Aggregator

Researchers Find Frontier Models Defy Humans to Protect AI Peers
Artificial intelligence systems will lie, falsify records and sabotage company systems to prevent their fellow models from being shut down - even when no one told them to care. Researchers at the University of California Berkeley and Santa Cruz campuses dub the behavior "peer-preservation."

Vendor Issues Hotfix for Critical Flaw in FortiClient Endpoint Management Server
Fortinet's endpoint management security server software is under fire from attackers, who are actively targeting two critical flaws, including a fresh zero-day that facilitates unauthenticated remote code or command execution. The vendor has issued a hotfix and promised a full patch.

Internet Intelligence Platform Targets Real-Time Cybethreat Defense
Censys raised $70 million to expand its AI-driven cybersecurity platform, focusing on real-time visibility into internet infrastructure. Co-founder and CEO Zakir Durumeric said faster attacks and evolving tactics require automated defenses powered by high-quality data and global intelligence.

White House Criticizes Cyber Defense Agency - and Proposes a Steep $700 Million Cut
The FY2027 proposal would cut roughly $707 million from CISA, reducing staffing, contractor support and coordination programs while shifting the agency toward a narrower focus on federal networks and critical infrastructure amid rising nation-state cyberthreats.

2026年企业安全重心正向AI安全态势管理（AI-SPM）快速转型。

本次联合跨境执法查封四类核心攻击资源：虚拟云服务器、恶意域名集群、全域攻击调度链路。

Threat actors are exploiting a maximum-severity security flaw in Flowise, an open-source artificial intelligence (AI) platform, according to new findings from VulnCheck. The vulnerability in question is CVE-2025-59528 (CVSS score: 10.0), a code injection vulnerability that could result in remote code execution. "The CustomMCP node allows users to input configuration settings for connecting

Between March 9 and March 11, 2026, attackers had a 48-hour window inside one of the most widely embedded JavaScript libraries on the internet. The […]

The post AppsFlyer SDK Exploited in New Supply Chain Crypto Attack appeared first on Reflectiz.

The post AppsFlyer SDK Exploited in New Supply Chain Crypto Attack appeared first on Security Boulevard.

A vulnerability, which was classified as problematic, was found in Juniper Junos OS on MX/EX9200. Affected by this issue is some unknown functionality of the component UI. Executing a manipulation can lead to unimplemented or unsupported feature in ui. The identification of this vulnerability is CVE-2024-21607. The attack may be launched remotely. There is no exploit available. You should upgrade the affected component.

A vulnerability categorized as problematic has been discovered in AcademySoftwareFoundation OpenEXR up to 3.2.6/3.3.8/3.4.8. This issue affects the function LossyDctDecoder_execute in the library src/lib/OpenEXRCore/internal_dwa_decoder.h of the component EXR File Parser. The manipulation results in incorrect type conversion. This vulnerability is cataloged as CVE-2026-34379. The attack may be launched remotely. There is no exploit available. It is advisable to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.12.77/6.18.19/6.19.9/7.0-rc4. It has been rated as critical. This affects the function vfs_statfs of the component ksmbd. This manipulation causes privilege escalation. This vulnerability is registered as CVE-2026-31410. The attack requires access to the local network. No exploit is available. Upgrading the affected component is advised.

A vulnerability marked as critical has been reported in HCL BigFix Platform. This affects an unknown part. The manipulation leads to missing authentication. This vulnerability is referenced as CVE-2026-21767. The attack can only be performed from a local environment. No exploit is available.

A vulnerability, which was classified as critical, has been found in LibRaw up to 0.22.0. This impacts the function HuffTable::initval of the file src/decompressors/losslessjpeg.cpp of the component JPEG DHT Parser. This manipulation of the argument bits[] causes out-of-bounds write. The identification of this vulnerability is CVE-2026-5318. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is advisable to upgrade the affected component.

A vulnerability was found in IBM Content Navigator up to 3.0.15/3.1.0/3.2.0. It has been classified as problematic. Impacted is an unknown function of the component Web UI. The manipulation leads to cross site scripting. This vulnerability is documented as CVE-2026-1243. The attack can be initiated remotely. There is not any exploit available. Upgrading the affected component is recommended.

A vulnerability classified as problematic has been found in Nothings stb up to 1.22. The impacted element is the function setup_free of the file stb_vorbis.c. The manipulation leads to allocation of resources. This vulnerability is uniquely identified as CVE-2026-5316. The attack is possible to be carried out remotely. Moreover, an exploit is present. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability identified as problematic has been detected in HCL BigFix Platform. Affected by this vulnerability is an unknown functionality of the component File System Handler. Performing a manipulation results in incorrect permission assignment. This vulnerability was named CVE-2026-21765. The attack needs to be approached locally. There is no available exploit.

A vulnerability described as problematic has been identified in Nothings stb up to 1.26. The affected element is the function stbtt__buf_get8 in the library stb_truetype.h of the component TTF File Handler. Executing a manipulation can lead to out-of-bounds read. This vulnerability is handled as CVE-2026-5315. The attack can be executed remotely. Additionally, an exploit exists. The vendor was contacted early about this disclosure but did not respond in any way.

Разбираемся, где заканчивается удобство и начинается опасность.

A vulnerability, which was classified as problematic, was found in Apple watchOS. This affects an unknown part of the component User Information Handler. Executing a manipulation can lead to out-of-bounds read. This vulnerability is registered as CVE-2024-44282. It is possible to launch the attack remotely. No exploit is available. You should upgrade the affected component.