Aggregator

Расщепление простой воды даст спутникам в 10 раз больше маневренности.

微软最近几年为其以精简著称的记事本应用引入了新功能，其中包括 AI 和 Markdown，新增功能也扩大了其攻击面，它刚刚爆出了一个远程代码执行漏洞 CVE-2026-20841，该漏洞与处理外链有关：当用户用记事本打开一个 Markdown 文件，攻击者可以引诱用户点击一个恶意链接，导致应用启动未经验证的协议去加载并执行远程文件。

Никаких укусов, только стрим-разведка для копов.

Microsoft has plugged 50+ security holes on February 2026 Patch Tuesday, including six zero-day vulnerabilities exploited by attackers in the wild. The “security feature bypass” zero-days Among the zero-days fixed are three vulnerabilities that allow attackers to bypass a security feature. CVE-2026-21513 affects the MSHTML/Trident browser engine for the Microsoft Windows version of Internet Explorer, and CVE-2026-21514 affects Microsoft Word. The former can be exploited by attackers by convincing a user to open a malicious … More →

The post Microsoft Patch Tuesday: 6 exploited zero-days fixed in February 2026 appeared first on Help Net Security.

A federal court has sentenced crypto-scammer Daren Li to 20 years in absentia

XSAST-Python 开源地址

Microsoft security researchers discovered a growing trend of AI memory poisoning attacks used for promotional purposes, referred to as AI Recommendation Poisoning. The MITRE ATLAS knowledge base classifies this behavior as AML.T0080: Memory Poisoning. The activity focuses on shaping future recommendations by inserting prompts that cause an assistant to treat specific companies, websites, or services as trusted or preferred. Once stored, these entries can affect responses in later, unrelated conversations. Manipulated assistants may influence recommendations … More →

The post That “summarize with AI” button might be manipulating you appeared first on Help Net Security.

大模型驱动的多智能体系统（LLM-MAS），可以看作是 AI 发展中的一次重要转向。早期的多智能体系统主要依赖规则、逻辑和人工设计的流程，而随着大语言模型的引入，智能体开始具备更强的理解能力、推理能力，以及一定程度的自主决策能力。

This year should break all the records in terms of vulnerability disclosed, reaching or even surpassing 50,000 new CVEs disclosed

Пентагон ужесточил правила ношения формы из-за угрозы утечек данных через носимую электронику.

Intentionally vulnerable training applications are widely used for security education, internal testing, and product demonstrations. Tools such as OWASP Juice Shop, DVWA, Hackazon, and bWAPP are designed to be insecure by default, making them useful for learning how common attack techniques work in controlled environments. The issue is not the applications themselves, but how they are often

Зачем США пытаются упаковать смерть в коробку?

​当 AI 走进卧室，科技能让人人睡好吗？

关键词WhatsApp印度最高法院近日就 WhatsApp 数据共享争议作出重要裁决，明确指出平台“不得玩弄公

关键词ClawdBotAI 编程助手正在成为开发者的“标配工具”，但攻击者显然也盯上了这波热度。

关键词安全漏洞GitLab 发布紧急安全公告，披露其 Duo Self-Hosted AI Gateway 存

Google expanded its “Results about you” tool to give users more control over sensitive personal information and added a way to request removal of non-consensual explicit images from Search. Manage and limit sensitive personal information in Search Users can request the removal of Search results that contain sensitive personal information, such as driver’s license numbers, passport numbers, and Social Security numbers, through the Results about you hub. First-time users must enter the contact information they … More →

The post Google Search introduces new ways to remove sensitive personal information and explicit images appeared first on Help Net Security.

Теперь для слежки за смартфонами не нужно уметь программировать – достаточно зайти в Telegram.