Aggregator

Learn how to use Codex plugins and skills to connect tools, access data, and follow repeatable workflows to automate tasks and improve results.

The proof of concept revealed AI-based attacks unfold too fast for human defenders to respond, and that AI evinced more autonomous behavior than expected.

这也是这次攻击事件的关键背景——攻击者并非随机选择目标，而是精准瞄准了 AI/ML 开发者的工具链。

Злоумышленники используют VBE-скрипты и индивидуальные инструменты для каждой жертвы.

源码级Frida，开启上帝视角。

知名 IaC 工具被篡改，企业 CI/CD 密钥或遭批量泄露

看雪论坛作者ID：AO031

A vulnerability was found in paperclipai paperclip. It has been classified as critical. Affected is an unknown function of the component API Call Handler. The manipulation leads to improper authentication. This vulnerability is referenced as CVE-2026-41679. Remote exploitation of the attack is possible. No exploit is available. Upgrading the affected component is recommended.

A vulnerability was found in voidzero-dev vite-plus up to 0.1.16. It has been declared as critical. Affected by this vulnerability is the function downloadPackageManager. The manipulation results in path traversal. This vulnerability is identified as CVE-2026-41211. The attack is only possible with local access. There is not any exploit available. It is recommended to upgrade the affected component.

A vulnerability labeled as problematic has been found in MIK CryptX up to 0.087 on Perl. The impacted element is the function Crypt::PK::RSA/Crypt::PK::DSA/Crypt::PK::DH/Crypt::PK::ECC/Crypt::PK::Ed25519/Crypt::PK::X25519 Modules of the component X25519 Module. The manipulation results in incorrect usage of seeds in prng. This vulnerability is cataloged as CVE-2026-41564. The attack must originate from the local network. There is no exploit available. The affected component should be upgraded.

A vulnerability described as problematic has been identified in GROWI. This impacts an unknown function. Such manipulation leads to inefficient regular expression complexity. This vulnerability is documented as CVE-2026-41040. The attack can be executed remotely. There is not any exploit available.

中通SRC联合30+SRC共同发布AI生成漏洞报告处置公告。

A vulnerability described as problematic has been identified in GROWI. This impacts an unknown function. Such manipulation leads to inefficient regular expression complexity. This vulnerability is documented as CVE-2026-41040. The attack can be executed remotely. There is not any exploit available.

A vulnerability marked as problematic has been reported in EfficientLab Controlio up to 1.3.94. This affects an unknown function. This manipulation causes uncontrolled search path. This vulnerability is registered as CVE-2025-10549. The attack needs to be launched locally. No exploit is available. It is suggested to upgrade the affected component.

A vulnerability labeled as problematic has been found in MIK CryptX up to 0.087 on Perl. The impacted element is the function Crypt::PK::RSA/Crypt::PK::DSA/Crypt::PK::DH/Crypt::PK::ECC/Crypt::PK::Ed25519/Crypt::PK::X25519 Modules of the component X25519 Module. The manipulation results in incorrect usage of seeds in prng. This vulnerability is cataloged as CVE-2026-41564. The attack must originate from the local network. There is no exploit available. The affected component should be upgraded.

Это идеальная ИИ-машина, разорванная на два чипа.

火绒安全 | 以专业之力 为企业数字化转型筑牢安全屏障

Forcepoint has found 10 new indirect prompt injection attacks targeting AI agents