Aggregator

A vulnerability was found in Tenda F456 1.0.0.5 and classified as critical. The impacted element is the function fromaddressNat of the file /goform/addressNat. Executing a manipulation of the argument menufacturer/Go can lead to buffer overflow. This vulnerability appears as CVE-2026-7029. The attack may be performed from remote. In addition, an exploit is available.

A vulnerability was found in Tenda F456 1.0.0.5. It has been classified as critical. This affects the function fromRouteStatic of the file /goform/RouteStatic. The manipulation of the argument page leads to buffer overflow. This vulnerability is traded as CVE-2026-7030. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, has been found in itsourcecode Construction Management System 1.0. This affects an unknown part of the file /execute.php. This manipulation of the argument code causes sql injection. This vulnerability is tracked as CVE-2026-7073. The attack is possible to be carried out remotely. Moreover, an exploit is present.

Рассказываем, как одна случайность помогла вскрыть многолетнюю сеть шпионажа.

A newly disclosed security vulnerability in Tenable’s Nessus Agent for Windows could allow attackers to execute malicious code with the highest level of system privileges, raising serious concerns for enterprise security teams relying on the widely-deployed vulnerability assessment platform. The flaw enables a threat actor to create a Windows junction, a type of filesystem symbolic […]

The post Nessus Agent Vulnerability on Windows Enables Arbitrary Code Execution with SYSTEM Privileges appeared first on Cyber Security News.

澳大利亚禁止 16 岁以下青少年使用社媒的禁令于 2025 年 12 月 10 日生效，社媒公司如 Meta、Snap 和 TikTok 必须删除和停用逾百万未成年人账户，违反者将面临最高 3250 万美元的罚款。但根据英国预防自杀组织 Molly Rose Foundation 对 1050 名 12 至 15 岁澳大利亚青少年的调查，禁令生效前拥有社媒账号的青少年逾六成仍然能访问至少一个平台。TikTok、YouTube 和 Instagram 仍然保留了逾半数 16 岁以下用户账号。三分之二年轻用户表示这些平台未采取任何行动删除禁令前已存在的账户。澳大利亚互联网监管机构正呼吁对五家最大的社媒平台展开调查，以查明其是否存在违反禁令的行为。

威胁猎人信贷欺诈情报解决方案：让“隐藏式攻击”可识别、可预警、可阻断

技术不分咖位，热爱才是一切。「HG TALK」第一期——“追卫星的人”郝经利

来自企业、高校与个人开发者的10支决赛队伍经过激烈角逐，最终，由绿盟科技组成的“AI小分队”在国内外610支参赛战队中脱颖而出，夺得冠军。

4月28日，第三届“长城杯”网数智安全大赛（防护赛）总决赛将在福州正式拉开帷幕。

活动时间：2026年4月27日 - 5月20日

Linux内核模块编程指南 中文PDF

DeepSeek V4 成 OpenClaw 默认模型；拯救 Win11！揭秘微软 Windows K2 宏伟计划；智能眼镜销量大涨；消息称三星 Galaxy WideFold 阔折叠手机首批备货 100 万台，三个月后发布

CVE又有大变动。

Secure your MCP hosts with quantum-resistant IAM. Learn about lattice-based signatures, PQuAKE, and 4D context-aware access for AI agents.

The post Quantum-Resistant Identity and Access Management for MCP Resources appeared first on Security Boulevard.

让AI助手真正成为业务团队的“金牌搭档”。

LARYBench （Latent Action Representation Yielding Benchmark），一个指引从大规模的视觉数据学习到通用的隐式动作表征的系统化评测基准。实验结果表明：在动作泛化和控制精度上，通用视觉模型的表现均显著优于专门为具身智能设计的动作专家模型，具身动作表征可以从大规模人类视频数据中涌现。