Aggregator

百万级模型的复杂供应链背后的元数据缺失、依赖关系隐形，正加剧供应链风险的传播。

HomeAI AI

A researcher has reverse-engineered the iOS SDK that Bright Data embeds in consumer apps and documented how it turns devices, including always-on smart TVs, into exit nodes that relay web-scraping traffic for a data business Bright Data markets heavily to the AI industry. The company, the successor to Luminati, operates what it calls the largest residential proxy network in the world,

A researcher has reverse-engineered the iOS SDK that Bright Data embeds in consumer apps and docume

Корпорация расширяет экосистему ИИ-инструментов для создателей контента на фоне растущей конкуренции с YouTube, TikTok и Instagram.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a high-severity security flaw impacting SolarWinds Serv-U multi-protocol file server software to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability, tracked as CVE-2026-28318 (CVSS score: 7.5), is a denial-of-service (DoS) bug that causes the service to crash

Vulnerability / Patch ManagementThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) h

Claude Opus 4.8 helped uncover a four-year-old critical flaw in Zcash that could have enabled undetectable creation of counterfeit coins. On May 29, the security researcher Taylor Hornby found a critical vulnerability in Zcash Orchard privacy pool using Claude Opus 4.8. The Zcash team hired Hornby specifically to look for this kind of issue. He […]

Claude Opus Found a Four-Year-Old Hole in Zcash’s Privacy Layer. Nobody Knows If Some

前不久，浙江桐乡警方通报了一起特大跨全国侵犯游戏著作权案。国内一个规模巨大的Steam游戏账号非法交易窝点已被成功捣毁。该网络犯罪团伙涉及人员数量不少于12人，长期在电商平台非法提供所谓“假入库”服务

Two things landed within days of each other this week. A security startup reported 21 previously unknown vulnerabilities in FFmpeg, the media library inside almost everything that touches video, all of them found by an autonomous AI agent. The same week, Google shipped Chrome 149 with patches for 429 security bugs, the most ever in a single release. Only the FFmpeg bugs were found by AI.

Vulnerability / Endpoint SecurityTwo things landed within days of each other this week. A security

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical SolarWinds Serv-U vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, warning that threat actors are actively exploiting the flaw in the wild. Tracked as CVE-2026-28318, the vulnerability affects SolarWinds Serv-U file transfer software and enables unauthenticated attackers to crash the service through specially […]

The post CISA Warns of SolarWinds Serv-U Vulnerability Exploited in Attacks appeared first on Cyber Security News.

По данным СМИ, деньги заплатили. Weil подтвердила только сам инцидент.

A vulnerability categorized as problematic has been discovered in LatePoint Plugin up to 5.6.0 on WordPress. Affected by this issue is the function change_status of the component Appointment Handler. Such manipulation leads to cross-site request forgery. This vulnerability is uniquely identified as CVE-2026-9719. The attack can be launched remotely. No exploit exists. It is advisable to upgrade the affected component.

A vulnerability was found in spyrosvl Simple SEO Slideshow Plugin up to 1.2.8 on WordPress. It has been rated as problematic. Affected by this vulnerability is an unknown functionality of the component Shortcode Handler. This manipulation causes cross site scripting. This vulnerability is handled as CVE-2026-8900. The attack can be initiated remotely. There is not any exploit available.

A vulnerability was found in payaddons Express Payment for Stripe Plugin up to 1.28.0 on WordPress. It has been declared as problematic. Affected is the function register_shortcode of the component Shortcode Handler. The manipulation of the argument Type results in cross site scripting. This vulnerability is known as CVE-2026-8893. It is possible to launch the attack remotely. No exploit is available. It is recommended to upgrade the affected component.

A vulnerability was found in davidanderson All-In-One Security Plugin up to 5.4.7 on WordPress. It has been classified as problematic. This impacts the function get_rest_route of the component AIOS Dashboard. The manipulation of the argument REQUEST_URI leads to cross site scripting. This vulnerability is traded as CVE-2026-8438. It is possible to initiate the attack remotely. There is no exploit available. Upgrading the affected component is recommended.

A vulnerability was found in spacetime Ad Inserter Plugin up to 2.8.15 on WordPress and classified as problematic. This affects an unknown function of the component Iframe Mode. Executing a manipulation can lead to cross site scripting. This vulnerability appears as CVE-2026-9280. The attack may be performed from remote. There is no available exploit. It is suggested to upgrade the affected component.

A vulnerability has been found in glenwpcoder Drag and Drop Multiple File Upload for Contact Form 7 Plugin up to 1.3.9.7 on WordPress and classified as problematic. The impacted element is an unknown function of the component Setting Handler. Performing a manipulation of the argument drag_n_drop_text/drag_n_drop_browse_text results in cross site scripting. This vulnerability is reported as CVE-2026-8991. The attack is possible to be carried out remotely. No exploit exists. The affected component should be upgraded.