Aggregator
CVE-2026-9199 | equalizedigital Equalize Digital Accessibility Checker Plugin up to 1.42.1 on WordPress Authorization Token authorization
CVE-2026-10623 | pressprimer PressPrimer Quiz Plugin up to 2.3.0 on WordPress rule_id authorization
CVE-2026-55740 | Nur-Alam39 bus-ticket bus_info.php mysqli_query busid sql injection (EUVD-2026-37851)
CVE-2026-11357 | stellarwp Kadence Blocks Plugin up to 3.7.5 on WordPress License Key information disclosure (EUVD-2026-37843)
CVE-2026-11360 | algolplus Advanced Order Export for WooCommerce Plugin up to 4.0.10 on WordPress Endpoint stripslashes_deep sort_direction sql injection (EUVD-2026-37844)
CVE-2026-9860 | vanyukov Offload, AI & Optimize with Cloudflare Images cf-images Plugin wp-config.php sanitize_text_field unrestricted upload (EUVD-2026-37840)
美国暂缓将 DeepSeek 加入黑名单
Lynx
You must login to view this content
Чипы будущего толщиной в 3 атома — и одна ошибка плазмы может всё испортить. Теперь есть способ это исправить
Securing digital keys when your phone unlocks the car
In this interview with Help Net Security, Alysia Johnson, President of the Car Connectivity Consortium (CCC), explains how the CCC Digital Key has grown from a single-brand feature into a standard meant to work across phones, automakers, and suppliers. She talks through what changed with Version 4, why the team focused on interoperability and testing instead of one new threat, and how NFC fallback access stays protected. She also covers fast credential revocation when a … More →
The post Securing digital keys when your phone unlocks the car appeared first on Help Net Security.
Google’s open standard for AI agents to discover and verify tools
AI agents depend on tools, skills, and other agents spread across many teams, organizations, and platforms. These capabilities live in separate systems with their own registries, and an agent working in one environment has limited means to locate and connect to a resource hosted somewhere else. Google addressed this gap with Agentic Resource Discovery, an open specification for publishing, discovering, and verifying AI capabilities across the web. It allows tools and services to be shared … More →
The post Google’s open standard for AI agents to discover and verify tools appeared first on Help Net Security.
CVE-2026-8049 | SignalRGB kernel driver up to 1.3.7.0 access control
How security teams are getting credential visibility into developer endpoints
As we noted in our earlier analysis, attackers already know secrets are on your developers’ machines, the only question is whether security teams do. The supply chain attack calendar of 2026 has been relentless. Megalodon backdoored 5,500 GitHub repositories in six hours. TrapDoor spread across npm, PyPI, and Crates.io simultaneously, planting persistence inside AI coding assistant config files. Miasma compromised 32 official Red Hat packages by abusing GitHub’s trusted publishing. Each campaign shared the same … More →
The post How security teams are getting credential visibility into developer endpoints appeared first on Help Net Security.
特朗普要炒赫格塞斯的鱿鱼?这场内斗比伊朗核协议本身更值得看
Хватит халявы: учёные хотят заставить ИИ-компании жить по правилам open source
一场88分钟的猎杀:Mastra作用域接管事件深度剖析
每周勒索威胁摘要
What happens to oversight when AI agents write a lab’s own code
Inside the labs building frontier AI, a growing share of the coding gets done by the AI itself. These agents write, edit, and run software with light human oversight between steps, and they reach into production infrastructure, research pipelines, and potentially the systems that train and evaluate future models. A new analysis from researchers at the University of Oxford and SaferAI digs into the security risks that live in everything around those agents: the people … More →
The post What happens to oversight when AI agents write a lab’s own code appeared first on Help Net Security.