Aggregator
Globalgig Premier SSE Management offers AI-driven network intelligence
4 months ago
Globalgig announced Premier SSE (Secure Service Edge) Management service, delivering a fully managed security solution designed to enhance the protection of company networks, applications, data, and users. Globalgig’s Managed SSE, powered by Palo Alto Networks Prisma Access, delivers customers a comprehensive suite of security features that encompass both cloud and network access. This offering provides organizations with advanced threat defense, continuous security monitoring, and expert management, simplifying SSE deployments while ensuring comprehensive protection. Globalgig’s Premier … More →
The post Globalgig Premier SSE Management offers AI-driven network intelligence appeared first on Help Net Security.
Industry News
【THM】offensive-Vulnversity
4 months ago
免责声明: 本人所有文章均为技术分享,均用于防御为目的的记录,所有操作均在实验环境下进行,请勿用于其他用途,否则后果自负。
Mage-AI 不安全的默认身份验证设置导致0day远程命令执行漏洞(CVE-2025-2129)
4 months ago
Mage-AI 是一个创新的开源框架,旨在简化机器学习和深度学习模型的构建、训练和部署流程。
如何减少 AI 大模型的功耗
4 months ago
AI 技术对电力的狂热需求可以上溯到 2012 年的 AlexNet。当时多伦多大学的 AI 研究员 Alex Krizhevsky、 Ilya Sutskever 和 Geoffrey E. Hinton 正在为图像识别竞赛 ImageNet LSRVC 开发一种卷积神经网络。在当时图像识别是非常有挑战性的。研究人员认为他们需要一个庞大的神经网络,该网络以首席研究员的名字命名为 AlexNet,它有超过 6000 万参数和 65 万个神经元。但一大问题是如此大的神经网络如何进行训练?他们的实验室里有几张英伟达 GTX 580 显卡,每张配备了 3GB 显存,但 AlexNet 太大没办法加载到单张显卡上。研究人员设法将训练阶段划分到两张并行工作的 GPU 上——一半神经元在一张 GPU 上,另一半在另一张上运行。AlexNet 以压倒性优势赢得了 2012 年的比赛,从此 AI 模型的规模不再受限于单张显卡了,而妖精也从瓶子里释放了出来。在 AlexNet 之后,越来越强大的 AI 模型需要成千上万张 GPU。根据 Electric Power Research Institute (EPRI)的报告,2010 年到 2020 年间数据中心的功耗相对平稳,原因是英伟达数据中心 GPU 的功耗同期提升了大约 15 倍,因此能保持数据中心功耗的稳定。到了 2022 年基于 transformer 的大模型的出现推动了数据中心功耗的大幅提升。大模型需要处理数百亿甚至数千亿个神经元,训练之后的推理阶段还需要处理大量数据。Open AI 在训练新模型时使用了超过 25,000 张英伟达 Ampere 100 GPU,持续了 100 天,耗电量 50 GW 时,足以满足一个中型城镇一年的电力需求。根据 Google 的数据,训练占 AI 模型生命周期总耗电量的四成,剩下的六成是推理。功耗的飙升促使科学家思考如何在不牺牲性能的情况下减少内存和计算要求。研究人员尝试了模型剪枝、量化等优化方法。
Lasso Adds Automated Red Teaming Capability to Test LLMs
4 months ago
Lasso today added an ability to autonomously simulate real-world cyberattacks against large language models (LLMs) to enable organizations to improve the security of artificial intelligence (AI) applications.
The post Lasso Adds Automated Red Teaming Capability to Test LLMs appeared first on Security Boulevard.
Michael Vizard
CVE-2024-35699 | HasThemes HT Feed Plugin up to 1.2.8 on WordPress cross site scripting
4 months ago
A vulnerability was found in HasThemes HT Feed Plugin up to 1.2.8 on WordPress and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting.
This vulnerability is handled as CVE-2024-35699. The attack may be launched remotely. There is no exploit available.
vuldb.com
CVE-2024-35701 | PropertyHive Plugin up to 2.0.13 on WordPress cross site scripting
4 months ago
A vulnerability was found in PropertyHive Plugin up to 2.0.13 on WordPress. It has been classified as problematic. This affects an unknown part. The manipulation leads to cross site scripting.
This vulnerability is uniquely identified as CVE-2024-35701. It is possible to initiate the attack remotely. There is no exploit available.
vuldb.com
CVE-2024-35702 | Jewel Theme Master Addons for Elementor Plugin up to 2.0.6.0 on WordPress cross site scripting
4 months ago
A vulnerability was found in Jewel Theme Master Addons for Elementor Plugin up to 2.0.6.0 on WordPress. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to cross site scripting.
This vulnerability was named CVE-2024-35702. The attack can be initiated remotely. There is no exploit available.
vuldb.com
CVE-2024-35703 | SinaExtra Sina Extension for Elementor Plugin up to 3.5.3 on WordPress cross site scripting
4 months ago
A vulnerability was found in SinaExtra Sina Extension for Elementor Plugin up to 3.5.3 on WordPress. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to cross site scripting.
The identification of this vulnerability is CVE-2024-35703. The attack may be initiated remotely. There is no exploit available.
vuldb.com
CVE-2024-35704 | WPBlockArt BlockArt Blocks Plugin up to 2.1.5 on WordPress cross site scripting
4 months ago
A vulnerability classified as problematic has been found in WPBlockArt BlockArt Blocks Plugin up to 2.1.5 on WordPress. Affected is an unknown function. The manipulation leads to cross site scripting.
This vulnerability is traded as CVE-2024-35704. It is possible to launch the attack remotely. There is no exploit available.
vuldb.com
CVE-2024-35705 | Ciprian Popescu Block for Font Awesome Plugin up to 1.4.4 on WordPress cross site scripting
4 months ago
A vulnerability classified as problematic was found in Ciprian Popescu Block for Font Awesome Plugin up to 1.4.4 on WordPress. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting.
This vulnerability is known as CVE-2024-35705. The attack can be launched remotely. There is no exploit available.
vuldb.com
CVE-2024-35706 | Team Heateor Heateor Social Login Plugin up to 1.1.32 on WordPress cross site scripting
4 months ago
A vulnerability, which was classified as problematic, has been found in Team Heateor Heateor Social Login Plugin up to 1.1.32 on WordPress. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting.
This vulnerability is handled as CVE-2024-35706. The attack may be launched remotely. There is no exploit available.
vuldb.com
30 платформ — один призыв: Mozilla требует остановить слежку за людьми
4 months ago
Фонд призвал Big Tech прекратить сотрудничество с ShadowDragon.
Fastly Bot Management update defends against scraping, account takeovers, and spam
4 months ago
Fastly announced a new update to Fastly Bot Management, delivering three key features that help organizations defend against scraping, account takeovers, and spam. For too long, websites have relied on frustrating CAPTCHAs to combat these threats, leading to poor user experiences and lost conversions. Fastly’s update gives organizations the chance to break free from the CAPTCHA cycle while helping to prevent fraud, protect customer accounts, and allow legitimate users to complete logins and checkouts without … More →
The post Fastly Bot Management update defends against scraping, account takeovers, and spam appeared first on Help Net Security.
Industry News
Run Security Leverages eBPF to Strengthen Application Security
4 months ago
Run Security today launched an application security platform that leverages extended Berkeley Packet Filtering (eBPF) to secure application runtime environments.
The post Run Security Leverages eBPF to Strengthen Application Security appeared first on Security Boulevard.
Michael Vizard
CVE-2024-55963: Unauthenticated RCE in Default-Install of Appsmith
4 months ago
The post CVE-2024-55963: Unauthenticated RCE in Default-Install of Appsmith appeared first on Rhino Security Labs.
Whit Taylor
Open-sourcing OpenPubkey SSH (OPKSSH): integrating single sign-on with SSH
4 months ago
OPKSSH (OpenPubkey SSH) is now open-sourced as part of the OpenPubkey project.
Ethan Heilman
CYREBRO Recognized in Gartner Emerging Tech Report for Detection and Response Startups
4 months ago
Ramat Gan, Israel, 25th March 2025, CyberNewsWire
The post CYREBRO Recognized in Gartner Emerging Tech Report for Detection and Response Startups appeared first on Security Boulevard.
cybernewswire
China-Linked Weaver Ant Hackers Exposed After Four-Year Telco Infiltration
4 months ago
Sygnia has uncovered Weaver Ant, a Chinese threat actor that spied on telecommunications networks for years