Aggregator

普通人看卫星图，经常会有一种很诚实的反应：这不就是一张模糊大照片吗？树是树，路是路，房子是房子，能看出什么？

好的，我现在需要帮用户总结一篇关于人工智能在Linux内核维护中应用的文章，控制在100字以内。首先，我得仔细阅读文章内容，抓住关键点。 文章提到Linux内核维护者克罗阿-哈特曼使用AI审查代码，AI发现了60个问题，其中40个有效。这说明AI确实有帮助，但也有错误。他强调AI不能直接提交代码，需要人工审阅和清理。此外，AI在项目中作为补充工具，并非权威。 接下来，我需要将这些信息浓缩到100字以内。重点包括：维护者使用AI审查代码，AI发现大量漏洞但有错误，最终方案需人工审阅，AI作为补充工具。 然后组织语言，确保简洁明了。可能的结构是：维护者使用AI审查代码，发现漏洞但需人工审阅，AI作为补充工具。 最后检查字数是否符合要求，并确保信息准确传达。 Linux内核维护者克罗阿-哈特曼表示人工智能在代码审查中表现出色，能发现大量漏洞并提供解决方案，但需人工审阅和清理。尽管存在错误，他仍称赞其为开发者的有力补充。

Container sandboxes are part of routine AI agent testing and deployment. Agents use them to run code, edit files, and interact with system resources without direct access to the host. The SandboxEscapeBench benchmark, developed by researchers at the University of Oxford and the AI Security Institute, evaluates whether an agent with shell access can escape a container and reach the host system. Evaluation architecture and scenario taxonomy (Source: AI Security Institute) What SandboxEscapeBench measures SandboxEscapeBench … More →

The post Breaking out: Can AI agents escape their sandboxes? appeared first on Help Net Security.

A vulnerability marked as critical has been reported in Linux Kernel up to 6.18.16/6.19.6. The affected element is the function ncm_alloc_inst of the component f_ncm. Performing a manipulation results in null pointer dereference. This vulnerability is reported as CVE-2026-23320. The attacker must have access to the local network to execute the attack. No exploit exists. It is suggested to upgrade the affected component.

A vulnerability classified as critical has been found in Linux Kernel up to 7.0-rc2. This affects the function local_addr_used of the file net/mptcp/pm_kernel.c of the component MPTCP Endpoint. The manipulation leads to privilege escalation. This vulnerability is traded as CVE-2026-23321. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 6.12.76/6.18.16/6.19.6/7.0-rc2 and classified as critical. Affected by this issue is the function fib_multipath_hash_from_keys of the component net. Performing a manipulation results in denial of service. This vulnerability was named CVE-2026-23316. The attack needs to be approached within the local network. There is no available exploit. The affected component should be upgraded.

A vulnerability was found in Linux Kernel up to 7.0-rc2 and classified as critical. This affects the function bpf_trampoline_link_cgroup_shim. Executing a manipulation can lead to use after free. The identification of this vulnerability is CVE-2026-23319. The attack needs to be done within the local network. There is no exploit available. It is suggested to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 7.0-rc2 and classified as problematic. Impacted is the function usb_kill_anchored_urbs of the component etas_es58x. The manipulation results in privilege escalation. This vulnerability was named CVE-2026-23324. The attack needs to be approached within the local network. There is no available exploit. It is suggested to upgrade the affected component.

A vulnerability categorized as critical has been discovered in Linux Kernel up to 7.0-rc1. This impacts the function UAC_VERSION_2 of the component UAC3 Section. Executing a manipulation can lead to out-of-bounds read. This vulnerability is tracked as CVE-2026-23318. The attack is only possible within the local network. No exploit exists. It is advisable to upgrade the affected component.

A vulnerability identified as critical has been detected in Linux Kernel up to 6.18.16/6.19.6/7.0-rc2. Affected is the function xp_free of the component xsk. The manipulation leads to improper initialization. This vulnerability is listed as CVE-2026-23326. The attack must be carried out from within the local network. There is no available exploit. You should upgrade the affected component.

A vulnerability labeled as critical has been found in Linux Kernel up to 6.19.6/7.0-rc1. Affected by this vulnerability is the function cxl_payload_from_user_allowed of the component mbox. The manipulation of the argument in_size results in null pointer dereference. This vulnerability is cataloged as CVE-2026-23327. The attack must originate from the local network. There is no exploit available. The affected component should be upgraded.

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 7.0-rc2. Affected by this vulnerability is the function mt76_connac2_mac_write_txwi_80211 of the component wifi. Performing a manipulation results in out-of-bounds read. This vulnerability is reported as CVE-2026-23315. The attacker must have access to the local network to execute the attack. No exploit exists. It is advisable to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 7.0-rc1. It has been classified as critical. This issue affects the function vmw_translate_ptr of the component vmwgfx. This manipulation causes uninitialized pointer. This vulnerability is handled as CVE-2026-23317. The attack can only be done within the local network. There is not any exploit available. Upgrading the affected component is recommended.

A vulnerability identified as critical has been detected in Linux Kernel up to 6.6.129/6.12.76/6.18.16/6.19.6/7.0-rc2. This affects the function mt7996_mac_write_txwi_80211 of the component wifi. The manipulation of the argument mgmt leads to out-of-bounds read. This vulnerability is referenced as CVE-2026-23325. The attack needs to be initiated within the local network. No exploit is available. You should upgrade the affected component.

好，我现在需要帮用户总结一篇文章的内容，控制在100字以内。用户给的原文是关于企业微信团队推出一个叫做WeCom CLI的命令行工具，内置了12个智能体技能，支持多种操作。 首先，我得理解文章的主要信息。文章提到这个工具是在GitHub上发布的，主要面向AI智能体，提供开箱即用的技能，并且适配主流AI工具。功能包括通讯录、待办、会议、消息、日程、文档和表格等操作。用户可以通过这个工具快速连接到机器人项目，执行批量操作和智能化提醒。 接下来，我需要提取关键点：企业微信团队推出CLI工具，内置12个技能，支持多种功能操作，比如通讯录、待办、会议等。这个工具帮助用户快速使用AI智能体与企业微信交互，并执行各类操作。 然后，我要把这些信息浓缩到100字以内。可能需要省略一些细节，比如具体的每个功能项，但要保留核心内容：工具名称、功能数量、主要用途以及适用范围。 最后，确保语言简洁明了，直接描述内容，不需要使用“文章内容总结”之类的开头语。 企业微信团队推出 CLI 命令行工具 WeCom-CLI，内置 12 个智能体技能，支持通讯录、待办、会议、消息等操作。该工具可快速连接 OpenClaw AI 等机器人项目，在 AI 智能体中调用技能执行操作。目前优先对 10 人及以下企业开放使用。

我现在真不想当首席信息安全官……

Теперь судьба грузов зависит от умения персонала заполнять бланки вручную.

嗯，用户让我用中文总结一篇文章，控制在100字以内，而且不需要用“文章内容总结”这样的开头。我得先仔细看看这篇文章的内容。 文章主要讲的是胎压监测系统（TPMS）存在隐私风险。因为这些传感器会广播未加密的唯一信号，可以被用来追踪车辆。研究显示，在马德里进行的10周研究中，他们收集了600万个信号，涉及2万辆车，范围大约50米。这些信号能透露轮胎压力、车型、重量和驾驶模式等信息。而且只需要大约100美元的设备就能捕捉到这些信号。 文章还提到TPMS是2008年后车辆的标配安全功能，讨论了现实中的威胁模型和可能的缓解措施，比如旋转标识符或加密。 好的，现在我需要把这些信息浓缩到100字以内。要涵盖TPMS的问题、研究结果、信号内容、设备成本以及缓解措施。 可能的结构：胎压监测系统存在隐私风险，传感器广播唯一信号可被追踪。研究显示大量数据被收集，设备成本低。建议使用加密或动态标识符。 检查一下字数是否在限制内，并确保信息准确全面。 胎压监测系统（TPMS）因传感器广播未加密的独特无线信号而存在隐私风险，可被用于追踪车辆。研究显示，在50米范围内用约100美元设备可收集大量数据，揭示轮胎压力、车型等信息。建议采用加密或动态标识符以降低风险。

People are filling their homes with internet-connected cameras, speakers, locks, and routers. When one of those devices is compromised, the next steps are often unclear. Researchers reviewing government cybersecurity advice in 11 countries found that most guidance focuses on prevention, leaving households with limited support after a breach. The analysis covers Australia, Austria, Canada, Finland, France, Germany, Japan, New Zealand, Singapore, the United Kingdom, and the United States. Prevention advice is widely available Government agencies … More →

The post Don’t count on government guidance after a smart home breach appeared first on Help Net Security.