Aggregator

技能作为智能体与外部世界交互的核心接口，也是相关安全风险的主要载体与放大器。因此，深入研究智能体技能所面临的安全威胁及其防护机制，对于有效化解新兴技术应用带来的现实风险、保障智能体生态可持续发展具有重要现实意义。

GitHub 项目 accesskey_tools 的 AWS 模块被植入供应链后门已三年，攻击者通过仿冒 enumerate-iam 依赖包和 Endpoint 劫持窃取用户 AWS AccessKey。据「知攻善防实验室」公众号披露，该后门目前仍在活跃。使用过该工具的用户需立即轮换凭据并审计账户。

A vulnerability was found in protobufjs protobuf.js up to 7.5.5/8.0.1. It has been rated as problematic. Affected is an unknown function. Performing a manipulation results in improper handling of unicode encoding. This vulnerability is known as CVE-2026-44288. Remote exploitation of the attack is possible. No exploit is available. Upgrading the affected component is advised.

A vulnerability was found in NLnet Labs ldns up to 1.9.0. It has been rated as problematic. This affects an unknown function of the component Destination Handler. Performing a manipulation results in origin validation error. This vulnerability is known as CVE-2026-10846. Remote exploitation of the attack is possible. No exploit is available. Upgrading the affected component is advised.

A vulnerability was found in SQLFluff up to 4.0.x. It has been declared as problematic. The affected element is an unknown function of the component Query Handler. The manipulation results in uncontrolled recursion. This vulnerability was named CVE-2026-46373. The attack may be performed from remote. There is no available exploit. It is recommended to upgrade the affected component.

A vulnerability was found in Debian debusine up to 0.14.5. It has been classified as critical. This impacts an unknown function. Performing a manipulation results in permission issues. This vulnerability is reported as CVE-2026-11852. The attacker must have access to the local network to execute the attack. No exploit exists. Upgrading the affected component is recommended.

Extortion-only attacks are increasing as data theft drives most ransomware claims, with many organizations unable to stop stolen data from being exposed

Anthropic公司宣布推出最新AI模型Fable 5和Mythos 5

甘蔗收割作业全面中断，食糖生产被扰乱

A vulnerability was found in Fortinet FortiTester and classified as critical. Impacted is an unknown function of the component Telnet Login Handler. Executing a manipulation can lead to os command injection. This vulnerability appears as CVE-2022-33872. The attack may be performed from remote. There is no available exploit.

A vulnerability classified as critical was found in Fortinet FortiTester. This issue affects some unknown processing of the component Console Login. Such manipulation leads to os command injection. This vulnerability is listed as CVE-2022-33873. The attack can be executed directly on the physical device. There is no available exploit.

A vulnerability described as problematic has been identified in Xen. This affects an unknown part of the component Shadow Mode. Executing a manipulation can lead to privilege escalation. This vulnerability is tracked as CVE-2022-33745. The attack is only possible within the local network. No exploit exists. A patch should be applied to remediate this issue.

A vulnerability, which was classified as critical, has been found in Fortinet FortiTester up to 3.9.1/4.2.0/7.1.0. The affected element is an unknown function of the component Command Line Interpreter. The manipulation leads to os command injection. This vulnerability is documented as CVE-2022-33870. The attack needs to be performed locally. There is not any exploit available.

Google подтвердила существование рабочего эксплойта и призвала немедленно установить обновление.

面对美国、欧洲等海外市场对第三方供应商治理、数据主权、隐私保护和跨境数据流动的复杂要求，隐私合规是中国企业出海最昂贵的“签证”。面对复杂的海外法规，，利用 AI 自动化识别和分类敏感数据，守住法律和信任的底线，品牌出海的船才能开得稳。

针对近日披露的Ivanti Sentry最高危漏洞（CVE-2026-10520），安全监测组织Shadows

看雪论坛作者ID：孤木落

活动时间：6月10日-6月21日

AI Agent正在从对话走向行动，但每一步调用背后，都有新的攻击面在生长。

Fortinet patched a critical FortiSandbox vulnerability that could let unauthenticated attackers remotely execute commands via crafted HTTP requests. Fortinet released security updates to address several vulnerabilities affecting FortiSandbox, FortiOS, FortiProxy, and FortiPortal. The most severe issue, tracked as CVE-2026-25089 (CVSS score of 9.8), is an OS command injection flaw in FortiSandbox products. The vulnerability could […]