Aggregator

A vulnerability identified as critical has been detected in datapizza-labs datapizza-ai 0.0.2. Affected is the function ChatPromptTemplate of the file datapizza-ai-core/datapizza/modules/prompt/prompt.py of the component Jinja2 Template Handler. This manipulation of the argument Prompt causes improper neutralization of special elements used in a template engine. This vulnerability is registered as CVE-2026-2969. Remote exploitation of the attack is possible. Furthermore, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

好的，我现在要帮用户总结一篇文章的内容，控制在100字以内，而且不需要特定的开头。首先，我需要仔细阅读用户提供的文章内容。 看起来这篇文章主要讨论的是逆向工程（Reverse Engineering），特别是从 Reddit 的 r/ReverseEngineering 社区的角度来看。文章提到了逆向工程在软件和硬件分析中的应用，强调了它在安全研究、技术理解和改进中的重要性。 接下来，我需要提取关键点：逆向工程的定义、应用领域、重要性以及社区的作用。然后，把这些信息浓缩成简洁的句子，确保不超过100字。 可能会遇到的问题是如何在有限的字数内涵盖所有重要信息而不显得冗余。我需要选择最核心的内容，比如逆向工程的应用和其对安全与技术发展的贡献。 最后，检查语言是否流畅自然，并确保没有使用任何不必要的专业术语，使总结易于理解。 文章探讨了逆向工程在软件和硬件分析中的应用及其重要性，强调其在安全研究、技术理解和改进中的作用。

AI assistants are tied into ticketing systems, source code repositories, chat platforms, and cloud dashboards across many enterprises. In some environments, these systems can open pull requests, query internal databases, book services, and trigger automated workflows with limited human involvement. The State of AI Security 2026 from Cisco places this level of access inside a growing pattern of AI-driven operations that connect directly to core business systems. Organizations granted agentic systems authority to execute tasks, … More →

The post Enterprises are racing to secure agentic AI deployments appeared first on Help Net Security.

A CVSS score 8.8 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Michael Argany of TrendAI Research' was reported to the affected vendor on: 2026-02-23, 50 days ago. The vendor is given until 2026-06-23 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 8.8 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Michael Argany of TrendAI Research' was reported to the affected vendor on: 2026-02-23, 50 days ago. The vendor is given until 2026-06-23 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

We’ve upgraded Cloudflare One to support post-quantum encryption by implementing the latest IETF drafts for hybrid ML-KEM into our Cloudflare IPsec product. This extends post-quantum encryption across all major Cloudflare One on-ramps and off-ramps.

A vulnerability classified as critical has been found in D-Link DWR-M960 1.01.07. Affected by this vulnerability is the function sub_44E0F8 of the file /boafrm/formNewSchedule. Performing a manipulation of the argument url results in stack-based buffer overflow. This vulnerability is known as CVE-2026-2959. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

A vulnerability classified as critical was found in D-Link DWR-M960 1.01.07. Affected by this issue is the function sub_468D64 of the file /boafrm/formDhcpv6s. Executing a manipulation of the argument submit-url can lead to stack-based buffer overflow. This vulnerability is handled as CVE-2026-2960. The attack can be executed remotely. Additionally, an exploit exists.

A vulnerability, which was classified as critical, has been found in D-Link DWR-M960 1.01.07. This affects the function sub_4196C4 of the file /boafrm/formVpnConfigSetup of the component VPN Configuration Endpoint. The manipulation of the argument submit-url leads to stack-based buffer overflow. This vulnerability is uniquely identified as CVE-2026-2961. The attack is possible to be carried out remotely. Moreover, an exploit is present.

A vulnerability labeled as critical has been found in Linux Kernel up to 6.12.71/6.18.10/6.19.0. Impacted is the function xchk_btree_check_block_owner of the component xfs. Such manipulation leads to null pointer dereference. This vulnerability is listed as CVE-2026-23223. The attack must be carried out from within the local network. There is no available exploit. The affected component should be upgraded.

A vulnerability identified as critical has been detected in Linux Kernel up to 6.19.0. This issue affects some unknown processing of the component mmcid. This manipulation causes out-of-bounds read. This vulnerability is tracked as CVE-2026-23225. The attack is only possible within the local network. No exploit exists. You should upgrade the affected component.

Нейросети научились обходить любые защитные оболочки Android прямо на лету.

好的，我现在要帮用户总结一篇文章，控制在100字以内。用户给的原文是关于一个叫ASAF的网络安全工具，作者有30多年在关键基础设施安全的经验，对传统的SIEM工具不满意，于是开发了ASAF。 首先，我需要理解文章的主要内容。作者提到ASAF使用了信息几何中的费舍尔信息矩阵和测地线分析，通过网络流量的形状变化来检测异常，而不是传统的模式匹配。技术细节包括C++17、离线运行、Ihara zeta函数、RK4外推等，适用于关键基础设施。 接下来，我要将这些信息浓缩到100字以内。重点是ASAF的技术方法、其优势以及适用场景。可能需要提到统计流形、测地线异常检测、离线运行和关键基础设施环境。 最后，确保语言简洁明了，不使用“文章内容总结”等开头，直接描述文章内容。 作者基于30余年关键基础设施安全经验开发了一款名为ASAF的网络安全工具。该工具利用信息几何中的费舍尔信息矩阵和测地线分析网络行为异常，通过检测网络流量形状偏离自然几何特征来识别威胁。采用C++17/Eigen3实现，支持离线运行且无需云依赖，并结合Ihara zeta函数进行网络拓扑分析及RK4外推预测威胁。适用于工业级关键基础设施环境。

Coroot is an open-source observability and application performance monitoring tool. The core software, published in Go and accompanied by companion repositories such as coroot-node-agent, focuses on collecting telemetry data across systems. It uses extended Berkeley Packet Filter (eBPF) technology to gather metrics and trace inter-service communications without manual instrumentation of application code. Coroot collects standard observability signals that engineering teams rely on. The software aggregates metrics, logs, traces, and continuous profiling data and makes them … More →

The post Coroot: Open-source observability and APM tool appeared first on Help Net Security.

好，我现在需要帮用户总结一篇关于宫颈癌筛查新系统的文章，控制在100字以内。首先，我得通读文章，抓住关键点。 文章提到东京的研究团队开发了一种新系统，用于宫颈癌筛查。这个系统利用3D图像和AI分析细胞团块，精确检测癌细胞。拍摄精度达到千分之一毫米，分析时间只需几分钟，准确率与医生相当。 接下来，我要把这些信息浓缩到100字以内。要确保包含主要元素：研究团队、技术（3D图像、AI）、检测能力、精度和效率。 可能的结构是：研究团队开发新系统，结合3D图像和AI分析细胞团块，精准检测癌细胞和高风险细胞，速度快且准确率高。 检查一下是否符合要求：不使用特定开头，直接描述内容。确保在100字以内。 最终总结：东京的研究团队开发了一种宫颈癌筛查新系统，利用3D图像和AI分析细胞团块，精准检测癌细胞和高风险细胞，速度快且准确率高。 东京的研究团队开发了一种宫颈癌筛查新系统，利用3D图像和AI分析细胞团块，精准检测癌细胞和高风险细胞。

Fake and expired IDs keep showing up in routine customer transactions, from alcohol purchases to credit card applications. The problem shows up most often in industries that depend on fast onboarding and remote transactions, where identity checks rely heavily on scanned documents and automated workflows. Intellicheck analyzed nearly 100 million identity verification transactions collected through its cloud-based verification service during 2025. The company said the dataset covers about half of the adult population in the … More →

The post Identity verification systems are struggling with synthetic fraud appeared first on Help Net Security.

嗯，用户让我总结一下这篇文章的内容，控制在一百个字以内，而且不需要用“文章内容总结”之类的开头。首先，我需要仔细阅读文章，抓住主要信息。 文章主要讲的是TikTok为了符合美国的国家安全要求，转为由美国多数控股的实体，避免被禁。然后最近隐私政策更新引发了用户的恐慌，特别是关于移民状态和精准位置等敏感数据的收集。但作者认为这些其实反映了长期以来的做法和加州隐私披露的要求。他们建议用户仔细阅读政策，了解自己的威胁模型，并自己决定是否使用TikTok或其他社交平台。此外，还提到了Ring结束与Flock的合作以及关于扩展“搜索派对”功能的传闻。 现在我要把这些信息浓缩到100字以内。首先说明TikTok转为美国控股以避免被禁。然后提到隐私政策更新引发恐慌，特别是敏感数据收集。接着指出这些其实是常规做法和加州隐私要求。最后建议用户自己决定是否使用，并提到Ring的相关动态。 确保语言简洁明了，不使用复杂的术语，直接传达核心内容。 TikTok转为美国多数控股实体以避免被禁，并更新隐私政策引发用户对敏感数据收集的关注。专家指出这些内容反映常规做法和加州隐私要求，并建议用户自行评估风险后决定是否使用TikTok或其他社交平台。同时提及Ring终止与Flock合作及传闻中的功能扩展计划。

TikTok has shifted to a majority-American entity, TikTok USDS Joint Venture, LLC, to comply with U.S. national security requirements and avoid a ban. This week we discuss why a recent privacy policy update went viral—especially language about sensitive data like immigration status and precise location—and argue much of it reflects longstanding practices and required California […]

The post TikTok’s New U.S. Deal and Privacy Policy: What Users Don’t Understand appeared first on Shared Security Podcast.

The post TikTok’s New U.S. Deal and Privacy Policy: What Users Don’t Understand appeared first on Security Boulevard.

好的，我现在需要帮用户总结一篇文章的内容，控制在100字以内。首先，我得仔细阅读用户提供的文章内容，了解主要观点和关键信息。 文章主要讲的是OpenAI CEO山姆·奥特曼在印度的人工智能峰会上的发言。他回应了关于AI能源消耗的担忧，认为这些讨论有些不公平。他指出，人们往往只关注训练AI模型所需的能源，而忽视了人类自身成长和进化所需的资源。奥特曼认为，从能源效率的角度来看，AI可能已经与人类相当。 接下来，我需要将这些信息浓缩到100字以内。要确保涵盖奥特曼的观点：批评AI能源消耗讨论的不公、比较人类和AI的成长过程、以及AI在能源效率上的优势。 可能会遇到的问题是如何简洁地表达这些复杂的观点而不遗漏关键点。比如，“训练一个人也需要耗费大量精力”可以简化为“人类成长同样耗能”。同时，“公平的比较”部分需要明确说明比较的对象和结果。 最后，检查字数是否符合要求，并确保语言流畅自然。 OpenAI CEO山姆·奥特曼表示，关于人工智能用水量的担忧是无稽之谈，但关注总能源消耗是合理的。他批评关于ChatGPT能源消耗的讨论不公平，并指出训练一个人类同样耗能且耗时。他认为从能源效率角度看，人工智能已接近人类水平。

Эксперимент с полностью автономным запуском проверяют на реальных вызовах.