Aggregator

速修复

Microsoft on Tuesday released fixes for a record 206 security vulnerabilities impacting its software portfolio, including three flaws that have been publicly disclosed at the time of release. Of the 206 flaws, 39 are rated Critical, and 167 are rated Important in severity. This includes 63 privilege escalation, 56 remote code execution, 30 information disclosure, 27 spoofing, 20 security

Rubrik has unveiled Autonomous Business Recovery (ABR) for Cloud Applications, the agentic cyber resilience solution that recovers cloud applications from data to network, identity and configurations. The end result is a rebuild of an organization’s Minimum Viable Business (MVB) at machine speed. At a time when powerful AI models collapse the window between vulnerability discovery and exploitation from months to seconds, the imperative to plan in advance for cyber resilience has never been greater. ABR … More →

The post Rubrik launches Autonomous Business Recovery to rebuild cloud applications after cyberattacks appeared first on Help Net Security.

В чем главная проблема диапазона 2,4 ГГц, на котором работают 7 из 10 роутеров в РФ.

Apple is bringing its Private Cloud Compute (PCC) platform to Google Cloud, expanding the infrastructure behind Apple Intelligence to third-party data centers. Introduced in 2024, PCC provides cloud-based processing for AI workloads that exceed the capabilities of on-device models while maintaining Apple’s security and privacy guarantees. The system was originally built on Apple silicon and operated exclusively within Apple’s infrastructure. Building on confidential computing The expansion leaves PCC’s core security model unchanged. The system is … More →

The post Apple extends Private Cloud Compute to third-party data centers appeared first on Help Net Security.

近期360安全大脑监测到多起蔓灵花组织钓鱼网站。诱导用户点击，窃取邮箱账户密码，下载恶意vbs脚本。通过vbs脚本对设备进程控制和窃密。

Miasma蠕虫攻击波及微软73个GitHub仓库，Check Point零日漏洞遭利用部署勒索软件，Linux提权漏洞曝光。

Microsoft’s June 2026 patch Tuesday resolves 206 vulnerabilities, including 3 critical zero-days and severe 9.8 CVSS kernel, network and HTTP.sys flaws.

F5 has introduced new web application and API protection (WAAP) capabilities for its Application Delivery and Security Platform. The company said the updates are intended to address a threat landscape in which AI models can accelerate the time between vulnerability discovery and exploitation, giving attackers faster access to offensive capabilities. The new features expand the AI-powered web application firewall (WAF) functionality in F5 Distributed Cloud Services. “Frontier AI has collapsed the window between discovery and … More →

The post F5 adds AI-powered threat detection and API security for on-premises environments appeared first on Help Net Security.

Days after publishing research on how advanced AI systems could amplify cyber operations in the wrong hands, Anthropic released Claude Fable 5, a Mythos-class model for general use. “Releasing a model this capable comes with risks. Without safeguards, Fable 5’s capabilities in areas like cybersecurity could be misused to cause serious damage,” Anthropic wrote. The company said Mythos-class models possess advanced cybersecurity and research biology capabilities that can provide information and guidance beyond what is … More →

The post Anthropic’s Claude Fable 5 is out for public use, with safeguards for high-risk requests appeared first on Help Net Security.

A vulnerability, which was classified as problematic, was found in brechtvds Easy Image Collage Plugin up to 1.13.6 on WordPress. The affected element is the function update_post_meta. The manipulation results in cross site scripting. This vulnerability is cataloged as CVE-2026-9019. The attack may be launched remotely. There is no exploit available. You should upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in smub aThemes Addons for Elementor Plugin up to 1.1.8 on WordPress. Impacted is an unknown function of the component Posts Timeline Widget. The manipulation leads to cross site scripting. This vulnerability is listed as CVE-2026-8613. The attack may be initiated remotely. There is no available exploit. It is advisable to upgrade the affected component.

A vulnerability classified as problematic was found in websoudan MW WP Form Plugin up to 5.1.3 on WordPress. This issue affects the function update_post_meta. Executing a manipulation of the argument memo can lead to cross site scripting. This vulnerability is tracked as CVE-2026-8853. The attack can be launched remotely. No exploit exists. Upgrading the affected component is advised.

A vulnerability classified as problematic has been found in Concrete CMS up to 9.5.1. This vulnerability affects the function unserialize. Performing a manipulation results in deserialization. This vulnerability is identified as CVE-2026-10721. The attack can be initiated remotely. There is not any exploit available. It is recommended to upgrade the affected component.

Новая платформа, которая переводит киберриски на язык топ-менеджмента

A company that's expecting a cyberattack but hasn’t actively prepared for it risks making the hardest decisions at the worst possible moment

火绒小问答--「个人版」近期top问题解答

2026-06微软漏洞通告