Aggregator

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 6.18.8. This impacts the function hci_uart_set_proto of the component Bluetooth. The manipulation leads to null pointer dereference. This vulnerability is referenced as CVE-2026-23146. The attack needs to be initiated within the local network. No exploit is available. It is advisable to upgrade the affected component.

A vulnerability labeled as critical has been found in Linux Kernel up to 6.1.161/6.6.121/6.12.66/6.18.6. This issue affects the function access_pattern of the component DAMON Sysfs. The manipulation results in denial of service. This vulnerability is known as CVE-2026-23142. Access to the local network is required for this attack. No exploit is available. The affected component should be upgraded.

A vulnerability categorized as critical has been discovered in Linux Kernel up to 6.6.121/6.12.66/6.18.6. This affects the function range_is_hole_in_parent of the component btrfs. Executing a manipulation of the argument disk_bytenr can lead to memory corruption. This vulnerability appears as CVE-2026-23141. The attacker needs to be present on the local network. There is no available exploit. It is advisable to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Linux Kernel up to 6.18.8. Affected is an unknown function of the component wifi. The manipulation results in memory corruption. This vulnerability is identified as CVE-2026-23152. The attack can only be performed from the local network. There is not any exploit available. You should upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.1.160/6.6.120/6.12.65/6.18.5. It has been classified as critical. The impacted element is the function xdp_update_frame_from_buff of the component test_run. The manipulation leads to privilege escalation. This vulnerability is documented as CVE-2026-23140. The attack requires being on the local network. There is not any exploit available. Upgrading the affected component is recommended.

A vulnerability has been found in Linux Kernel up to 6.6.120/6.12.65/6.18.5 and classified as critical. Impacted is the function osd_fault of the component libceph. Performing a manipulation results in state issue. This vulnerability is cataloged as CVE-2026-23136. The attack must originate from the local network. There is no exploit available. The affected component should be upgraded.

A vulnerability has been found in Linux Kernel up to 6.6.121/6.12.67/6.18.7 and classified as critical. This affects the function dma_free_coherent of the component wifi. The manipulation leads to allocation of resources. This vulnerability is listed as CVE-2026-23135. The attack must be carried out from within the local network. There is no available exploit. The affected component should be upgraded.

A vulnerability was found in Linux Kernel up to 6.18.7. It has been declared as critical. Affected by this vulnerability is the function dma_free_coherent of the component wifi. Such manipulation leads to allocation of resources. This vulnerability is documented as CVE-2026-23133. The attack requires being on the local network. There is not any exploit available. It is recommended to upgrade the affected component.

A vulnerability identified as critical has been detected in Linux Kernel up to 6.18.7. The affected element is the function kmalloc_nolock of the component slab. This manipulation causes privilege escalation. This vulnerability appears as CVE-2026-23134. The attacker needs to be present on the local network. There is no available exploit. You should upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Linux Kernel up to 6.18.7. This issue affects the function dw_dp_bind. Such manipulation leads to privilege escalation. This vulnerability is listed as CVE-2026-23132. The attack must be carried out from within the local network. There is no available exploit. You should upgrade the affected component.

A vulnerability marked as critical has been reported in Linux Kernel up to 6.18.5. This affects the function netfs_read_unlock_folios. The manipulation leads to buffer overflow. This vulnerability is uniquely identified as CVE-2025-71201. The attack can only be initiated within the local network. No exploit exists. It is suggested to upgrade the affected component.

A vulnerability identified as critical has been detected in Linux Kernel up to 6.1.160/6.6.120/6.12.65/6.18.5. This vulnerability affects the function nf_conncount of the component netfilter. The manipulation of the argument last_gc leads to resource consumption. This vulnerability is traded as CVE-2026-23139. Access to the local network is required for this attack to succeed. There is no exploit available. You should upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.18.5. It has been rated as critical. Affected by this issue is some unknown functionality of the component tracing. Performing a manipulation results in uncontrolled recursion. This vulnerability is reported as CVE-2026-23138. The attacker must have access to the local network to execute the attack. No exploit exists. Upgrading the affected component is advised.

A vulnerability was found in Linux Kernel up to 6.18.5 and classified as critical. The affected element is the function unittest_data_add. Executing a manipulation can lead to double free. This vulnerability is registered as CVE-2026-23137. The attack requires access to the local network. No exploit is available. It is suggested to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.18.6. It has been declared as critical. This affects the function vfree of the component IOMMU Interface. The manipulation results in privilege escalation. This vulnerability is reported as CVE-2025-71202. The attacker must have access to the local network to execute the attack. No exploit exists. It is recommended to upgrade the affected component.

嗯，用户让我帮忙总结一下这篇文章的内容，控制在一百个字以内。首先，我需要仔细阅读文章，理解其主要内容。 文章主要讲的是苹果公司发布了第一个Background Security Improvements更新，修复了一个WebKit漏洞CVE-2026-20643。这个漏洞允许恶意网页内容绕过浏览器的同源策略。苹果通过改进输入验证解决了这个问题，并且这是他们第一次使用Background Security Improvements功能来推送安全补丁，而不需要用户升级整个操作系统。 接下来，我需要将这些信息浓缩到一百个字以内。要抓住关键点：苹果修复了WebKit漏洞，通过Background Security Improvements功能推送补丁，无需系统升级。同时提到这个漏洞允许恶意内容绕过同源策略。 可能的结构是：苹果发布首个背景安全更新修复WebKit漏洞CVE-2026-20643，无需系统升级；该漏洞使恶意内容绕过同源策略。 检查一下字数是否在限制内，并确保信息准确无误。 苹果发布首个背景安全更新修复WebKit漏洞CVE-2026-20643，无需系统升级；该漏洞使恶意内容绕过同源策略。

Apple has released its first Background Security Improvements update to fix a WebKit flaw tracked as CVE-2026-20643 on iPhones, iPads, and Macs without requiring a full operating system upgrade. [...]

嗯，用户让我帮忙总结一下这篇文章的内容，控制在一百个字以内。首先，我需要仔细阅读这篇文章，理解其主要观点和数据。 文章是关于GitGuardian发布的第五版“State of Secrets Sprawl”报告。主要内容是2025年人工智能的普及如何改变了软件交付，并加速了非人类身份（NHIs）及其秘密在公共和内部系统中的暴露。文章提到泄露的秘密数量大幅增加，AI辅助代码导致泄漏率翻倍，内部存储库是最大的暴露源，治理措施跟不上。 接下来，我需要将这些信息浓缩到100字以内。要抓住关键点：AI的影响、泄露数量增加、内部存储库的风险、治理不足以及GitGuardian的建议。 然后，组织语言，确保简洁明了。避免使用复杂的术语，让总结易于理解。 最后，检查字数是否符合要求，并确保所有关键信息都被涵盖。 GitGuardian发布报告指出，2025年人工智能普及加速软件开发的同时，也导致非人类身份（NHIs）及机密泄露激增。GitHub上新泄露机密数量增长34%，达2900万。AI辅助代码使泄漏率翻倍，内部存储库成主要风险源。治理措施未能跟上技术发展步伐。

NEW YORK, Mar.17, 2026, CyberNewswire — GitGuardian, the security leader behind GitHub’s most installed application, today released the 5th edition of its “State of Secrets Sprawl” report, documenting how mainstream AI adoption in 2025 reshaped software delivery and accelerated the … (more…)

The post News alert: GitGuardian study shows AI coding tools double leak rates as 29M credentials hit GitHub first appeared on The Last Watchdog.

The post News alert: GitGuardian study shows AI coding tools double leak rates as 29M credentials hit GitHub appeared first on Security Boulevard.

好的，我现在需要帮用户总结一篇文章的内容，控制在100字以内。首先，我得仔细阅读文章，理解主要内容。 文章讲的是OpenAI和亚马逊云服务合作，向美国国防部和政府机构出售AI模型的使用权，用于处理机密和非机密工作。这取代了之前Anthropic的角色，因为Anthropic拒绝让其AI用于军事用途，特别是监控和自主武器。所以，五角大楼转而选择OpenAI。 接下来，我需要将这些信息浓缩到100字以内。要注意关键点：OpenAI、亚马逊云服务、美国国防部、替代Anthropic、军事用途。同时，语言要简洁明了。 可能的结构是：OpenAI通过亚马逊云向美国国防部提供AI模型使用权，替代Anthropic，用于军事用途。这样既涵盖了主要信息，又符合字数限制。 最后检查一下是否遗漏了重要信息，比如合同签署的时间或 Anthropic 的具体原因。但为了简洁起见，可能不需要详细说明这些细节。 OpenAI通过亚马逊云服务向美国国防部及政府机构提供AI模型使用权，用于机密与非机密工作。此协议使OpenAI取代Anthropic成为五角大楼的AI供应商。