Most enterprises can't stop stage-three AI agent threats, VentureBeat survey finds

How mature is your AI agent security? VentureBeat's survey of 108 enterprises maps the gap between monitoring and isolation — ...
Hackaday

This Week In Security: Docker Auth, Windows Tools, And A Very Full Patch Tuesday

CVE-2026-34040 lets attackers bypass some Docker authentication plugins by allowing an empty request body. Present since 2024, this bug was caused by a previous fix to the auth workflow. In the ...

YubiKey Manager: Security vulnerability allows execution of injected code

Yubico warns of a search path vulnerability in YubiKey Manager, libfido2 and python-fido2. Updates fix the bugs.
eLife

Modality-agnostic decoding of vision and language from fMRI

Modality-agnostic decoders leverage modality-invariant representations in human subjects' brain activity to predict stimuli irrespective of their modality (image, text, mental imagery).
CSO Online

RCE by design: MCP architectural choice haunts AI agent ecosystem

Unsafe defaults in MCP configurations open servers to possible remote code execution, according to security researchers who ...
知乎专栏 on MSN

Claude code 如何调用skills

前段时间cc的源代码泄漏了,本地赶紧存了一份,然后让opus帮我分析了一下skills部分具体是怎么调用的,天啊,上苍的恩赐,这份源代码可以帮助解决好多问题。 模拟场景:写一条规范的 commit(全程调用过程) 假设你已经安装了一个名叫 commit 的技能,会话里也启用了 Skill 工具。下面用 Opus ...