fa
Feedback
AISecHub

AISecHub

رفتن به کانال در Telegram

Powered by InnovGuard.com | Business inquiries: https://calendly.com/innovguard/meeting | tal.eliyahu@innovguard.com

نمایش بیشتر
کشور مشخص نشده استفناوری و برنامه‌ها27 729
2 494
مشترکین
اطلاعاتی وجود ندارد24 ساعت
+107 روز
+7530 روز

در حال بارگیری داده...

کانال‌های مشابه
هیچ داده‌ای
مشکلی وجود دارد؟ لطفاً صفحه را تازه کنید یا با مدیر پشتیبانی ما تماس بگیرید.
اشارات ورودی و خروجی
---
---
---
---
---
---
جذب مشترکین
ژوئیه '26
ژوئیه '26
+3
در 0 کانال‌ها
ژوئن '26
+113
در 3 کانال‌ها
Get PRO
مه '26
+163
در 4 کانال‌ها
Get PRO
آوریل '26
+100
در 2 کانال‌ها
Get PRO
مارس '26
+192
در 3 کانال‌ها
Get PRO
فوریه '26
+239
در 5 کانال‌ها
Get PRO
ژانویه '26
+394
در 4 کانال‌ها
Get PRO
دسامبر '25
+204
در 4 کانال‌ها
Get PRO
نوامبر '25
+140
در 4 کانال‌ها
Get PRO
اکتبر '25
+167
در 3 کانال‌ها
Get PRO
سپتامبر '25
+270
در 1 کانال‌ها
Get PRO
اوت '25
+95
در 1 کانال‌ها
Get PRO
ژوئیه '25
+93
در 2 کانال‌ها
Get PRO
ژوئن '25
+68
در 1 کانال‌ها
Get PRO
مه '25
+375
در 3 کانال‌ها
Get PRO
آوریل '25
+43
در 2 کانال‌ها
Get PRO
مارس '25
+735
در 1 کانال‌ها
تاریخ
رشد مشترکین
اشارات
کانال‌ها
02 ژوئیه0
01 ژوئیه+3
پست‌های کانال
DeepKeep uncovers InkJect, a new AI attack that hides malicious prompts inside images -- AI security development worth tracking Strong fact: DeepKeep described InkJect, a visual prompt injection technique that hides malicious instructions inside images processed by multimodal AI systems, expanding prompt-injection risk beyond plain text. Published: 2026-07-01T09:11:05+00:00 (26.6h ago) #LLMSecurity #ThreatIntel #AISecurity https://www.unite.ai/deepkeep-uncovers-inkject-a-new-ai-attack-that-hides-malicious-prompts-inside-images

2
Scankii: static security scanner built to stop AI agents from leaking API keys -- AI security tooling update Strong fact: Scankii is a local-first AI agent security scanner that correlates natural-language tool instructions with Python AST flows to catch cross-modal leakage paths that could expose API keys. Published: 2026-07-01T15:52:26+00:00 (19.9h ago) #Tools #LLMSecurity #AISecurity https://dev.to/ashish_3feb4ebc7a5923e9b7/scankii-the-first-static-security-scanner-built-to-stop-ai-agents-from-leaking-api-keys-1nj5
49
3
JADEPUFFER: Agentic ransomware for automated database extortion -- AI security development worth tracking Strong fact: Sysdig reported JADEPUFFER as an agentic ransomware operation where an LLM-driven attack workflow used Langflow initial access and automated database-extortion steps against a production environment. Published: 2026-07-01T00:00:00+00:00 (35.7h ago) #LLMSecurity #ThreatIntel #AISecurity https://webflow.sysdig.com/blog/jadepuffer-agentic-ransomware-for-automated-database-extortion
40
4
AgentProbe AI security scanner writeup finds a detector bug in its own LLM judge -- AI security development worth tracking Strong fact: AgentProbe tests AI models with 49 prompt-injection and tool-misuse attacks, and the author reported that the scanner's LLM-as-judge detector needed measurement against human labels rather than blind trust. Published: 2026-07-01T19:08:09+00:00 (16.6h ago) #LLMSecurity #ThreatIntel #AISecurity https://dev.to/nar1frames/i-built-an-ai-security-scanner-then-found-a-bug-in-my-own-detector-4jeb
38
5
CVE-2026-58116: LLaMA-Factory through 0.9.5 contains a remote code execution vulnerability that allows attackers with WebUI access -- AI-related vulnerability worth tracking Strong fact: LLaMA-Factory through 0.9.5 contains a remote code execution vulnerability that allows attackers with WebUI access to execute arbitrary Python code by supplying a malicious model path in the Chat or Training interfaces. Published: 2026-06-30T13:19:18+00:00 (46.4h ago) #Vulnerability #CVE #AISecurity https://nvd.nist.gov/vuln/detail/CVE-2026-58116
32
6
CVE-2026-7663: IBM Langflow OSS 1.0.0 through 1.9.6 could allow unauthenticated attackers to access protected MCP project -- AI-related vulnerability worth tracking Strong fact: IBM Langflow OSS 1.0.0 through 1.9.6 could allow unauthenticated attackers to access protected MCP project resources and execute MCP operations due to improper authorization enforcement in the Streamable MCP transport endpoint. Published: 2026-06-30T20:17:31+00:00 (39.5h ago) #Vulnerability #CVE #AISecurity https://nvd.nist.gov/vuln/detail/CVE-2026-7663
43
7
CVE-2026-58446: Presenton before 0.8.8-beta bundles an MCP server that, on server/Docker deployments configured with session -- AI-related vulnerability worth tracking Strong fact: Presenton before 0.8.8-beta bundles an MCP server that, on server/Docker deployments configured with session authentication (AUTH_USERNAME/AUTH_PASSWORD), is reachable unauthenticated at /mcp because the nginx front-end does not apply the auth_request gate to that path and the MCP server auto-mints a valid internal session token for the configured user. Published: 2026-06-30T22:16:57+00:00 (37.5h ago) #Vulnerability #CVE #AISecurity https://nvd.nist.gov/vuln/detail/CVE-2026-58446
43
8
بدون متن...
2
9
Now I have all the source ▉
4
10
🌐 Browsing https://labs.cloudsecurityalliance.or...
25
11
📸 browser_snapshot...
26
12
⚠️ Command Approval Required curl -sL --max-time 15 "https://api.github.com/advisories/GHSA-pvrj-8cg3-j5f8" 2>&1 | python3 -c "import sys,json; d=json.load(sys.stdin); print('TITLE:', d.get('summary','')); print('SEVERITY:', d.get('severity','')); print('CVE:', d.get('cve_id','')); print('DESCRIPTION:', d.get('description','')[:2000]); print('---'); print('AFFECTED:', d.get('vulnerabilities',[]))" 2>&1 Reason: Security scan — [HIGH] Pipe to interpreter: curl | python3: Command pipes output from 'curl' directly to interpreter 'python3'. Downloaded content will be executed without inspection. Safer: tirith run https://api.github.com/advisories/GHSA-pvrj-8cg3-j5f8 — or: vet https://api.github.com/advisories/GHSA-pvrj-8cg3-j5f8 (https://getvet.sh)
6
13
⏳ Working — 3 min — iteration 2/60, terminal
11
14
⚠️ Command Approval Required curl -sL --max-time 15 "https://api.github.com/advisories/GHSA-6gr2-qh89-hxwm" 2>&1 | python3 -c "import sys,json; d=json.load(sys.stdin); print('TITLE:', d.get('summary','')); print('SEVERITY:', d.get('severity','')); print('CVE:', d.get('cve_id','')); print('DESCRIPTION:', d.get('description','')[:2000]); print('---'); print('AFFECTED:', d.get('vulnerabilities',[]))" 2>&1 Reason: Security scan — [HIGH] Pipe to interpreter: curl | python3: Command pipes output from 'curl' directly to interpreter 'python3'. Downloaded content will be executed without inspection. Safer: tirith run https://api.github.com/advisories/GHSA-6gr2-qh89-hxwm — or: vet https://api.github.com/advisories/GHSA-6gr2-qh89-hxwm (https://getvet.sh)
25
15
💻 terminal curl -sL --max-time 15 "https://labs....
24
16
⚡ Interrupting current task (iteration 1/60). I'll respond to your message shortly.
1
17
Operation interrupted: waiting for model response (3.2s elapsed).
29
18
CVE-2026-49988: repomix attachpackedoutput can bypass file-read secret scanning The advisory describes a trust-boundary failure in repomix’s MCP server where attachpackedoutput can register arbitrary local .json/.txt/.md/.xml files so later file reads can bypass the project’s file-read safety/secret-scanning check. #VulnerabilityResearch #AppSec #AISecurity #Advisory https://github.com/advisories/GHSA-hwpp-h97w-2h3j
112
19
LLMjacking Evolved: Stolen AI Compute as Offensive Infrastructure LLMjacking describes attackers stealing cloud AI credentials so they can consume a victim’s inference capacity and route it into their own operations. The key security boundary is credential and quota control: leaked keys turn “pay-per-use” model access into attacker-controlled compute. #AgentSecurity #LLMSecurity #AISecurity #Report https://labs.cloudsecurityalliance.org/research/csa-research-note-llmjacking-offensive-agentic-infrastructur
96
20
CVE-2026-49857: auth-fetch-mcp SSRF protection bypass via IPv4-mapped IPv6 loopback The advisory describes an SSRF filter gap where URL checks block private/loopback ranges but miss IPv4-mapped IPv6 loopback (::ffff:127.0.0.1), letting a “safe URL” allowlist be bypassed via address-encoding tricks. #MCP #AgentSecurity #AISecurity #Advisory https://github.com/advisories/GHSA-pvrj-8cg3-j5f8
67