Aggregator

智能体安全市场开闸：这块蛋糕该怎么切？

美国教育科技公司Instructure，以“对数据可能公开的担忧”为由，与勒索者达成协议并支付了赎金。

A vulnerability classified as problematic was found in AMD Ionic Cloud Driver on Vmware. This impacts an unknown function. Such manipulation leads to untrusted pointer dereference. This vulnerability is uniquely identified as CVE-2025-62627. Local access is required to approach this attack. No exploit exists. Upgrading the affected component is advised.

A vulnerability classified as critical has been found in Fuji Electric Tellus 5.0.2. This affects an unknown function of the component Installation Handler. This manipulation causes exposed dangerous routine. This vulnerability is handled as CVE-2026-8108. It is possible to launch the attack on the local host. There is not any exploit available.

A vulnerability described as problematic has been identified in AMD EPYC 9004 Processors, EPYC 7003 Processors, EPYC 9005 Processors, EPYC 8004 Processors, EPYC Embedded 7003 Processors, EPYC Embedded 9004 Processors, EPYC Embedded 8004 Processors and EPYC Embedded 9005 Processors. The impacted element is an unknown function. The manipulation results in security-sensitive hardware controls with missing lock bit protection. This vulnerability is known as CVE-2025-61971. Attacking locally is a requirement. No exploit is available. Upgrading the affected component is recommended.

A vulnerability marked as problematic has been reported in AMD EPYC 9004 Processors, EPYC 9005 Processors, EPYC 8004 Processors, EPYC Embedded 9004 Processors, EPYC Embedded 8004 Processors and EPYC Embedded 9005 Processors. The affected element is an unknown function. The manipulation leads to security-sensitive hardware controls with missing lock bit protection. This vulnerability is traded as CVE-2025-61972. An attack has to be approached locally. There is no exploit available. It is suggested to upgrade the affected component.

A vulnerability labeled as problematic has been found in broadstreetads Broadstreet Plugin up to 1.53.1 on WordPress. Impacted is an unknown function of the component Setting Handler. Executing a manipulation can lead to cross site scripting. This vulnerability appears as CVE-2025-9989. The attack may be performed from remote. There is no available exploit.

A vulnerability identified as problematic has been detected in techjewel Fluent Forms Plugin up to 6.2.1 on WordPress. This issue affects some unknown processing of the component Conversation Handler. Performing a manipulation of the argument permission_message results in cross site scripting. This vulnerability is reported as CVE-2026-6828. The attack is possible to be carried out remotely. No exploit exists.

A vulnerability categorized as critical has been discovered in reconurge flowsint up to 1.2.2. This vulnerability affects unknown code. Such manipulation leads to improper access controls. This vulnerability is documented as CVE-2026-44352. The attack can be executed remotely. There is not any exploit available. It is advisable to upgrade the affected component.

A vulnerability was found in Advantech SaaS Composer, IoTSuite Growth Linux docker, IoTSuite Starter Linux docker, IoT Edge Linux docker, IoT Edge Windows, WebAccess, SCADA, WebAccess SaaS-Composer and ECOWatch SaaS-Composer. It has been rated as critical. This affects an unknown part. This manipulation causes sql injection. This vulnerability is registered as CVE-2026-6888. Remote exploitation of the attack is possible. No exploit is available. Upgrading the affected component is advised.

A vulnerability was found in warp-tech warpgate up to 0.23.2 on Linux. It has been declared as problematic. Affected by this issue is some unknown functionality. The manipulation of the argument state results in cross-site request forgery. This vulnerability is cataloged as CVE-2026-44347. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in AMD EPYC 9004 Processors, EPYCSeries 4004 Processors, EPYC 8004 Processors, Instinct MI300A Processors, Ryzen Z1 Processors, Ryzen 7040 Mobile Processors with Radeon Graphics, Ryzen 7045 Mobile Processors with Radeon Graphics, Ryzen 9000 Desktop Processors, Ryzen 7000 Desktop Processors, Ryzen 8000 Desktop Processors, EPYC Embedded 9004 Processors, EPYC Embedded 8004 Processors, Ryzen Embedded 8000 Processors and Ryzen Embedded 7000 Processors. It has been classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to protection mechanism failure. This vulnerability is listed as CVE-2024-36315. The attack must be carried out locally. There is no available exploit. Upgrading the affected component is recommended.

A vulnerability was found in smub Charitable Plugin up to 1.8.10.4 on WordPress and classified as critical. Affected is the function edit_others_donations. Executing a manipulation of the argument s can lead to sql injection. This vulnerability is tracked as CVE-2026-7619. The attack can be launched remotely. No exploit exists.

A vulnerability has been found in broadstreetads Broadstreet Plugin up to 1.53.1 on WordPress and classified as critical. This impacts the function create_advertiser of the component AJAX Action Handler. Performing a manipulation results in improper authorization. This vulnerability is identified as CVE-2025-9988. The attack can be initiated remotely. There is not any exploit available.

A vulnerability, which was classified as problematic, was found in broadstreetads Broadstreet Plugin up to 1.53.1 on WordPress. This affects the function get_sponsored_meta. Such manipulation leads to information disclosure. This vulnerability is referenced as CVE-2025-9987. It is possible to launch the attack remotely. No exploit is available.

谷歌公司今天表示，其正在引入更新的文件分享功能，这将使安卓用户向苹果手机用户发送文件变得更容易。快速分享已经在特定安卓设备上与苹果的隔空投送功能兼容，但谷歌表示，该功能将于2026年扩展到三星、OPP

Невидимый сетевой посредник получил слишком много власти над привычным маршрутом.

An employee with persistent, unsupervised admin access across critical systems, with no audit trail, no clear owner, and no regular access reviews, would raise immediate concern in most organizations. Yet non-human identities and AI agents are often granted that same kind of persistent, broadly privileged access. As AI adoption grows, that gap is becoming harder to ignore. NHIs today encompass far more than traditional service accounts and API keys. They also often include AI agents … More →

The post The hidden risk of non-human identities in AI adoption appeared first on Help Net Security.

一览