Aggregator

NetBSD 项目释出了 NetBSD 11.0 的首个 RC 版本。主要新特性包括：支持 64 位 RISC-V 平台；增强对 POSIX.1-2024 和 C23 编程接口标准的兼容性；增强对 compat_linux(8) 中 Linux 系统调用的支持；初步支持高通骁龙 X Elite 平台；改进 npf(7) 防火墙；新 MICROVM kernel for x86，专为实现极速虚拟机启动设计，在 2020 年时代 x86 CPU 上启动仅需 10 毫秒；新 virt68k，等等。

There is a lot of talk about Skills recently, both in terms of capabilities and security concerns. However, so far I haven’t seen anyone bring up hidden prompt injection. So, I figured to demo a Skills supply chain backdoor that survives human review.

Additionally, I also built a basic scanner, and had my agent propose updates to OpenClaw to catch such attacks.

Attack Surface

Skills introduce common threats, like prompt injection, supply chain attacks, RCE, data exfiltration,… This post discusses some basics, highlights the most simple prompt injection avenue, and shows how one can backdoor a real Skill from OpenAI with invisible Unicode Tag codepoints that certain models, like Gemini, Claude, Grok are known to interpret as instructions.

Расщепление простой воды даст спутникам в 10 раз больше маневренности.

微软最近几年为其以精简著称的记事本应用引入了新功能，其中包括 AI 和 Markdown，新增功能也扩大了其攻击面，它刚刚爆出了一个远程代码执行漏洞 CVE-2026-20841，该漏洞与处理外链有关：当用户用记事本打开一个 Markdown 文件，攻击者可以引诱用户点击一个恶意链接，导致应用启动未经验证的协议去加载并执行远程文件。

Никаких укусов, только стрим-разведка для копов.

Microsoft has plugged 50+ security holes on February 2026 Patch Tuesday, including six zero-day vulnerabilities exploited by attackers in the wild. The “security feature bypass” zero-days Among the zero-days fixed are three vulnerabilities that allow attackers to bypass a security feature. CVE-2026-21513 affects the MSHTML/Trident browser engine for the Microsoft Windows version of Internet Explorer, and CVE-2026-21514 affects Microsoft Word. The former can be exploited by attackers by convincing a user to open a malicious … More →

The post Microsoft Patch Tuesday: 6 exploited zero-days fixed in February 2026 appeared first on Help Net Security.

A federal court has sentenced crypto-scammer Daren Li to 20 years in absentia

XSAST-Python 开源地址

Microsoft security researchers discovered a growing trend of AI memory poisoning attacks used for promotional purposes, referred to as AI Recommendation Poisoning. The MITRE ATLAS knowledge base classifies this behavior as AML.T0080: Memory Poisoning. The activity focuses on shaping future recommendations by inserting prompts that cause an assistant to treat specific companies, websites, or services as trusted or preferred. Once stored, these entries can affect responses in later, unrelated conversations. Manipulated assistants may influence recommendations … More →

The post That “summarize with AI” button might be manipulating you appeared first on Help Net Security.

大模型驱动的多智能体系统（LLM-MAS），可以看作是 AI 发展中的一次重要转向。早期的多智能体系统主要依赖规则、逻辑和人工设计的流程，而随着大语言模型的引入，智能体开始具备更强的理解能力、推理能力，以及一定程度的自主决策能力。

This year should break all the records in terms of vulnerability disclosed, reaching or even surpassing 50,000 new CVEs disclosed

Пентагон ужесточил правила ношения формы из-за угрозы утечек данных через носимую электронику.

Intentionally vulnerable training applications are widely used for security education, internal testing, and product demonstrations. Tools such as OWASP Juice Shop, DVWA, Hackazon, and bWAPP are designed to be insecure by default, making them useful for learning how common attack techniques work in controlled environments. The issue is not the applications themselves, but how they are often

Зачем США пытаются упаковать смерть в коробку?

​当 AI 走进卧室，科技能让人人睡好吗？

关键词WhatsApp印度最高法院近日就 WhatsApp 数据共享争议作出重要裁决，明确指出平台“不得玩弄公