Aggregator

Минерал, которым покрыто дно океана, мог быть фабрикой по производству молекул жизни — прямо сейчас учёные это доказывают.

Submit #792283 / VDB-360419

Enterprise developers routinely send prompts to external large language models that contain customer emails, support transcripts, and other identifying information, often without a sanitization layer between the application and the API. Dataiku has released Kiji Privacy Proxy, an open-source local gateway that detects and masks personally identifiable information before requests leave the network. The tool sits between local applications and external AI APIs such as OpenAI and Anthropic. Inbound requests pass through a machine learning … More →

The post Open-source privacy proxy masks PII before prompts reach external AI services appeared first on Help Net Security.

Combined Platform Spans Dependencies, Extensions, Developer Tools
Socket’s acquisition of Secure Annex extends software supply-chain security beyond open-source dependencies into browser and IDE extensions, addressing AI-driven development risks and fragmented visibility across modern developer workflows.

Bipartisan Deal Funds DHS Components After Record 75-Day Shutdown
The House passed a bipartisan bill funding the Department of Homeland Security, ending a 75-day shutdown that forced the Cybersecurity and Infrastructure Security Agency into a reactive posture and disrupted preventive cyber operations, even as workforce losses and proposed cuts threaten long-term resilience.

Tightening Budgets and AI-Enabled Attacks Stretch State Cyber Defenses
State CISO confidence has collapsed, with just 22% saying their data is protected from cyberthreats. The 2026 NASCIO-Deloitte study points to AI-enabled attacks, third-party vendor risk and the worst budget picture in years as states rethink how they defend public data.

Also, HexDex Arrest, Black Axe Crackdown, LeRobot RCE Flaw
This week, election threats resurfaced. A prolific hacker arrested. Black Axe network disrupted. China-linked disinformation targets Tibet. Exploited ScreenConnect and Windows flaws raise alarms. Minecraft gamers hit with stealer malware. A critical AI framework bug enables remote code execution.

泄露的claude code分析完后刚好和我上一篇写的openclaw的防御分析连续起来，两个超级大热门一起进行分析

漏洞来源漏洞描述n8n 是一个开源工作流自动化平台。在 2.14.1、2.13.3 和 1.123.27 版本之前，拥有创建或修改工作流权限的已认证用户可以利用 XML 和 GSuiteAdmin 节点中的原型污染漏洞。攻击者通过在节点配置中提供精心构造的参数，可以将攻击者控制的值写入 `Object.prototype`。攻击者可以利用这种原型污染漏洞在 n8n 实例上执行远程代码。该问题已在

近期披露的Linux内核高危本地提权漏洞（Copy Fail，CVE-2026-31431）由 Xint Co

Случайность в корейской лаборатории обернулась открытием нового состояния воды.

架构及其全面，比起寻常的webpwn的proxy之类更加接近实战

环境异常 当前环境异常，完成验证后即可继续访问。 去验证

cPanel CVE-2026-41940认证绕过零日|CVE-2026-7469 Tenda路由器命令注入|n8n原型污染RCE|Defender零日持续活跃

Between one-fifth and one-third of workers use AI outside the influence and governance of the IT function, according to a global survey of 6,000 full-time employees at enterprise organizations. Researchers found a widening gap between employee AI adoption and the controls organizations have in place to manage it. The Lenovo Work Reborn Research Series 2026 report documents a workforce split into two groups: employees equipped with IT-managed tools, training, and oversight, and those operating independently … More →

The post Shadow AI risks deepen as 31% of users get no employer training appeared first on Help Net Security.

模拟构建漏洞 PDF 响应载荷后发现，该载荷可异常驻留并嵌入 Adobe Acrobat Reader 内部，即便关闭 PDF、重启软件乃至操作系统，仍能持续触发恶意代码执行。

本文聚焦于深度神经网络的全生命周期安全，系统性地剖析了人工智能模型在推理、训练及隐私保护三大环节面临的威胁。文章首先从理论层面定义了攻击面，随后结合经典例题，深入阐述了对抗样本的扰动生成机理、数据投毒的后门植入逻辑以及梯度泄露的隐私复原数学原理

平航杯2026-内存取证，古法处理内存镜像，提取微信4.x最新版本的key+salt，并解密加密数据库

第二个零解题确实做不出来，8字节任意地址写没有泄露的ioctl支持解决不了

Wireshark, the world’s most widely used open-source network protocol analyzer, has released a major security update addressing over 40 vulnerabilities, several of which enable arbitrary code execution through malformed packet injection or malicious capture files. Organizations and individuals relying on Wireshark for network monitoring, forensics, and traffic analysis should update immediately to Wireshark 4.6.5. Critical […]

The post Critical Wireshark Vulnerabilities Let Attackers Execute Arbitrary Code Via Malformed Packets appeared first on Cyber Security News.