متاح الآن! بحث تيليغرام 2025 — أهم رؤى العام 
AISecHub
الذهاب إلى القناة على Telegram
Powered by InnovGuard.com | Business inquiries: https://calendly.com/innovguard/meeting | tal.eliyahu@innovguard.com
إظهار المزيدلم يتم تحديد البلدالتكنولوجيات والتطبيقات28 513
2 450
المشتركون
لا توجد بيانات24 ساعات
+137 أيام
+14430 أيام
جاري تحميل البيانات...
القنوات المماثلة
لا توجد بيانات
هل تواجه مشاكل؟ يرجى تحديث الصفحة أو الاتصال بمدير الدعم الخاص بنا.
سحابة العلامات
الإشارات الواردة والصادرة
---
---
---
---
---
---
جذب المشتركين
يونيو '26
يونيو '26
+43
في 3 قنوات
مايو '26
+163
في 4 قنوات
Get PRO
أبريل '26
+100
في 2 قنوات
Get PRO
مارس '26
+192
في 3 قنوات
Get PRO
فبراير '26
+239
في 5 قنوات
Get PRO
يناير '26
+394
في 4 قنوات
Get PRO
ديسمبر '25
+204
في 4 قنوات
Get PRO
نوفمبر '25
+140
في 4 قنوات
Get PRO
أكتوبر '25
+167
في 3 قنوات
Get PRO
سبتمبر '25
+270
في 1 قنوات
Get PRO
أغسطس '25
+95
في 1 قنوات
Get PRO
يوليو '25
+93
في 2 قنوات
Get PRO
يونيو '25
+68
في 1 قنوات
Get PRO
مايو '25
+375
في 3 قنوات
Get PRO
أبريل '25
+43
في 2 قنوات
Get PRO
مارس '25
+735
في 1 قنوات
| التاريخ | نمو المشتركين | الإشارات | القنوات | |
| 13 يونيو | +3 | |||
| 12 يونيو | +1 | |||
| 11 يونيو | +1 | |||
| 10 يونيو | +7 | |||
| 09 يونيو | +4 | |||
| 08 يونيو | +4 | |||
| 07 يونيو | +1 | |||
| 06 يونيو | 0 | |||
| 05 يونيو | +2 | |||
| 04 يونيو | +5 | |||
| 03 يونيو | +6 | |||
| 02 يونيو | +4 | |||
| 01 يونيو | +5 |
منشورات القناة
| 2 | CVE-2026-47345: TYPO3 HTML Sanitizer XSS via namespace attribute encoding bug
The advisory describes an HTML serialization bug where namespace attributes aren’t encoded correctly, enabling a bypass of typo3/html-sanitizer’s XSS prevention prior to 2.3.2.
#VulnerabilityResearch #AppSec #AISecurity #Advisory
https://github.com/advisories/GHSA-p5j5-4j3q-8mq8 | 201 |
| 3 | CVE-2026-46370: Fleet observer-level enrollment secret extraction via ORDER BY oracle in labels host-listing endpoint
The advisory describes a data-exfiltration path where untrusted sorting/cursor behavior (ORDER BY) becomes an oracle, enabling a low-privilege authenticated user to binary-search and recover enrollment secrets from the labels host-listing endpoint.
#VulnerabilityResearch #AppSec #AISecurity #Advisory
https://github.com/advisories/GHSA-vxm7-9x8v-8gm4 | 181 |
| 4 |  https://www.anthropic.com/news/fable-mythos-access | 201 |
| 5 |  https://www.varonis.com/blog/openclaw-phishing | 210 |
| 6 |  https://datatracker.ietf.org/doc/draft-mohiuddin-mcp-security-considerations/ | 199 |
| 7 |  That was quick! 17 Boosts!!!
Thank you all boosting the channel.
We have now auto translate function!
https://t.me/boost/AISecHub | 224 |
| 8 |  https://github.com/bkerler/ida_rpc | 221 |
| 9 |  https://open.substack.com/pub/oliverpatel/p/the-ultimate-agentic-ai-governance | 221 |
| 10 | CVE-2026-48039: Meta Ads MCP — Unauthenticated HTTP Tool Execution Leaks Operator Meta Access Token
The advisory describes an MCP server where unauthenticated HTTP requests can trigger tool execution and expose the operator’s Meta access token, indicating a missing authn/authz boundary between remote callers and privileged MCP actions.
#MCP #AgentSecurity #AISecurity #Advisory
https://github.com/advisories/GHSA-9gw6-46qc-99vr | 242 |
| 11 | npm Supply Chain Under Siege: TeamPCP, Miasma, and npm v12
The npm package registry serves as foundational infrastructure for modern software development.
#AgentSecurity #LLMSecurity #AISecurity #Report
https://labs.cloudsecurityalliance.org/research/csa-whitepaper-npm-ai-toolchain-supply-chain-security-v1-0-c | 204 |
| 12 | OCELOT: Inference-Leakage Budgets for Privacy-Preserving LLM Agents
OCELOT treats agent privacy as trajectory-level posterior-risk control: each outbound “release” is audited and charged against a leakage budget based on how much it can improve an attacker’s belief about a secret, not just whether the text matches a filter.
#AgentSecurity #LLMSecurity #AISecurity #Research
https://arxiv.org/abs/2606.12341 | 171 |
| 13 | PI-Hunter: Automated Red Teaming to Expose and Localize Prompt Injections
PI-Hunter frames indirect prompt injection as an auditing problem: generate source-aware environments, then use feedback-driven test evolution to make an agent retrieve and surface latent malicious instructions, helping localize where untrusted content propagates through the agent/tool workflow.
#PromptInjection #LLMSecurity #AISecurity #Research
https://arxiv.org/abs/2606.12737 | 152 |
| 14 | Stakeholder-Centric Prompt Injection Benchmarking for Real-World Web Agents
This paper reframes web-agent prompt-injection evaluation around “who gets harmed,” splitting attacks by stakeholder (user/seller/platform), objective, and both outcome- and process-level metrics to surface failure modes that attack-centric benchmarks can miss.
#PromptInjection #LLMSecurity #AISecurity #Research
https://arxiv.org/abs/2606.13385 | 131 |
| 15 | CVE-2026-48039: Meta Ads MCP — Unauthenticated HTTP Tool Execution Leaks Operator Meta Access Token
The advisory describes an MCP server where unauthenticated HTTP requests can trigger tool execution in a way that exposes the operator’s Meta access token, indicating a missing auth boundary between the network listener and token-bearing tool calls.
#MCP #AgentSecurity #AISecurity #Advisory
https://github.com/advisories/GHSA-9gw6-46qc-99vr | 135 |
| 16 | npm Supply Chain Under Siege: TeamPCP, Miasma, and npm v12
The npm package registry serves as foundational infrastructure for modern software development.
#AgentSecurity #LLMSecurity #AISecurity #Report
https://labs.cloudsecurityalliance.org/research/csa-whitepaper-npm-ai-toolchain-supply-chain-security-v1-0-c | 134 |
| 17 | SMSR: Certified Defense Against Runtime Memory Poisoning in Persistent LLM Agent Systems
Persistent agent memory creates a multi-session poisoning path where attacker-written “memories” are later retrieved and treated as guidance. This paper’s SMSR combines HMAC-signed memory writes with randomized retrieval-time ablation and majority voting to bound (and certify) the effect of injected content.
#AgentSecurity #LLMSecurity #AISecurity #Research
https://arxiv.org/abs/2606.12703 | 126 |
| 18 | PI-Hunter: Automated Red-Teaming to Expose and Localize Prompt Injections
PI-Hunter targets indirect prompt injection in tool-using agents by generating source-aware test cases and iteratively mutating them via feedback to make agents retrieve and surface latent malicious instructions from untrusted environments, aiming to improve vulnerability exposure and attack-surface coverage beyond success-only red-teaming.
#PromptInjection #LLMSecurity #AISecurity #Research
https://arxiv.org/abs/2606.12737 | 162 |
| 19 | Stakeholder-Centric Prompt-Injection Benchmarking for Real-World Web Agents
This benchmark reframes web-agent prompt injection evaluation around who is harmed, mapping attacks to stakeholder-specific objectives and measuring both outcome and process failures (e.g., stealthy task-preserving manipulation vs task disruption). It reports that current agents do not reliably resist any tested attack objective across these modes.
#PromptInjection #LLMSecurity #AISecurity #Research
https://arxiv.org/abs/2606.13385 | 176 |
| 20 |  Most Viewed Videos in May 2026
https://awesomecybersecurityconferences.com/videos/most-viewed | 267 |
