Aggregator

Теневой рынок успешно парализует бизнес откровенной дезинформацией.

Senior decision-makers are the heaviest users of unapproved AI tools, and they continue using them despite being aware of the security and privacy risks linked to shadow AI, according to TrustedTech’s Shadow AI in the Workplace report. The study found that 65% of decision-makers use shadow AI, compared with 31% of employees below decision-maker level. Net Shadow AI use (Source: TrustedTech) The data suggests that shadow AI is not mainly driven by junior employees experimenting … More →

The post Turns out the C-suite loves shadow AI appeared first on Help Net Security.

在智能体安全检测、逻辑漏洞扫描、精准误报分析、开启ai驱动的代码安全新时代。

A vulnerability, which was classified as problematic, was found in NEC Platforms Aterm WX1800HP, Aterm WX5400HP, Aterm WX7800T8, Aterm WX11000T12, Aterm WX3000HP2, Aterm WX4200D5, Aterm GX621A1, Aterm SH621A1 and Aterm 19000T12BE. This affects an unknown function of the component Web Management Interface. The manipulation results in cross site scripting. This vulnerability is reported as CVE-2026-6059. The attack can be launched remotely. No exploit exists.

A vulnerability, which was classified as critical, has been found in NEC Platforms Aterm MR51FN and Aterm CM51FD. The impacted element is an unknown function. The manipulation leads to os command injection. This vulnerability is documented as CVE-2026-8652. The attack requires being on the local network. There is not any exploit available.

A vulnerability classified as critical was found in Acer NitrorSense up to 3.01.3052. The affected element is an unknown function. Executing a manipulation can lead to path traversal. This vulnerability is registered as CVE-2026-9489. The attack needs to be launched locally. No exploit is available. Upgrading the affected component is advised.

A vulnerability classified as problematic has been found in SPIP up to 4.4.14. Impacted is an unknown function of the file action/cookie.php of the component ecrire. Performing a manipulation results in open redirect. This vulnerability is cataloged as CVE-2026-48832. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability described as critical has been identified in WineHQ Wine up to 11.0. This issue affects some unknown processing of the component MIME Handler. Such manipulation leads to incorrect resource transfer. This vulnerability is listed as CVE-2026-48831. The attack must be carried out locally. There is no available exploit. There is ongoing doubt regarding the real existence of this vulnerability.

A vulnerability marked as problematic has been reported in huggingface transformers up to 5.2.x. This vulnerability affects the function AutoModelForCausalLM.from_pretrained of the file config.json. This manipulation of the argument _attn_implementation_internal causes missing serialization control element. This vulnerability is tracked as CVE-2026-4372. The attack is restricted to local execution. No exploit exists. It is suggested to upgrade the affected component.

2026年5月22日，美国国家情报总监图尔西·加巴德在社交媒体发布了一封辞职信。

开发了 14 年但发布日期未知的《星际公民(Star Citizen)》的筹款突破了十亿美元达到 1,003,408,183 美元。《星际公民》由《银河飞将》创始人 Chris Roberts 领导开发，试图复兴太空模拟飞行游戏，允许玩家在广袤的宇宙空间内探险，交易和战斗。它于 2012 年在 Kickstarter 上成功众筹，原计划的交付时间是 2014 年。但在 Kickstarter 众筹结束后，开发团队继续在官方网站上进行募资，许多募资其实就是销售游戏内的虚拟物品如各种型号的飞船。2018 年它筹集到 2 亿美元，五年之后突破 6 亿美元，2024 年 5 月突破了 7 亿美元，2 年之后突破了 10 亿美元。《星际公民》堪称史上开发预算最高的 3A 游戏。

荷兰金融犯罪调查局（FIOD）逮捕了两名男子，并扣押了与一家网络托管公司相关的800台服务器，该公司为网络攻击、干涉行动和虚假信息宣传活动提供支持。 FIOD逮捕了一名57岁嫌疑人（公司董事）和一名39岁嫌疑人——他是另一家提供互联网连接服务公司的负责人。 据当局称，嫌疑人间接向受到欧盟（EU）制裁的俄罗斯和白俄罗斯实体提供经济资源。 调查聚焦于 Stark In...

Пока вы описываете симптомы, доктор уже печатает чат-боту “срочно выручай!”.

GitHub 为 npm 推出了新的安全控制措施，以提升软件供应链的安全性，使维护者能够在软件包公开发布可供安装之前，明确批准某个版本。该功能称为 staged publishing（分阶段发布），现已正式在 npm 上可用。它要求人工维护者通过 2FA（双因素认证）挑战来批准一个软件包，然后才能将其推送至 npmjs[.]com。GitHub 表示：“与直接发布（...

国剧之光《主角》目前正在热播，这是第一部我们看到了传承的电视剧。电视剧《主角》中的传承，技艺传承、文化传承、文明传承！

很多人现在已经默认：本地Agent + 中转站也是属于日常玩法了。发现这里其实有个被很多人忽略的风险：AI Agent 已经不是“聊天机器人--编码助手”了。

Drupal 警告用户，针对本周修复的高危漏洞 CVE-2026-9082，已经出现了利用尝试。该漏洞影响一个旨在确保数据库查询经过清理以防止 SQL 注入 的 API。Drupal 解释道：“该 API 中的漏洞允许攻击者发送特制请求，导致使用 PostgreSQL 数据库的网站遭受任意 SQL 注入。”未经身份验证的攻击...

威胁行为者正在利用共享内容分发网络（CDN）基础设施中的漏洞，以隐藏与恶意域名的连接。 该漏洞被称为 Underminr，是域名前置（domain fronting）攻击的一种变体。域名前置是一种现已得到缓解的攻击类型，攻击者曾通过在 HTTPS 请求的 SNI 和 TLS 证书验证字段中放置允许的域名，同时在 TLS 隧道的加密 HTTP Host 头中嵌入不同的目标域名来实施攻击。 ...

A fully autonomous bug-bounty framework called Pentest Agent Suite has been open-sourced, delivering 50 specialized security agents, 26 slash commands, 19 CLI tools, and a cross-IDE installer across seven major AI coding platforms — Claude Code, OpenAI Codex, Google Gemini, Cursor, Windsurf, VS Code Copilot, and OpenClaw. The project, published on GitHub by researcher H-mmer, […]

The post Pentest Agent Suite – Bug Bounty Framework for Claude Code and 6 AI Coding Tools appeared first on Cyber Security News.