How we built Cloudflare's data platform and an AI agent on top of it
Here’s how we built Town Lake, Cloudflare's unified analytics platform, alongside Skipper, an internal AI agent running on top of it.
Aggregator
Zapier fixes bug chain that researchers say risked widespread account takeover
2 days 8 hours ago
A five-step flaw chain in the popular automation service, now patched, could have let a single attacker act as any signed-in user across thousands of connected apps.
The post Zapier fixes bug chain that researchers say risked widespread account takeover appeared first on CyberScoop.
Greg Otto
Temu 因违反 DSA 被欧盟罚款 2 亿欧元
2 days 8 hours ago
欧盟委员会根据 Digital Services Act (DSA)对 Temu 处以 2 亿欧元罚款。原因是 Temu 对其平台上假冒伪劣商品所带来的系统性风险没有尽职尽责的识别、分析和评估,从而给欧盟消费者造成了伤害。欧盟委员会举例说:它调查的充电器有相当高比例的产品未能通过基本的安全测试;在测试的婴儿玩具中,有相当比例的产品存在中度至高度的安全风险,这些玩具含有超过法定安全限值的化学物质,或者由于可拆卸部件而存在窒息危险。欧盟委员会是在 2024 年 10 月 31 日启动调查,2025 年 7 月通过了初步调查结果,5 月 28 日公布处罚。
网站能通过分析 SSD 活动监视用户
2 days 8 hours ago
浏览器已经演变成类似操作系统的复杂平台,但不断加入的新特性也增加了浏览器的攻击面,引入新的漏洞。最新的攻击被称为 FROST(fingerprinting remotely using OPFS-based SSD timing),通过测量用户使用的 SSD 的部分 I/O(输入/输出)操作时序,攻击者能识别用户在浏览器标签页打开的网站以及正在运行的应用程序。FROST 攻击无需任何交互,只需打开执行攻击的网站。FROST 攻击完全在浏览器中运行。它使用 JavaScript 与 OPFS(origin private file system)交互。OPFS 是 Web API 的一部分,是一个为特定网站预留的专属存储空间,用于运行完成特定任务所需的目标代码。网站无需任何交互就可以直接创建该空间。该攻击的一大缺陷是需要的 OPFS 文件比较大,可能需要 1GB 左右,因此会容易检测出来。
Romanian gets 5 years in prison for hacking Oregon govt network
2 days 8 hours ago
A Romanian national was sentenced this week to 56 months in federal prison for breaking into an Oregon state government computer network and fr cyberattacks targeting dozens of other U.S. victims. [...]
Sergiu Gatlan
Банки продолжают писать в WhatsApp, суды продолжают выписывать штрафы. Счет пошел на десятки
2 days 8 hours ago
Юрлицам в РФ грозит штраф до 700 тысяч рублей за отправку уведомлений о долгах в иностранных сервисах.
国内同行羡慕硅谷有钱,硅谷在羡慕宇树有副好身体
2 days 8 hours ago
宇树真正的价值,不在招股书的财务报表里,而在它在全球具身浪潮里站的那个位置上。
Focus on Cyber Insurance: How Quantifying Risk Is Reshaping Security
2 days 8 hours ago
In this latest installment of the Reporters' Notebook video series, we discuss how cyber insurance is forcing organizations to quantify risk, what's covered (and what's not), and why this could be the best thing to happen to cybersecurity.
Fahmida Y. Rashid, Kristina Beek
OpenAI prepares ChatGPT for the election misinformation wave
2 days 8 hours ago
AI-generated election misinformation could shape public opinion and influence the lives of millions of people. To address those risks, OpenAI outlined a series of safeguards ahead of the 2026 election cycle. The company said its efforts will focus on helping users access voting information, supporting cybersecurity defenders, and improving transparency around AI-generated content. “People already use ChatGPT to ask practical questions in their preferred languages about civic events: how to register, where to vote, what … More →
The post OpenAI prepares ChatGPT for the election misinformation wave appeared first on Help Net Security.
Sinisa Markovic
认知升级也不代表成功
2 days 8 hours ago
上周末在家吃饭,跟正读高二的老大聊起对前途的一些想法。按他的一些摸底成绩,也就是600分左右的选手,对一这个成绩他妈妈是又着急又不得不耐着性子小心翼翼地去引导。
Qumulo NeuralProtect uses AI to detect and stop ransomware before encryption
2 days 9 hours ago
Qumulo has unveiled Qumulo NeuralProtect, a ransomware resilience solution built to protect data at the storage layer by detecting and stopping threats before data is encrypted, corrupted, or lost. Integrated directly into the Qumulo Data Platform, NeuralProtect inspects every file at the precise point-of-write using a series of AI-driven analysis models to detect both known and zero-day threats, instantly isolating malicious activity and enabling rapid recovery. NeuralProtect shifts ransomware protection from reactive recovery to proactive … More →
The post Qumulo NeuralProtect uses AI to detect and stop ransomware before encryption appeared first on Help Net Security.
Industry News
Webinar: Why network incidents take too long to resolve
2 days 9 hours ago
Many organizations can detect network issues quickly, but investigations and coordination often slow incident resolution. This webinar explores how automation and AI-assisted workflows can help IT teams reduce delays and improve response times. [...]
BleepingComputer
G.O.S.S.I.P 阅读推荐 2026-05-28 TAEMU
2 days 9 hours ago
又一个TEE模拟器~
Akira
2 days 9 hours ago
You must login to view this content
cohenido
Akira
2 days 9 hours ago
You must login to view this content
cohenido
CVE-2022-34169 | Oracle Financial Services Revenue Management and Billing up to 4.0 Infrastructure numeric conversion (Nessus ID 209012)
2 days 9 hours ago
A vulnerability has been found in Oracle Financial Services Revenue Management and Billing up to 4.0 and classified as critical. This affects an unknown part of the component Infrastructure. The manipulation leads to incorrect conversion between numeric types.
This vulnerability is documented as CVE-2022-34169. The attack can be initiated remotely. Additionally, an exploit exists.
vuldb.com
CVE-2022-34169 | Oracle Business Intelligence Enterprise Edition 12.2.1.4.0 JAXP numeric conversion (Nessus ID 209012)
2 days 9 hours ago
A vulnerability was found in Oracle Business Intelligence Enterprise Edition 12.2.1.4.0. It has been rated as critical. Impacted is an unknown function of the component JAXP. The manipulation leads to incorrect conversion between numeric types.
This vulnerability is listed as CVE-2022-34169. The attack may be initiated remotely. In addition, an exploit is available.
vuldb.com
CVE-2022-34169 | Oracle PeopleSoft Enterprise PeopleTools 8.58 Integration Broker numeric conversion (Nessus ID 209012)
2 days 9 hours ago
A vulnerability marked as critical has been reported in Oracle PeopleSoft Enterprise PeopleTools 8.58. This affects an unknown function of the component Integration Broker. The manipulation leads to incorrect conversion between numeric types.
This vulnerability is referenced as CVE-2022-34169. Remote exploitation of the attack is possible. Furthermore, an exploit is available.
vuldb.com
CVE-2022-34169 | Oracle Financial Services Enterprise Case Management 8.0.8.2/8.1.1.1/8.1.2.5/8.1.2.6 Web UI numeric conversion (Nessus ID 209012)
2 days 9 hours ago
A vulnerability was found in Oracle Financial Services Enterprise Case Management 8.0.8.2/8.1.1.1/8.1.2.5/8.1.2.6. It has been declared as critical. Impacted is an unknown function of the component Web UI. The manipulation results in incorrect conversion between numeric types.
This vulnerability is cataloged as CVE-2022-34169. The attack may be launched remotely. Furthermore, there is an exploit available.
vuldb.com
CVE-2022-21619 | Oracle Java SE up to 19 Security (EUVD-2022-26843 / Nessus ID 211429)
2 days 9 hours ago
A vulnerability was found in Oracle Java SE 8u341/8u345-perf/11.0.16.1/17.0.4.1/19 and classified as problematic. This issue affects some unknown processing of the component Security. Executing a manipulation can lead to an unknown weakness.
This vulnerability is registered as CVE-2022-21619. It is possible to launch the attack remotely. No exploit is available.
vuldb.com