Aggregator

An unforeseen regression within a software update has inadvertently caused a security mechanism to serve as a gateway

The post The Critical 9.1 Flaw in ASP.NET Core that Turns Cookies into Master Keys appeared first on Penetration Testing Tools.

В четырех российских городах прошли обыски.

1.      chaos勒索团伙公布新的受害公司 2.      coinbasecartel勒索团伙入侵印度尼西亚农业部 3.      genesis勒索团伙公布新的受害公司

A high-severity security flaw in LMDeploy, an open-source toolkit for compressing, deploying, and serving large language models (LLMs), has come under active exploitation in the wild less than 13 hours after its public disclosure. The vulnerability, tracked as CVE-2026-33626 (CVSS score: 7.5), relates to a Server-Side Request Forgery (SSRF) vulnerability that could be exploited to access

在最近举行的员工大会上，即将卸任的苹果 CEO 库克（Tim Cook）称 2012 年上线 Apple Maps 是其任内第一个真正的重大失误。当时的 Apple Maps 还比较原始，尚未准备好。它的失败迫使库克向用户道歉，并建议用户使用竞争对手的地图应用。库克表示这次重大失败还是富有价值的，“这体现了我们始终将用户放置在决策中心。现在我们拥有全世界最好的地图应用。我们学会了坚持，犯了错误但做了正确的事。”

Your legal team just handed you a 400-page document and said "figure out compliance." The EU AI Act is live, your organization falls under its scope, which is broader than many expect. Even non‑EU companies must comply if their AI systems are used, deployed, or produce effects within the European Union. In practice, that means that global organizations [...]

The post The Governance Gap: How the EU AI Act Makes API Security a Compliance Imperative appeared first on Wallarm.

The post The Governance Gap: How the EU AI Act Makes API Security a Compliance Imperative appeared first on Security Boulevard.

A vulnerability, which was classified as problematic, has been found in Ollama. Affected is an unknown function of the component GGUF Quantization. Performing a manipulation results in memory leak. This vulnerability is known as CVE-2026-5757. Remote exploitation of the attack is possible. No exploit is available.

A vulnerability classified as critical was found in DeltaWW AS320T up to 1.14. This impacts an unknown function. Such manipulation leads to backdoor. This vulnerability is traded as CVE-2026-1952. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as critical has been found in DeltaWW AS320T up to 1.10. This affects an unknown function. This manipulation causes stack-based buffer overflow. This vulnerability appears as CVE-2026-1951. The attack may be initiated remotely. There is no available exploit.

A vulnerability described as critical has been identified in DeltaWW AS320T up to 1.14. The impacted element is an unknown function. The manipulation results in stack-based buffer overflow. This vulnerability is reported as CVE-2026-1950. The attack can be launched remotely. No exploit exists.

The open vs. closed AI model debate misses the bigger issue. Confidential inference secures model weights and data during runtime.

The post Open vs. Closed Weight Models and Why You Need Confidential Inference Either Way appeared first on Security Boulevard.

Competition to release stronger AI models is accelerating, and just weeks after the release of GPT-5.4, OpenAI has introduced GPT-5.5, pointing to expanded safeguards in the new model. GPT-5.5 is being rolled out to Plus, Pro, Business, and Enterprise users in ChatGPT and Codex, while GPT-5.5 Pro is available to Pro, Business, and Enterprise users in ChatGPT. The models are expected to be made available through the API soon. The company said it is working … More →

The post OpenAI’s GPT-5.5 is out with expanded cybersecurity safeguards appeared first on Help Net Security.

For decades, the "gray area" of undercover research was governed by internal policies. The SPLC indictment suggests that internal oversight is no longer a shield.

The post When Research Becomes a Crime: The New Risk Landscape for OSINT and Dark Web Intelligence appeared first on Security Boulevard.

AMA Wants Privacy, Security AI Tool Protections, Especially in Mental Health
The American Medical Association says using artificial intelligence chatbots carries risks - including data privacy and security breaches - and the largest U.S. professional association for physicians and medical students is urging Congress to take action to protect patients from potential harm.

Berlin Proposes 3 Month Requirement to Store IP Addresses
The German government says it's unlocked the secret to passing a law that would require internet service providers to keep customer data without running afoul of privacy and security concerns that sunk earlier attempts. Critics say that's impossible

Recent Package Compromises Pushed Software Component Trust to the Security Agenda
Cloudsmith raised a $72 million Series C led by TCV to expand policy enforcement, auditability and real-time package risk analysis as CISOs focus more closely on software supply-chain threats tied to open-source dependencies, AI-assisted development and compromised artifacts.

Also, Europol Cracks DDoS Networks, Mythos Finds Bugs, France Portal Hit
This week, scam compounds. Attackers exploit flaws pre-disclosure. A crackdown on DDoS-for-hire. No Mythos for CISA, yes for Mozilla. France ID portal breach. Israeli and Venezuelan critical infrastructure targeted. Russian hacking in Ukraine. An Apache flaw. A ransomware negotiator aided BlackCat.

智能情报驱动，以AI治理AI。新一代数字供应链安全治理体系再闭环，智能治理“AI 数字员工”！

美国国家标准与技术研究院（NIST）正在调整其对新披露漏洞的分析方式——面对大量积压的数字缺陷，该机构宣布将只对符合特定标准的 CVE 进行详细分析。

UK National Cyber Security Centre (NCSC) warns China-linked hackers use hijacked devices as proxy networks to hide activity and evade detection. UK National Cyber Security Centre (NCSC) and global partners warn that China-linked threat actors now rely on large proxy networks built of hacked consumer devices. Groups control routers, cameras, video recorders, and NAS systems […]