今日已更新 498 条资讯 | 累计 20470 条内容
关于我们

标签:#SEC

找到 683 篇相关文章

AI 资讯

What Is Shadow AI, and Why It's a Real Security Problem

Shadow AI is the unapproved use of AI tools at work. Here is what it actually is, why it creates security and compliance exposure, and how Bifrost Edge brings it under control at the endpoint. Somewhere in your company right now, someone is pasting a customer list into a personal ChatGPT account to clean up an email. A developer has a coding agent pointed at a repo that still has live credentials in it. Someone in marketing wired up an MCP server they found over the weekend so their assistant can pull from a CRM. None of it shows up anywhere the security team can see. That is shadow AI: people using AI tools for work faster than anyone can govern them. It is rarely reckless. The tools are genuinely useful, they are one click away, and most people have no real sense of what happens to the text they paste into them. The scale is what tends to surprise teams. A 2025 UpGuard report found that more than 80% of workers use unapproved AI tools , security professionals included, and that half use them regularly. This is not a fringe behavior at the edges of the org. It is most people, most days. What counts as shadow AI Shadow AI is any AI tool used for work without security review or central oversight. It is the AI version of shadow IT, except it moved faster and the data leaving the building is often more sensitive. It usually shows up in four shapes: Consumer chat apps used with work data: ChatGPT, Claude, and the rest, on personal accounts. AI inside the browser, where a prompt box is one tab away at all times. Coding agents in the terminal and IDE, which can read source, run commands, and touch infrastructure. MCP servers, the external tools an AI app connects to so it can read files, call APIs, and take actions. The first two leak data outward. The last two are more interesting, because they let an AI tool do things, often with whatever access the employee already has. Why it is an actual security problem, not just a policy headache The risk is not that AI is dangerou

2026-06-16 原文 →
AI 资讯

I built a Terraform security scanner that lives inside GitHub PRs

The problem IAM wildcards and public S3 buckets keep slipping through Terraform code review. Tools like Checkov and tfsec exist but they live in CI, require config files, and developers ignore the output because it's not where they're working. What I built TerraWatch is a GitHub App that scans every pull request that touches .tf files automatically. If it finds a security issue it blocks the merge and posts the exact code fix as a PR comment. The developer sees something like this in their PR: ⚠️ PUBLIC_S3_BUCKET - main.tf (Line 6) Severity: HIGH Risk: S3 bucket allows public read access. Fix: acl = "public-read" acl = "private" block_public_acls = true restrict_public_buckets = true They copy the fix, push, and the merge unblocks automatically. How it's different No YAML, no CI config - installs in 2 minutes via GitHub App Fixes are hardcoded diffs, not AI generated Nothing auto-applied - you review every fix No Checkov dependency - own lightweight rules engine Only reads changed .tf files in the PR, never your full codebase 29 rules covering S3 public access, IAM wildcards, open ports (SSH/RDP/MySQL/Postgres), unencrypted EBS/RDS, public databases, hardcoded secrets, EKS public endpoints, CloudTrail disabled, IMDSv1, and more. Try it Free during beta - terrawatch.dev Also launching on Product Hunt today if you want to show some support!

2026-06-16 原文 →
AI 资讯

HTTP vs HTTPS — What Actually Happens When You Visit a Website

By Sailee Shingare | M.S in Computer Science, Northern Illinois University Every time you visit a website, your browser and the server have a conversation. That conversation happens over a protocol — either HTTP or HTTPS. You’ve seen both in your browser’s address bar. But what’s actually different between them, and why does it matter? Let’s break it down. What is HTTP? HTTP stands for HyperText Transfer Protocol . It’s the foundation of data communication on the web — the set of rules that defines how your browser requests information and how servers respond. When you visit a website over HTTP, here’s what happens: You type a URL in your browser Your browser sends a request to the server The server sends back the webpage Your browser displays it Simple. But there’s a problem — everything is sent in plain text . Anyone sitting between you and the server can read it. Your passwords, your credit card numbers, your messages — all visible. This is where HTTPS comes in. What is HTTPS? HTTPS stands for HyperText Transfer Protocol Secure . It’s HTTP with an extra layer of security called TLS (Transport Layer Security) — previously known as SSL. The S in HTTPS means everything between your browser and the server is encrypted . Even if someone intercepts the data, they see nothing but scrambled gibberish. What Actually Happens When You Visit an HTTPS Website When you visit an HTTPS site, your browser and the server perform a TLS Handshake before any data is exchanged. Here’s what happens step by step: Step 1 — Client Hello Your browser says hello to the server and shares which encryption methods it supports. Step 2 — Server Hello The server picks an encryption method and sends back its SSL certificate — a digital document that proves the server is who it claims to be. Step 3 — Certificate Verification Your browser checks the certificate against a list of trusted authorities. If it’s valid, the connection proceeds. If not, you see a warning — “Your connection is not private.”

2026-06-16 原文 →
AI 资讯

PyPI Supply Chain, OWASP LLM Top 10, & eBPF Cloud-Native Security

PyPI Supply Chain, OWASP LLM Top 10, & eBPF Cloud-Native Security Today's Highlights Today's security highlights include a critical new malicious PyPI package targeting developers, a comprehensive guide to the OWASP Top 10 vulnerabilities for LLM applications, and practical insights into leveraging eBPF for advanced cloud-native security monitoring. New Malicious PyPI Package 'ColorLib' Targets Developers with Info-Stealing Malware (The Hacker News) Source: https://thehackernews.com/2026/06/new-malicious-pypi-package-colorlib.html This story details the discovery of a malicious package named 'ColorLib' uploaded to the Python Package Index (PyPI). The package is designed to act as info-stealing malware, specifically targeting developers who might inadvertently incorporate it into their projects. Upon execution, the malware attempts to exfiltrate sensitive data, such as environment variables, cryptocurrency wallet details, and various credentials, from the compromised system. This incident underscores the ongoing threat of software supply chain attacks, where attackers inject malicious code into commonly used open-source repositories. Developers relying on public package managers like PyPI must exercise extreme caution and implement robust security practices, including vetting packages, using dependency scanners, and maintaining a principle of least privilege. The rapid proliferation of such attacks necessitates constant vigilance and proactive security measures to prevent widespread compromise. Comment: Developers should immediately check their requirements.txt and pip freeze output for 'colorlib' and ensure all dependencies are from trusted sources, as these attacks are increasingly common. Exploring the OWASP Top 10 for LLM Applications (The Hacker News) Source: https://thehackernews.com/2026/06/exploring-owasp-top-10-for-llm.html The Open Worldwide Application Security Project (OWASP) has released its highly anticipated Top 10 list specifically tailored for Large

2026-06-16 原文 →
AI 资讯

LiteLLM Vulnerability Chain Enables Full AI Gateway Takeover from Default Account

TL;DR what: Three chained vulnerabilities in LiteLLM AI gateway allow default low-privilege users to bypass authorization, escalate to admin, and execute arbitrary code on the server. impact: Full compromise exposes every provider API key (OpenAI, Anthropic, Azure, etc.), database credentials, decryption secrets, and all prompts and responses passing through the gateway. fix: Upgrade immediately to LiteLLM v1.83.14-stable or later, which includes complete fixes for CVE-2026-47101, CVE-2026-47102, and CVE-2026-40217. who: Any organization running LiteLLM proxy to broker AI model access, especially those with internal users or agents routing through the gateway. A critical vulnerability chain in LiteLLM, a widely deployed open-source AI gateway, allows attackers starting from a default low-privilege account to achieve full server takeover and code execution. Obsidian Security researchers disclosed the three-bug chain rated CVSS 9.9, with maintainer BerriAI shipping complete fixes in version 1.83.14-stable on May 2, 2026. LiteLLM brokers API calls to more than 100 AI model providers—OpenAI, Anthropic, Google Gemini, AWS Bedrock, Azure OpenAI, and others—behind a single OpenAI-compatible interface. Organizations deploy it as a central gateway to manage costs, enforce policies, and route requests across multiple backends. That centralized position makes it a high-value target: a compromised proxy exposes every provider key it holds, the secrets that decrypt stored credentials, and every prompt and response flowing through it. The Three-Link Chain The attack begins with CVE-2026-47101, an authorization bypass. When a regular internal_user creates a virtual API key, LiteLLM stores the caller-supplied allowed_routes field without validating it against the user's role. This field is intended to restrict what the key can access, but the proxy also treats it as a fallback authorization grant. An attacker can mint a key with allowed_routes: ["/*"], a wildcard that opens every r

2026-06-16 原文 →
AI 资讯

Your Next.js API Route Is Leaking Diagnostics in Its 400 Responses

A data export endpoint dumps system diagnostics when it hits an invalid field. Feed it garbage, read the debug output, grab the flag. A data export feature lets you pick which profile fields to download. The UI only offers valid fields through checkboxes, so everything looks locked down. But the API behind it accepts arbitrary field names -- send it one it doesn't recognize, and instead of a clean error, it dumps full system diagnostics including internal feature flags. That's where the flag is. You'll bypass the frontend, hit the endpoint directly, and read what comes back. Lab setup Start the lab: npx create-oss-store@latest Or with Docker (no Node.js required): docker run -p 3000:3000 leogra/oss-oopssec-store The app runs at http://localhost:3000 . What you're targeting The app has a profile page at /profile with a Data Export tab. It lets users download their own data in JSON or CSV by selecting fields through checkboxes ( User ID , Email , Role , Address ID ) and clicking "Export Data". The UI looks safe -- you can only pick from a fixed set of valid fields, so there's no way to submit an invalid one through the browser. But that's just client-side validation. The endpoint behind it is POST /api/user/export , and it accepts a JSON body with two parameters: { "format" : "json" , "fields" : [ "id" , "email" , "role" ] } The fields value is an array of strings. The API checks each field against an allowlist. Valid fields? You get your data back. Invalid fields? The API throws an error -- and that error says way too much. Step-by-step exploitation 1. Log in You need an authenticated session. Use one of the seeded accounts: Email: alice@example.com Password: iloveduck Log in through the UI at /login , or grab a session cookie via curl: curl -c cookies.txt -X POST http://localhost:3000/api/auth/login \ -H "Content-Type: application/json" \ -d '{"email":"alice@example.com","password":"iloveduck"}' 2. Explore the Data Export tab Go to /profile and click the Data Export

2026-06-16 原文 →
AI 资讯

The contract is clean - for now: catching crypto scams that survive launch-time checks

Most token scam detectors, including the one I work on, share one implicit assumption: the contract you analyze at launch is the contract people will trade. Read the source, simulate a buy and a sell, cluster the deployer, score it, done. That is a snapshot. And a snapshot is exactly what a patient scammer plays against. Two token designs pass every launch-time check and then turn hostile later. This is how they work, and the two on-chain techniques we shipped this week to catch them. Design 1: the delayed honeypot A honeypot is a token you can buy but cannot sell. The classic version is non-sellable from block one, so a buy-then-sell simulation catches it instantly. The patient version is sellable at launch. Early buyers sell fine, the chart looks healthy, the token earns a clean verdict from every checker that judged it at T0. Then, days later, the operator flips a switch: a timed blacklist that rejects transfers after a block height or timestamp, a setTrading(false) / pause() kill switch pulled once liquidity has accumulated, a fee setter cranked to 100% on sells. From that moment it is a honeypot. But the only verdict on record is the clean one from launch day. The detection ran once, at the worst possible time to run it. Fix: re-simulate at J7 We keep post-launch snapshots of every token at J0, J7 and J30 (originally to catch slow rugs: volume collapse, late LP burns). The new piece re-runs the full buy/sell honeypot simulation at J7, but only for tokens that were genuinely sellable at J0. A clean-to-honeypot flip is the signal: // Only for tokens sellable + tradable at J0 - a clean->honeypot flip is the point. // Bounded per run because it is RPC-heavy. const eligible = ! j0 . risk_flags . some (( f ) => J0_SKIP_RESIM_FLAGS . has ( f )); if ( rpc && eligible && resims < resimLimit ) { const isNowHoneypot = await detectLateHoneypot ( rpc , tokenAddress ); if ( isNowHoneypot ) flags . push ( " late_honeypot " ); // +40 risk at J7 } One rule we hold to: an RPC hi

2026-06-15 原文 →
AI 资讯

Article: Governing AI in the Cloud: A Practical Guide for Architects

In this article, the author outlines a practical approach to AI governance in the cloud, covering discovery of shadow AI, data classification at creation, IAM-based enforcement, policy-as-code, and operational controls. The article shows how organizations can embed governance into delivery pipelines, balancing security, compliance, and developer productivity without relying on manual processes. By Dave Ward

2026-06-15 原文 →
AI 资讯

Could UBID and UDC Solve the Biggest Problem Facing Advanced AI?

As AI systems become more powerful, the conversation is shifting. The biggest challenge is no longer whether AI can write code, solve problems, or accelerate scientific discovery. The real question is: How do we safely govern systems that may eventually become more capable than the institutions built to regulate them? This is where my research on Universal Biometric Identification (UBID) and Universal Digital Credits (UDC) becomes interesting. The Problem Modern AI systems operate in a world where identity is increasingly difficult to verify. A powerful AI model can be accessed through: Anonymous accounts Disposable email addresses VPNs Automated bot networks Fake identities As AI capabilities increase, this creates a growing governance challenge. If a future AI system could discover software vulnerabilities, design advanced technologies, or perform high-impact research, how would organizations determine who should have access? Today, they largely cannot. The internet was designed around connectivity, not verified human identity. What Is UBID? In my paper, I propose Universal Biometric Identification (UBID), a framework where every person receives a globally unique identity based on multiple biometric factors such as: Fingerprints Facial recognition Iris patterns Voice recognition Behavioral characteristics These biometric signals are combined with cryptographic security and distributed ledger technologies to create a secure digital identity framework. The goal is not surveillance. The goal is to create a trusted proof-of-personhood system. A system capable of answering a simple question: Is this a real, verified human? What Is UDC? Universal Digital Credits (UDC) extend this identity layer into a global transaction framework. Instead of relying entirely on traditional banking systems, transactions can be linked directly to verified digital identities. This creates: Reduced fraud Better accountability Financial inclusion Transparent transaction records Global access

2026-06-15 原文 →
AI 资讯

Anthropic Releases and Temporarily Suspends Claude Fable 5

On June 9, 2026, Anthropic launched Claude Fable 5, a model designed for long-horizon tasks, but it was taken offline shortly after due to a U.S. government export directive. It shares architecture with Claude Mythos 5, supporting extensive token usage. The model includes mandatory data retention requirements, which have affected its deployment with partners like Microsoft. By Andrew Hoblitzell

2026-06-15 原文 →
AI 资讯

Making "files never leave your browser" verifiable with DevTools and CSP

"Files never leave your browser" is becoming standard copy for PDF tools, image editors, and document converters. But a trust claim and a verifiable fact are different things. Here's how to turn "zero upload" into something any user can audit in about two minutes, and how to enforce it at the browser level so it isn't just a promise. Step 1: Read the Network panel Open DevTools → Network, enable "Disable cache", reload. While processing a file, filter by "Fetch/XHR" and "Doc". A genuinely client-side tool should show only HTML/CSS/JS/WASM asset loads — no POST requests, no GETs carrying file content in query parameters. The non-obvious trap: third-party analytics, Google Fonts, and CDNs all show up as outbound requests. If you claim zero uploads, those count too. The honest move is to self-host fonts and scripts and drop analytics entirely, so the request list is genuinely short enough to eyeball. The Network panel is the human-readable check. The next part is what actually makes it hold. Step 2: Enforce egress with CSP connect-src This is the piece people get backwards, so it's worth stating precisely. CSP's connect-src is an egress allowlist the browser enforces before the request is sent . A fetch /XHR to an origin that isn't on the list is blocked by the browser and never leaves the machine. You'll see it fail in the console as a CSP violation, with no entry in the Network tab going out to that origin. This includes no-cors requests. no-cors is sometimes assumed to be an escape hatch, but it isn't one for this purpose. All no-cors does is let you issue a cross-origin request while making the response opaque (you can't read the body). It does not bypass connect-src : if the target origin isn't in your connect-src allowlist, the no-cors request is blocked exactly the same way — it never goes out. So you can't smuggle a file out to a third party with no-cors under a tight CSP. That's what makes CSP the actual proof, not just documentation. Tighten connect-src to 's

2026-06-15 原文 →
AI 资讯

Hermes-Crew Hybrid: A Hybrid Architecture for Secure Multi-Agent AI Workflows

Hermes-Crew Hybrid: A Hybrid Architecture for Secure Multi-Agent AI Workflows I built a hybrid system that combines a central orchestrator (Hermes) with temporary CrewAI micro-crews, protected by 3 layers of security. Here's what it does and why it matters. The Problem Multi-agent AI systems are powerful but dangerous. When you chain multiple agents together, a single compromised agent can poison the entire workflow. Existing solutions are either too heavy (enterprise PKI infrastructure) or too light (basic regex filters). The Solution: 3-Layer Security Layer 1 — Pre-execution (MCP Tool Auditor): Before any agent can register a tool, it's audited for malicious instructions. Layer 2 — Runtime (Agent Fixer Stage): Every output from every agent passes through a 3-stage pipeline (normalization → pattern matching → embeddings) in under 1ms. Layer 3 — Pre-commit (Code Safety Hook): Before any git commit lands, the diff is analyzed by CrewAI + Ollama local. Malicious code gets rejected automatically. Architecture Hermes (Director) │ ├── MCP Tool Auditor → verifies tools before registration │ ├── Execution: venv (fast) / Docker (isolated) / auto (smart) │ ├── Agent 1: Researcher │ ├── Agent 2: Analyst │ └── Agent 3: Writer │ ├── Security Gateway (Agent Fixer Stage) → filters output (<1ms) │ └── Consolidator → parses output + generates Obsidian notes What Makes It Different 1. Portable by design. Zero hardcoded paths. Every user configures their own .env . 2. Multi-model via LiteLLM. Works with Ollama local, OpenAI, Anthropic, Gemini, Groq, OpenRouter — any provider. 3. Local-first. Everything runs on the user's machine. No cloud dependencies required. 4. Obsidian integration. Every analysis generates a structured note with YAML frontmatter. Code Safety Hook in Action When you run git commit with malicious code: ❌ [ COMMIT RECHAZADO] Code Safety detected risks: → CrewAI detected vulnerabilities: VERDICT: FAIL → Agent Fixer Stage detected anomalies: High threat score: 1.05 Fo

2026-06-15 原文 →
AI 资讯

AI Provenance Risks, Honda Key Fob Vuln, & Rust Miri FFI Safety

AI Provenance Risks, Honda Key Fob Vuln, & Rust Miri FFI Safety Today's Highlights This week, we examine critical security insights across diverse domains, including the integrity of "homegrown" AI models, a practical key fob vulnerability impacting Honda vehicles, and advanced defensive techniques for ensuring memory safety in Rust applications via Miri. These stories highlight the ongoing need for vigilance in supply chain trust, physical system hardening, and robust software development practices. Honda Civics and the Evil Valet (Hacker News) Source: https://juniperspring.org/posts/honda-evil-valet/ This report uncovers a significant security vulnerability present in various Honda Civic models related to their key fob and "valet mode" system. The core issue lies in the design allowing a valet, given temporary access to a vehicle, to exploit the key fob's functionality to generate a permanent copy of the car's virtual key. By initiating a specific sequence while the original key fob is within range, an unauthorized party can essentially "clone" access to the vehicle, bypassing typical security measures. This creates a persistent risk, as the valet or any malicious actor who gains temporary possession of the key fob could retain unauthorized access to the car indefinitely, even after returning the original key. The vulnerability underscores the importance of a well-defined privilege model even in physical systems, where a "valet" should only have limited, temporary access. For owners, this raises concerns about trusting their vehicles to third parties, highlighting a gap in the security architecture that could lead to vehicle theft or unauthorized usage. This practical vulnerability serves as a stark reminder that security extends beyond digital perimeters into the physical realm of everyday objects. Comment: This real-world flaw demonstrates how critical it is to evaluate trust boundaries in all systems, physical or digital. Understanding the potential for privile

2026-06-15 原文 →