Aggregator

Artificial intelligence is changing how people browse the internet. AI-powered browsers no longer just show web pages — they read content, take actions, and complete tasks for the user. These tools, called agentic LLM browsers, let users give simple commands like “book a meeting” or “summarize my emails,” and the browser handles the rest. While […]

The post Agentic LLM Browsers Expose New Attack Surface for Prompt Injection and Data Theft appeared first on Cyber Security News.

Tushar Subhra Dutta

CVE-2026-40688 | Fortinet FortiWeb up to 7.4.11/7.6.6/8.0.3 out-of-bounds write (FG-IR-26-127 / WID-SEC-2026-1122)

Vuldb Updates

1 week 6 days ago

A vulnerability was found in Fortinet FortiWeb up to 7.4.11/7.6.6/8.0.3. It has been declared as critical. The impacted element is an unknown function. Such manipulation leads to out-of-bounds write. This vulnerability is referenced as CVE-2026-40688. It is possible to launch the attack remotely. No exploit is available. It is recommended to upgrade the affected component.

vuldb.com

CVE-2026-39865 | Axios up to 1.13.1 lib/adapters/http.js Http2Sessions.getSession resource consumption (Nessus ID 305611 / WID-SEC-2026-1127)

Vuldb Updates

1 week 6 days ago

A vulnerability was found in Axios up to 1.13.1 and classified as problematic. This affects the function Http2Sessions.getSession in the library lib/adapters/http.js. Executing a manipulation can lead to resource consumption. This vulnerability appears as CVE-2026-39865. The attack may be performed from remote. There is no available exploit. It is suggested to upgrade the affected component.

vuldb.com

CVE-2025-54550 | Apache Airflow up to 3.1.x example_xcom code injection (WID-SEC-2026-1123)

Vuldb Updates

1 week 6 days ago

A vulnerability, which was classified as critical, was found in Apache Airflow up to 3.1.x. This vulnerability affects the function example_xcom. Executing a manipulation can lead to code injection. This vulnerability is handled as CVE-2025-54550. The attack can be executed remotely. There is not any exploit available. You should upgrade the affected component.

vuldb.com

真正的 Skill 商店，为什么变成了微信公众号和小红书？

极客公园

1 week 6 days ago

我们正处在一个 Skills 大爆发，但面对海量选择，却无从下手的时代。

DragonForce

Dark Feed IO

1 week 6 days ago

You must login to view this content

cohenido

DragonForce

Dark Feed IO

1 week 6 days ago

You must login to view this content

cohenido

DragonForce

Dark Feed IO

1 week 6 days ago

You must login to view this content

cohenido

Взлом года за пару часов. ИИ заставил McKinsey выдать все секреты

Securitylab.ru

1 week 6 days ago

Как простая программа вскрыла одну из самых закрытых компаний планеты.

安娜的档案被勒令向 Spotify 等赔偿 3.22 亿美元

Solidot

1 week 6 days ago

纽约南区法官 Jed Rakoff 作出缺席判决，勒令影子图书馆安娜的档案（Anna's Archive）向 Spotify 以及唱片公司环球音乐、索尼音乐和华纳唱片赔偿 3.22 亿美元，其中 Spotify 获得 3 亿美元赔偿。安娜的档案的运营者没有现身法庭为其辩护，也不太可能支付赔偿金。这起诉讼源自去年安娜的档案宣布抓取了 Spotify 的音乐文件，它随后发布了 Spotify 的元数据，但并没有公开音乐文件，尽管如此 Spotify 和唱片公司对安娜的档案提起了诉讼，导致这家影子图书馆主域名被扣押。Spotify 等原告的主要目的也不是赔偿金，而是要在全球封杀安娜的档案。法官 Rakoff 也宣布了永久禁令，涉及 10 个域名 annas-archive.org、.li、.se、.in、.pm、.gl、.ch、.pk、.gd 和.vg。

AI Companies to Play Bigger Role in CVE Program, Says CISA

Information Security Magazine

1 week 6 days ago

At VulnCon, Lindsey Cerkovnik, head of vulnerability management at CISA, said AI companies should play a bigger role in vulnerability disclosures in the future

OpenAI也搞“Mythos”？网络安全版GPT-5.4-Cyber对外亮相

互联网安全内参

1 week 6 days ago

目前只对少数用户限量开放。

Aggregator

Managed ad