2.5 模型
3 weeks 6 days ago
HomeAI AI
Free Apps Are Quietly Turning Smart TVs Into Web-Scraping Proxies for AI
3 weeks 6 days ago
A researcher has reverse-engineered the iOS SDK that Bright Data embeds in consumer apps and documented how it turns devices, including always-on smart TVs, into exit nodes that relay web-scraping traffic for a data business Bright Data markets heavily to the AI industry.
The company, the successor to Luminati, operates what it calls the largest residential proxy network in the world,
The Hacker News
Free Apps Are Quietly Turning Smart TVs Into Web-Scraping Proxies for AI
3 weeks 6 days ago
A researcher has reverse-engineered the iOS SDK that Bright Data embeds in consumer apps and docume
«Почему мое видео никто не смотрит?» — теперь можно спросить у робота. Meta запустила ИИ-советника для авторов Facebook, и он обещает честно ответить
3 weeks 6 days ago
Корпорация расширяет экосистему ИИ-инструментов для создателей контента на фоне растущей конкуренции с YouTube, TikTok и Instagram.
CISA Adds Actively Exploited SolarWinds Serv-U DoS Flaw to KEV Catalog
3 weeks 6 days ago
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a high-severity security flaw impacting SolarWinds Serv-U multi-protocol file server software to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.
The vulnerability, tracked as CVE-2026-28318 (CVSS score: 7.5), is a denial-of-service (DoS) bug that causes the service to crash
The Hacker News
CISA Adds Actively Exploited SolarWinds Serv-U DoS Flaw to KEV Catalog
3 weeks 6 days ago
Vulnerability / Patch ManagementThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) h
Claude Opus Found a Four-Year-Old Hole in Zcash’s Privacy Layer. Nobody Knows If Someone Already Used It.
3 weeks 6 days ago
Claude Opus 4.8 helped uncover a four-year-old critical flaw in Zcash that could have enabled undetectable creation of counterfeit coins. On May 29, the security researcher Taylor Hornby found a critical vulnerability in Zcash Orchard privacy pool using Claude Opus 4.8. The Zcash team hired Hornby specifically to look for this kind of issue. He […]
Pierluigi Paganini
Claude Opus Found a Four-Year-Old Hole in Zcash’s Privacy Layer. Nobody Knows If Someone Already Used It.
3 weeks 6 days ago
Claude Opus Found a Four-Year-Old Hole in Zcash’s Privacy Layer. Nobody Knows If Some
12人卖出1.8亿单 国内最大的Steam黑产窝点被捣毁
3 weeks 6 days ago
前不久,浙江桐乡警方通报了一起特大跨全国侵犯游戏著作权案。国内一个规模巨大的Steam游戏账号非法交易窝点已被成功捣毁。该网络犯罪团伙涉及人员数量不少于12人,长期在电商平台非法提供所谓“假入库”服务
AI Agent Uncovers 21 Zero-Days in FFmpeg; Chrome Patches Record 429 Bugs
3 weeks 6 days ago
Two things landed within days of each other this week. A security startup reported 21 previously unknown vulnerabilities in FFmpeg, the media library inside almost everything that touches video, all of them found by an autonomous AI agent.
The same week, Google shipped Chrome 149 with patches for 429 security bugs, the most ever in a single release.
Only the FFmpeg bugs were found by AI.
The Hacker News
AI Agent Uncovers 21 Zero-Days in FFmpeg; Chrome Patches Record 429 Bugs
3 weeks 6 days ago
Vulnerability / Endpoint SecurityTwo things landed within days of each other this week. A security
CISA Warns of SolarWinds Serv-U Vulnerability Exploited in Attacks
3 weeks 6 days ago
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical SolarWinds Serv-U vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, warning that threat actors are actively exploiting the flaw in the wild. Tracked as CVE-2026-28318, the vulnerability affects SolarWinds Serv-U file transfer software and enables unauthenticated attackers to crash the service through specially […]
The post CISA Warns of SolarWinds Serv-U Vulnerability Exploited in Attacks appeared first on Cyber Security News.
Guru Baran
$20 миллионов за три дня. Юрфирма Weil, Gotshal & Manges заплатила выкуп вымогателям Luna Moth
3 weeks 6 days ago
По данным СМИ, деньги заплатили. Weil подтвердила только сам инцидент.
CVE-2026-9719 | LatePoint Plugin up to 5.6.0 on WordPress Appointment change_status cross-site request forgery (EUVD-2026-34929)
3 weeks 6 days ago
A vulnerability categorized as problematic has been discovered in LatePoint Plugin up to 5.6.0 on WordPress. Affected by this issue is the function change_status of the component Appointment Handler. Such manipulation leads to cross-site request forgery.
This vulnerability is uniquely identified as CVE-2026-9719. The attack can be launched remotely. No exploit exists.
It is advisable to upgrade the affected component.
vuldb.com
CVE-2026-8900 | spyrosvl Simple SEO Slideshow Plugin up to 1.2.8 on WordPress Shortcode cross site scripting (fdff-4525-9272 / EUVD-2026-34925)
3 weeks 6 days ago
A vulnerability was found in spyrosvl Simple SEO Slideshow Plugin up to 1.2.8 on WordPress. It has been rated as problematic. Affected by this vulnerability is an unknown functionality of the component Shortcode Handler. This manipulation causes cross site scripting.
This vulnerability is handled as CVE-2026-8900. The attack can be initiated remotely. There is not any exploit available.
vuldb.com
CVE-2026-8893 | payaddons Express Payment for Stripe Plugin up to 1.28.0 on WordPress Shortcode register_shortcode Type cross site scripting
3 weeks 6 days ago
A vulnerability was found in payaddons Express Payment for Stripe Plugin up to 1.28.0 on WordPress. It has been declared as problematic. Affected is the function register_shortcode of the component Shortcode Handler. The manipulation of the argument Type results in cross site scripting.
This vulnerability is known as CVE-2026-8893. It is possible to launch the attack remotely. No exploit is available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2026-8438 | davidanderson All-In-One Security Plugin up to 5.4.7 on WordPress AIOS Dashboard get_rest_route REQUEST_URI cross site scripting
3 weeks 6 days ago
A vulnerability was found in davidanderson All-In-One Security Plugin up to 5.4.7 on WordPress. It has been classified as problematic. This impacts the function get_rest_route of the component AIOS Dashboard. The manipulation of the argument REQUEST_URI leads to cross site scripting.
This vulnerability is traded as CVE-2026-8438. It is possible to initiate the attack remotely. There is no exploit available.
Upgrading the affected component is recommended.
vuldb.com
CVE-2026-9280 | spacetime Ad Inserter Plugin up to 2.8.15 on WordPress Iframe Mode cross site scripting
3 weeks 6 days ago
A vulnerability was found in spacetime Ad Inserter Plugin up to 2.8.15 on WordPress and classified as problematic. This affects an unknown function of the component Iframe Mode. Executing a manipulation can lead to cross site scripting.
This vulnerability appears as CVE-2026-9280. The attack may be performed from remote. There is no available exploit.
It is suggested to upgrade the affected component.
vuldb.com