Aggregator

​硅谷来了一家中国具身公司。

The internet is noisy this week. We are seeing some wild new tactics, like people using fake cell towers to send scam texts, while some developers are accidentally downloading tools that peek into their private files during a simple install. It is definitely a busy time to be online. Security is always a moving target. Millions of servers are currently sitting online without any passwords, and

An exploit has been published for a local privilege escalation vulnerability dubbed "Copy Fail" that impacts Linux kernels released since 2017, allowing an unprivileged local attacker to gain root permissions. [...]

Jenkins project published a security advisory detailing patches for seven plugin vulnerabilities, including high-severity path traversal and Stored Cross-Site Scripting (XSS) flaws. Administrators must urgently update these plugins to secure their Continuous Integration and Continuous Deployment (CI/CD) pipelines against potential remote code execution and session hijacking risks. The most critical issue is a path traversal […]

The post Jenkins Patches High-Severity Plugin Flaws Including Path Traversal and Stored XSS appeared first on Cyber Security News.

While drivers race to shave off seconds on the track, the team's IT and engineering staff are speeding up how they deliver security.

A critical authentication bypass vulnerability (CVE-2026-41940) in cPanel, a popular web-based control panel for managing web hosting accounts, is being exploited by attackers in the wild. What’s more, attackers didn’t have to wait for watchTowr security researchers to release technical details about the vulnerability – they have been spotted exploiting CVE-2026-41940 since February 23, and have likely been abusing it even earlier. About CVE-2026-41940 CPanel, typically provided by shared hosting companies, is one of the … More →

The post cPanel zero-day exploited for months before patch release (CVE-2026-41940) appeared first on Help Net Security.

Новый детектор позволит транспортным компаниям бороться с невидимой подменой координат.

The British public education sector has faced the nation’s most dramatic increase in cyber breach prevalence over the past year

最新通杀全线Linux发行版的CVE漏洞解析

Водород горит, аргон работает… и никаких выхлопов.

Enterprises pulling models from Hugging Face and other open repositories rarely keep records of how those models are altered after download, leaving organizations with little ability to confirm what they are running in production. The State of AI Security 2026 from Cisco places this level of access inside a growing pattern of AI-driven operations that connect directly to core business systems, and identifies AI supply chain exposure as a recurring risk. Cisco has published the … More →

The post Cisco releases open-source toolkit for verifying AI model lineage appeared first on Help Net Security.

Starting today, agents can now be Cloudflare customers. They can create a Cloudflare account, start a paid subscription, register a domain, and get back an API token to deploy code right away. Humans can be in the loop to grant permission, but there’s no need to go to the dashboard, copy and paste API tokens, or enter credit card details.

Download our three Companion Guides to learn how to stay aligned to the CIS Controls in your real-world AI environments.

Cybersecurity researchers have disclosed details of a stealthy Python-based backdoor framework called DEEP#DOOR that comes with capabilities to establish persistent access and harvest a wide range of sensitive information from compromised hosts. "The intrusion chain begins with execution of a batch script ('install_obf.bat') that disables Windows security controls, dynamically extracts an

Корпорации объединились против глюков нейросетей.

London police officers have been warned by the Metropolitan Police Federation to watch their backs after the force deployed controversial AI software to investigate misconduct. The staff association, representing more than 30,000 officers in London, reported it had not been informed of plans to use Palantir’s AI to analyze officers’ movements. The Federation notified all colleagues and advised them to exercise “extreme caution when carrying Metropolitan Police-issued devices while off duty”. It believes the use … More →

The post Met Police face criticism for using AI to spy on their own officers appeared first on Help Net Security.

Новый онлайн-инструмент позволяет отследит историю абсолютно любой точки планеты.

CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. 

• CVE-2026-41940 WebPros cPanel & WHM and WP2 (WordPress Squared) Missing Authentication for Critical Function Vulnerability

This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information. 

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of KEV Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.