Aggregator

A vulnerability classified as critical has been found in Microsoft Office 2019/LTSC/LTSC 2021/LTSC 2024. This vulnerability affects unknown code of the component Excel. The manipulation leads to out-of-bounds read. This vulnerability is listed as CVE-2026-32188. The attack may be initiated remotely. There is no available exploit. It is recommended to upgrade the affected component.

A vulnerability has been found in Legion of the Bouncy Castle BC-JAVA up to 1.83 and classified as critical. This affects an unknown part. The manipulation leads to allocation of resources. This vulnerability is traded as CVE-2026-3505. It is possible to initiate the attack remotely. There is no exploit available. The affected component should be upgraded.

Доход сервисов для создания интимных изображений без согласия превысил 122 миллиона долларов.

The Agent Readiness score can help site owners understand how well their websites support AI agents. Here we explore new standards, share Radar data, and detail how we made Cloudflare’s docs the most agent-friendly on the web.

Today, we’re excited to give you a sneak peek of our support for shared compression dictionaries, show you how it improves page load times, and reveal when you’ll be able to try the beta yourself.

Authorities take down W3LL phishing ring, AgingFly malware steals Ukrainian government data, and actors exploit Nginx flaw to hijack servers.

嗯，用户让我帮忙总结一下这篇文章的内容，控制在100字以内，而且不需要用“文章内容总结”之类的开头，直接写描述。首先，我需要仔细阅读文章，理解每个部分的主要信息。 文章分为三个部分：“The Good”、“The Bad”和“The Ugly”。在“The Good”部分，FBI和印尼合作打击了一个名为W3LL的钓鱼平台，逮捕了开发者，并关闭了其市场。此外，还有两人因帮助朝鲜IT工人在美国企业工作而被判刑。这部分显示了执法机构的成功行动。 接下来是“The Bad”，乌克兰CERT-UA发现了一种名为AgingFly的新恶意软件，通过钓鱼邮件攻击政府、医院等机构。这种恶意软件功能强大，能够远程控制系统，并利用开源工具窃取数据。这表明网络攻击的复杂性和持续威胁。 最后是“The Ugly”，Nginx UI的一个关键漏洞CVE-2026-33032被利用，导致服务器被劫持。攻击者无需认证即可控制服务器，尽管已经修复，但仍有大量暴露实例存在。这强调了及时更新和安全措施的重要性。 总结时需要涵盖这三个方面：执法行动、恶意软件攻击和漏洞利用。确保在100字以内简洁明了地表达出来。 FBI与印尼合作打击W3LL钓鱼平台并逮捕其开发者；美籍人士协助朝鲜IT人员在美国企业获取职位被判刑；乌克兰CERT-UA发现AgingFly恶意软件攻击政府及医院；Nginx UI漏洞被用于服务器劫持。

How We Respond Will Determine the Future Of Cybersecurity and the Digital World
The introduction of Anthropic's Mythos model signals a shift in the cybersecurity industry - one not yet fully understood, which prompted Project Glasswing: a coordinated group of ecosystem partners who have been given early access to this capability to define impending future threats before they hit.

Equifax CTO Jamil Farshchi on Cybersecurity's Response to Flood of Vulnerabilities
Cybersecurity organizations must adapt to machine-speed threats in the age of Anthropic's Claude Mythos, a new AI model that can uncover vulnerabilities and lead to a flood of repaid exploits. Equifax CTO Jamil Farshchi says security programs must be built for scale, automation and quick response.

Bank of America, Citi and Goldman Anchor Partner Cohort for OpenAI's GPT-5.4-Cyber
OpenAI's Trusted Access for Cyber program prioritizes financial institutions to drive adoption of GPT-5.4-Cyber in regulated environments, highlighting a split with Anthropic’s developer-centric, tech-heavy partnerships and raising questions about partnership value and data-sharing models.

CISA Acting Director Says Major Staffing Gaps Are Weakening Federal Network Defense
The acting director of the Cybersecurity and Infrastructure Security Agency said the administration's fiscal year $2.5 billion budget request reflects mounting strain from workforce shortages and shutdown disruptions that have reduced staffing to 40% in recent months.

Also, Eurail Breach, ChipSoft Hospital Disruptions, W3LL Phishing Takedown
This week, a "Raccoon"-linked actor hit help desks, Eurail exposed 308K users, Fortinet patched critical flaws, Pushpaganda scams, major data leaks hit healthcare and China, ransomware and phishing ops surged, and multiple breaches impacted firms and hospitals.

We are launching Flagship, a native feature flag service built on Cloudflare’s global network to eliminate the latency of third-party providers. By using KV and Durable Objects, Flagship allows for sub-millisecond flag evaluation.

By migrating our request handling layer to a Rust-based architecture called FL2, Cloudflare has increased its performance lead to 60% of the world’s top networks. We use real-user measurements and connection trimeans to ensure our data reflects the actual experience of people on the Internet.

Cloudflare Agent Memory is a managed service that gives AI agents persistent memory, allowing them to recall what matters, forget what doesn't, and get smarter over time.

Running LLMs across Cloudflare’s network requires us to be smarter and more efficient about GPU memory bandwidth. That’s why we developed Unweight, a lossless inference-time compression system that achieves up to a 22% model footprint reduction, so that we can deliver faster and cheaper inference than ever before.

Soft directives don’t stop crawlers from ingesting deprecated content. Redirects for AI Training allows anybody on Cloudflare to redirect verified crawlers to canonical pages with one toggle and no origin changes.

With Anthropic’s Mythos Preview announcement, the race to patch all vulnerabilities is over. As defenders, we must move on. We must focus on what adversaries can do after they exploit a vulnerability: which attack paths those exploits enable, where those paths lead, and how to eliminate them before they reach what matters. That is a...

The post The Vulnerability Management Race Is Over. It’s Time to Focus on Exposure. appeared first on AttackIQ.

The post The Vulnerability Management Race Is Over. It’s Time to Focus on Exposure. appeared first on Security Boulevard.

嗯，用户让我帮忙总结一篇文章，控制在100字以内，而且不需要用“文章内容总结”这样的开头。首先，我得仔细阅读这篇文章，理解它的主要观点。 文章主要讲的是Anthropic公司发布的Mythos Preview，这是一个能够自主发现大量零日漏洞的AI模型。它不仅发现了许多漏洞，还能生成有效的攻击路径，并且速度非常快。这说明传统的漏洞管理方法已经不够用了，防御者需要转向更主动的攻击路径分析和防御策略。 接下来，我需要提炼出关键点：Mythos的能力、传统漏洞管理的不足、新的防御策略（如攻击路径分析、补偿控制、AI资产纳入防御等）。然后把这些点浓缩到100字以内。 可能的结构是先介绍Mythos及其影响，然后指出传统方法的局限性，最后说明新的防御措施。这样既全面又简洁。 最后检查一下是否符合要求：中文、100字以内、直接描述内容。没问题的话就可以提交了。 文章讨论了Anthropic公司发布的Mythos Preview AI模型如何发现数千个零日漏洞并生成有效攻击路径，揭示传统漏洞管理已无法应对快速变化的威胁环境。文章强调需转向威胁驱动的安全策略，关注攻击路径分析、补偿控制和AI资产纳入防御，并建议组织重新定义安全指标以适应持续威胁。