Aggregator

Miasma蠕虫攻击波及微软73个GitHub仓库，Check Point零日漏洞遭利用部署勒索软件，Linux提权漏洞曝光。

Microsoft’s June 2026 patch Tuesday resolves 206 vulnerabilities, including 3 critical zero-days and severe 9.8 CVSS kernel, network and HTTP.sys flaws.

F5 has introduced new web application and API protection (WAAP) capabilities for its Application Delivery and Security Platform. The company said the updates are intended to address a threat landscape in which AI models can accelerate the time between vulnerability discovery and exploitation, giving attackers faster access to offensive capabilities. The new features expand the AI-powered web application firewall (WAF) functionality in F5 Distributed Cloud Services. “Frontier AI has collapsed the window between discovery and … More →

The post F5 adds AI-powered threat detection and API security for on-premises environments appeared first on Help Net Security.

Days after publishing research on how advanced AI systems could amplify cyber operations in the wrong hands, Anthropic released Claude Fable 5, a Mythos-class model for general use. “Releasing a model this capable comes with risks. Without safeguards, Fable 5’s capabilities in areas like cybersecurity could be misused to cause serious damage,” Anthropic wrote. The company said Mythos-class models possess advanced cybersecurity and research biology capabilities that can provide information and guidance beyond what is … More →

The post Anthropic’s Claude Fable 5 is out for public use, with safeguards for high-risk requests appeared first on Help Net Security.

A vulnerability, which was classified as problematic, was found in brechtvds Easy Image Collage Plugin up to 1.13.6 on WordPress. The affected element is the function update_post_meta. The manipulation results in cross site scripting. This vulnerability is cataloged as CVE-2026-9019. The attack may be launched remotely. There is no exploit available. You should upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in smub aThemes Addons for Elementor Plugin up to 1.1.8 on WordPress. Impacted is an unknown function of the component Posts Timeline Widget. The manipulation leads to cross site scripting. This vulnerability is listed as CVE-2026-8613. The attack may be initiated remotely. There is no available exploit. It is advisable to upgrade the affected component.

A vulnerability classified as problematic was found in websoudan MW WP Form Plugin up to 5.1.3 on WordPress. This issue affects the function update_post_meta. Executing a manipulation of the argument memo can lead to cross site scripting. This vulnerability is tracked as CVE-2026-8853. The attack can be launched remotely. No exploit exists. Upgrading the affected component is advised.

A vulnerability classified as problematic has been found in Concrete CMS up to 9.5.1. This vulnerability affects the function unserialize. Performing a manipulation results in deserialization. This vulnerability is identified as CVE-2026-10721. The attack can be initiated remotely. There is not any exploit available. It is recommended to upgrade the affected component.

Новая платформа, которая переводит киберриски на язык топ-менеджмента

A company that's expecting a cyberattack but hasn’t actively prepared for it risks making the hardest decisions at the worst possible moment

火绒小问答--「个人版」近期top问题解答

2026-06微软漏洞通告

7万余美军网络部队和承包商人员组成。

Пользовательские отзывы показали рынок совсем не так, как счётчики трафика.

A study by the University of Toronto shows how artificial intelligence can power autonomous worms capable of tailoring attacks against Windows, Linux and IoT devices. A group of researchers from the University of Toronto has demonstrated how open-source artificial intelligence models can be used to create a new category of computer worms capable of autonomously […]

Companies that build AI systems wrap them in guardrails meant to block harmful output, including deepfakes, malware, and instructions for making biological weapons or illicit drugs. When a user prompts the system for such content, the guardrails are designed to flag the request and refuse. A new mathematical proof sets a limit on how secure those guardrails can ever be. Apostol Vassilev, a senior scientist at the National Institute of Standards and Technology, published the … More →

The post Every set of AI guardrails can be broken by the right prompt appeared first on Help Net Security.

威尔森的数据显示，2025 年比亚迪针对自身“海洋”和“王朝”系列车型实际进行了 200 次软件更新（Over the Air 或 OTA），在汽车企业中次数最多。特斯拉在中国国内更新软件的次数为 16 次，丰田为 8 次，大众为 5 次。比亚迪之所以能够频繁更新软件，是因为 OTA 所需要的半导体、作为通信基础的操作系统、实际运行的硬件全部自主开发。相关负责人表示：“只要是自主设计，就可以迅速且准确地实现更新”。在价格竞争加剧导致中国国内销量下滑的背景下，比亚迪的目的是通过 OTA 来提升吸引力、扩大销售。

Starlink 硬件从一次性付费转向 10 美元月租费。Starlink 硬件包括一个接收卫星信号的终端和一个放在家中的路由器。该费用不包含在网络服务费中。Starlink 的 100Mbps 套餐每月收费 55 美元，200Mbps 套餐每月收费 85 美元，400Mbps 的 Max 套餐每月收费 130 美元。Starlink 还提供专业安装服务，一次性收费 199 美元，Max 套餐用户免收安装费。