Aggregator

2026年4月29日，深瞳漏洞实验室监测到一则Github-Enterprise组件存在命令执行漏洞的信息，漏洞编号：CVE-2026-3854，漏洞威胁等级：高危。

In February 2026, researchers uncovered a shift that completely changed the game: threat actors are now using custom AI setups to automate attacks directly into the kill chain. We aren't just talking about AI writing better phishing emails anymore. We’re talking about autonomous agents mapping Active Directory and seizing Domain Admin credentials in minutes. The problem? Most defensive workflows

Google Cloud Capacity Could Help Anthropic Ease Model Growth Constraints
Google's up to $40 billion bet on Anthropic would deepen its role as investor, cloud supplier and Gemini rival while giving the San Francisco-based Claude maker critical compute capacity amid surging demand and scrutiny of circular AI infrastructure deals.

CIOs Face Growing Pressure on Risk, Data and Board Reporting
As AI moves deeper into enterprise operations, CIOs are being pushed to turn governance principles into practical controls, board reporting and risk oversight, according to a survey by The Conference Board's Governance and Sustainability Center.

Exclusion of OT From AI-Powered Vulnerability Discovery Poses Risks to National Security
Hyperscalers and IT behemoths are on the list, while OT companies are not. The list in question includes the companies that have special access to powerful new models from the two major U.S. frontier AI labs to identify vulnerabilities before hackers get access to similar technology.

Google Cloud Capacity Could Help Anthropic Ease Model Growth Constraints
Google's up to $40 billion bet on Anthropic would deepen its role as investor, cloud supplier and Gemini rival while giving the San Francisco-based Claude maker critical compute capacity amid surging demand and scrutiny of circular AI infrastructure deals.

CIOs Face Growing Pressure on Risk, Data and Board Reporting
As AI moves deeper into enterprise operations, CIOs are being pushed to turn governance principles into practical controls, board reporting and risk oversight, according to a survey by The Conference Board's Governance and Sustainability Center.

Exclusion of OT From AI-Powered Vulnerability Discovery Poses Risks to National Security
Hyperscalers and IT behemoths are on the list, while OT companies are not. The list in question includes the companies that have special access to powerful new models from the two major U.S. frontier AI labs to identify vulnerabilities before hackers get access to similar technology.

Google Cloud Capacity Could Help Anthropic Ease Model Growth Constraints
Google's up to $40 billion bet on Anthropic would deepen its role as investor, cloud supplier and Gemini rival while giving the San Francisco-based Claude maker critical compute capacity amid surging demand and scrutiny of circular AI infrastructure deals.

CIOs Face Growing Pressure on Risk, Data and Board Reporting
As AI moves deeper into enterprise operations, CIOs are being pushed to turn governance principles into practical controls, board reporting and risk oversight, according to a survey by The Conference Board's Governance and Sustainability Center.

Governments Have Long Warned About Kremlin Social Engineering Hacks
Signal is defending the security of its systems following a series of phishing attacks that took place on the encrypted messaging platform, and that reportedly compromised members of the German government including the president of the country's parliament.

Exclusion of OT From AI-Powered Vulnerability Discovery Poses Risks to National Security
Hyperscalers and IT behemoths are on the list, while OT companies are not. The list in question includes the companies that have special access to powerful new models from the two major U.S. frontier AI labs to identify vulnerabilities before hackers get access to similar technology.

Шпионы HeartlessSoul тайно картографируют критическую инфраструктуру России изнутри.

A dangerous infostealer malware called LofyStealer is actively targeting Minecraft players by disguising itself as a game cheat tool named “Slinky.” The malware runs a two-stage attack that quietly steals sensitive data from popular web browsers while staying largely hidden from standard security software installed on the victim machine. The campaign is notably more sophisticated […]

The post Minecraft Players Targeted by LofyStealer Using Node.js Loader and In-Memory Browser Injection appeared first on Cyber Security News.

AI时代，这些笔记已毫无意义，只是习惯性折腾过就记一笔而已。

Video hosting platform Vimeo has confirmed a data breach resulting in unauthorized access to its user database. The security incident stems from a compromise at Anodot, a third-party analytics vendor utilized by Vimeo and several other major organizations. This event highlights the escalating threat of supply chain attacks within the software-as-a-service (SaaS) ecosystem. The breach […]

The post Vimeo Confirms Data Breach – Hackers Accessed Users Database appeared first on Cyber Security News.

A vulnerability labeled as problematic has been found in SourceCodester CET Automated Grading System with AI Predictive Analytics 1.0. This vulnerability affects unknown code of the file /index.php?action=register of the component Registration. The manipulation of the argument student_id/full_name/section/username results in cross site scripting. This vulnerability is reported as CVE-2026-7401. The attack can be launched remotely. Moreover, an exploit is present.

A vulnerability identified as problematic has been detected in wpeverest User Registration Plugin up to 5.1.5 on WordPress. This affects an unknown part. The manipulation leads to cross site scripting. This vulnerability is documented as CVE-2026-42652. The attack can be initiated remotely. There is not any exploit available.