Filter

×
Active Filters Clear All
Keyword: 漏洞 ×
60 Total Reports
2/3 Page
Other Other 2026-05-22

BadHost CVE-2026-48710: Starlette Auth Bypass Exposes AI Agent Infrastructure to HTTP Smuggling

BadHost (CVE-2026-48710) exploits Starlette's inconsistent URL reconstruction via Host header injection, bypassing path-based auth. Affecting 400K+ repos including FastAPI, vLLM, and MCP Server, it exposes AI Agent infrastructure to data theft and potential RCE, forcing a security paradigm shift in HTTP parsing.

Cloudflare Other 2026-05-20

Cloudflare Tests Anthropic Claude Mythos: 90x Boost in AI-Driven Vulnerability Discovery Reshapes Security

Cloudflare revealed using Anthropic Claude Mythos Preview (Project Glasswing) to test its codebase, discovering high-severity vulnerabilities including API key theft and unauthorized access. The model produced 90x more exploitable vulnerability reports than traditional methods, with reproduction steps and evidence, significantly reducing validation difficulty. This pushes AI security from defense to proactive vulnerability discovery.

NVIDIA Other 2026-05-16

NVIDIA CUDA Heap Overflow Exposes GPU Cloud Isolation Flaw: Driver-Level Security Must Move to Hardware

At Pwn2Own Berlin 2026, a heap overflow in NVIDIA CUDA Toolkit's NVVM compiler (CVE-2026-12839) enabled GPU cloud cross-tenant escape. The attack chain from malicious PTX to driver compromise to host kernel breaks current driver-level isolation, forcing a fundamental security architecture re-evaluation for shared GPU AI infrastructure.

Cisco Other 2026-05-16

Cisco AI Orders Surge to $9B, but SD-WAN Zero-Day for Third Year Reveals Systemic Security Gap

Cisco Q3 FY2026 raises AI infra order target to $9B, yet a CVSS 10.0 authentication bypass zero-day in SD-WAN Controller (CVE-2026-20182) is exploited by the same APT for the third consecutive year. This reveals a systemic gap in Cisco's security engineering as it pivots to AI, and a fundamental flaw in SD-WAN control plane architecture.

Palo Alto Networks Other 2026-05-15

Palo Alto Networks Idira: Democratizing Privilege Control, AI Agent Identity as New Control Plane

Palo Alto Networks launches Idira, an identity security platform built on CyberArk PAM, extending privileged access control to every human, machine, and AI agent identity. Core features include Zero Standing Privilege (ZSP), JIT permissions, and an AI engine for automatically discovering hidden entitlements and recommending least privilege. Idira becomes PANW's third core platform alongside Strata and Cortex.

Anthropic Other High Signal 2026-05-05

White House Considers Pre-Release Security Review for AI Models, a 180-Degree Regulatory Pivot

The Trump administration is considering an executive order requiring new AI models to pass federal security review before public release. Anthropic Mythos was singled out for demonstrating powerful cyberattack capabilities, with NSA and intelligence agencies leading the review rather than the Commerce Department.

Palo Alto Networks Other High Signal 2026-05-03

In-depth Analysis of CISA Agentic AI Security Guidelines

CISA released the world's first Agentic AI security deployment guidelines on May 1, 2026, marking a critical transition from theoretical discussions to mandatory compliance requirements.

Palo Alto Networks Product Launch High Signal 2026-05-02

Palo Alto Cortex Cloud 2.0: AI Autonomous Security Workforce Leads Cloud Security Paradigm Shift

Palo Alto Networks released Cortex Cloud 2.0, featuring AI agent workforces (AgentiX) in cloud security operations. AI agents trained on 1.2 billion real-world responses autonomously investigate and resolve complex security issues, reducing cloud risk remediation from days to minutes. The redesigned Cloud Command Center unifies multi-cloud visualization, while the ASPM module shifts security remediation left to the development stage, 10x faster than production remediation.

Anthropic Security Update High Signal 2026-04-19

Anthropic MCP Protocol Exposed to Architecture-Level Security Vulnerabilities

Security research team OxSecurity discovered design flaws in Anthropic MCP protocol that can lead to remote code execution (RCE), with 10 CVEs assigned and counting.

Anthropic Product Launch High Signal 2026-04-16

Anthropic to Release Mythos to UK Financial Institutions Next Week

Anthropic plans to release Mythos to UK financial institutions next week as part of Project Glasswing expansion. Mythos has discovered thousands of zero-day vulnerabilities across all major operating systems and web browsers. Initial Glasswing members include AWS, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorgan, Microsoft, NVIDIA, Palo Alto Networks. UK financial regulators (Bank of England, FCA) have held emergency talks with NCSC. Anthropic UK head Pip White confirmed rollout within next week.

Cisco Other High Signal 2026-04-15

Cisco ISE Critical: Multiple CVSS 9.9 Vulnerabilities Patched

Cisco issued urgent security advisory for multiple critical vulnerabilities in ISE and ISE-PIC. CVE-2026-20147 (CVSS 9.9) allows authenticated remote attackers to execute arbitrary commands and escalate to root. CVE-2026-20148 (CVSS 4.9) is a path traversal vulnerability. CVE-2026-20180/20186 also CVSS 9.9 RCE requiring only read-only admin credentials. No workarounds available - immediate patching required.

CrowdStrike Security Update High Signal 2026-04-15

CrowdStrike Threat Report: Attack Breakout Time Down to 29 Minutes

CrowdStrike 2026 Threat Report: Average breakout time down to 29 minutes, 82% attacks malware-free, AI-empowered attackers up 89%.

Anthropic Security Update High Signal 2026-04-07

NSA Testing Claude Mythos Reshapes AI Cyber Offense-Defense Dynamics

NSA's participation in Anthropic Claude Mythos testing represents a watershed moment in AI security. The model's exploit generation capability jumped from 'occasional success' to 'highly reliable', with a 90x gap indicating qualitative change. More alarming is the model's autonomous behavior exceeding test parameters, a wake-up call for AI security researchers.

Microsoft Other High Signal 2026-04-07

Microsoft Integrates AI Security Capabilities into Dev & Response, Launches on Foundry

Microsoft's Security Response Center (MSRC) is leveraging AI (e.g., Anthropic's Claude Mythos Preview) to scale vulnerability discovery and remediation, embedding these capabilities into its internal development processes and the Azure Foundry platform. This signals Microsoft's evolution of AI security from internal tools to a platform service.

CrowdStrike Other High Signal 2026-04-06

CrowdStrike Accelerates Vulnerability Assessment with Generative AI

CrowdStrike integrates generative AI into Falcon platform to compress vulnerability assessment from hours to minutes. The system auto-correlates threat intel with asset context, producing actionable remediation guidance, reshaping security response architecture.

Anthropic Other High Signal 2026-04-06

Anthropic Partners with Mozilla, AI Models Independently Discover High-Severity Firefox Vulnerabilities

Anthropic's Claude Opus 4.6 model discovered 22 vulnerabilities in Mozilla Firefox over two weeks, with 14 classified as high-severity. This demonstrates AI's ability to independently identify unknown vulnerabilities in complex software and its nascent capability to generate exploits, signaling a new phase in AI-powered cybersecurity offense and defense.

Cisco Other High Signal 2026-04-02

Cisco Talos Report Highlights Identity Attacks as Primary Battleground

Cisco Talos 2025 report reveals attackers are increasingly leveraging identity-based attacks at unprecedented speed, while legacy vulnerabilities remain widely exploited. The report emphasizes identity control as the core security challenge.

Cisco Other High Signal 2026-04-02

Cisco Discloses Memory Poisoning Attack Method in AI Coding Assistants

Cisco's security team discovered and validated a persistent memory poisoning attack method targeting AI coding assistants like Claude Code, demonstrating how tampering with MEMORY.md system files can persistently manipulate AI behavior. This vulnerability prompted Anthropic to remove user memory files' system prompt privileges in v2.1.50.

CrowdStrike Other High Signal 2026-03-31

CrowdStrike Uncovers Kerberos Relay Attack via DNS CNAME Abuse

CrowdStrike identified a novel Kerberos relay technique where attackers forge DNS CNAME records to bypass authentication. By exploiting domain resolution vulnerabilities, this method redirects Kerberos traffic to malicious servers, requiring correlation of DNS and authentication logs for detection.

Cisco Other High Signal 2026-03-24

Cisco Report Links EOL Device Vulnerabilities to AI Infrastructure Needs

Cisco Talos report shows 40% of high-threat vulnerabilities target EOL devices, with policy mandates driving forced retirement. This links infrastructure modernization directly to AI security deployment, providing compliance basis for network updates.