Aggregator

近日，全国网络安全标准化技术委员会公布《人工智能应用伦理安全指引1.0》，标志着我国在人工智能应用治理领域迈出了重要一步。在当前生成式人工智能、智能体等新技术快速迭代、应用场景不断拓展的背景下，《指引》的制定旨在平衡技术创新与风险防范……

5月20日，2026年中国网络文明大会互联网企业社会责任分论坛在广西南宁举行，中国网络社会组织联合会正式发布《中国网络诚信发展报告（2026）》。

当前，人工智能国际会展已成为高流动性、强时效性、高价值数据密集交换的特殊数字物理混合场域，面临前所未有的数据安全挑战。因此，加强人工智能国际会展数据治理，具有重要现实意义。

网络国防与前沿模型结合已是大势所趋

Keepnet, an Extended Human Risk Management (xHRM) platform, today announced that its voice and SMS phishing simulation data contributed to the 2026 Verizon Data Breach Investigations Report (DBIR). The 2026 edition is the first to include voice and SMS phishing simulation data at this scale. The DBIR records this as “an increase of 40% in the median click rate” between phone-centric and email-based simulations (Verizon 2026 DBIR, p. 50). According to the report, phone-centric phishing … More →

The post Keepnet contributes voice and SMS phishing data to the 2026 Verizon DBIR appeared first on Help Net Security.

Как ИИ переписывает ценность работы багхантера.

关注高级攻防对抗技术热点，研究对手技术进行高级威胁模拟，研判攻击安全发展方向。

无需授权即可入侵后台服务器主机

技术岗直投

看雪论坛作者ID：不歪

A vulnerability described as critical has been identified in techjewel FluentCRM Plugin up to 2.9.87 on WordPress. The impacted element is the function _fc_bounce_key. Such manipulation of the argument SubscribeURL leads to server-side request forgery. This vulnerability is traded as CVE-2026-7798. The attack may be launched remotely. There is no exploit available. Upgrading the affected component is recommended.

A vulnerability marked as critical has been reported in jetmonsters MotoPress Hotel Booking Plugin up to 6.0.1 on WordPress. The affected element is an unknown function. This manipulation causes missing authorization. This vulnerability appears as CVE-2026-8684. The attack may be initiated remotely. There is no available exploit. It is suggested to upgrade the affected component.

Splunk has released security updates addressing multiple vulnerabilities across Splunk Enterprise, Splunk Cloud Platform, and the Splunk AI Toolkit that could lead to denial-of-service (DoS) conditions and exposure of sensitive data. The issues, disclosed on May 20, 2026, include three tracked vulnerabilities: CVE-2026-20238, CVE-2026-20239, and CVE-2026-20240. Splunk AI Toolkit Access Flaw (CVE-2026-20238) A medium-severity flaw […]

The post Splunk Patches Multiple Vulnerabilities that Enable DOS Attacks and Expose Sensitive Data appeared first on Cyber Security News.

A vulnerability labeled as critical has been found in TeamViewer DEX up to 9.1. Impacted is an unknown function of the component Backend API Endpoint. The manipulation results in missing authorization. This vulnerability is reported as CVE-2026-8381. The attack can be launched remotely. No exploit exists. The affected component should be upgraded.

A vulnerability identified as problematic has been detected in metaphorcreations Ditty Plugin up to 3.1.65 on WordPress. This issue affects the function init of the component AJAX Endpoint. The manipulation leads to missing authorization. This vulnerability is documented as CVE-2026-9011. The attack can be initiated remotely. There is not any exploit available. You should upgrade the affected component.

A vulnerability categorized as problematic has been discovered in cssigniterteam AudioIgniter Music Player Plugin up to 2.0.2 on WordPress. This vulnerability affects the function handle_playlist_endpoint of the file /audioigniter/playlist/. Executing a manipulation can lead to authorization bypass. This vulnerability is registered as CVE-2026-8679. It is possible to launch the attack remotely. No exploit is available. It is advisable to upgrade the affected component.

A vulnerability was found in smub Slider by Soliloquy Plugin up to 2.8.1 on WordPress. It has been rated as problematic. This affects the function map_meta_cap of the component Configuration Handler. Performing a manipulation results in information disclosure. This vulnerability is cataloged as CVE-2026-7636. It is possible to initiate the attack remotely. There is no exploit available. Upgrading the affected component is advised.

A vulnerability was found in registrationformbuilder Vedrixa Forms Plugin up to 1.1.1 on WordPress. It has been declared as critical. Affected by this issue is the function wp_localize_script of the component Shortcode Handler. Such manipulation leads to missing authorization. This vulnerability is listed as CVE-2026-8692. The attack may be performed from remote. There is no available exploit. It is recommended to upgrade the affected component.