Aggregator
用魔法打败魔法:自动化越狱提示词的生成
1 week 1 day ago
自动化越狱提示词的生成
js原型链污染原理及绕过
1 week 1 day ago
一文讲明js原型链污染原理及概念误区,包含常见绕过思路
SGLang GGUF 投毒致 RCE 漏洞(CVE-2026-5760)
1 week 1 day ago
该漏洞存在于大模型推理引擎 SGLang 中(影响 v0.5.9 及以下版本)。其核心逻辑非常直接:SGLang 在处理 /v1/rerank 请求时,会读取 GGUF 模型文件中的 tokenizer.chat_template 字段,并将其放入一个无沙箱限制的 Jinja2 环境中进行渲染。
Letta AI 最新版未修复漏洞
1 week 1 day ago
该漏洞允许攻击者通过 REST API 提供了一个 /v1/tools/run端点,利用任意 payload 在目标服务器上执行任意 Python 代码或系统命令。
DentaQuest data breach exposed info of 2.6 million accounts
1 week 1 day ago
A data breach at the dental benefits administrator DentaQuest has reportedly exposed the sensitive data of 2.6 million accounts. [...]
Bill Toulas
Новые биологические часы умеют считать потерянные годы. И подсказывать, как часть из них отыграть назад
1 week 1 day ago
Вы думали, что знаете свой возраст — вы знаете только дату рождения.
INC
1 week 1 day ago
You must login to view this content
cohenido
Submit #832348: bytedance InfiniStore 0.2.33 Denial of Service [Accepted]
1 week 1 day ago
Submit #832348 / VDB-368398
Dem00
Submit #832308: LibreDWG libredwg main branch @0b57303 (latest as of 2026-04-29) Heap-buffer-overflow (Out-of-bounds Heap Write) [Duplicate]
1 week 1 day ago
Submit #832308 / VDB-365549
pwn3rd
Submit #832297: LibreDWG libredwg main branch @0b57303 (latest as of 2026-04-29) Heap-buffer-overflow (Out-of-bounds Heap Read) [Duplicate]
1 week 1 day ago
Submit #832297 / VDB-365549
pwn3rd
Your AI agent could become your biggest insider threat
1 week 1 day ago
New research details how the increasing integration of AI agents into businesses is making it easier than ever for insiders - malicious or otherwise - to put sensitive data at risk.
The post Your AI agent could become your biggest insider threat appeared first on CyberScoop.
djohnson
Russia seeks to label two anti-Kremlin hacker groups as ‘extremist’
1 week 1 day ago
The groups have previously claimed responsibility for cyberattacks targeting critical infrastructure and government institutions in Russia and Belarus.
Stock Exchange Executive’s Outlook Account Targeted to Exfiltrate Credentials
1 week 1 day ago
A senior executive at a major global stock exchange had their Microsoft Outlook account silently compromised for five straight months, with attackers carefully siphoning emails in small batches to avoid detection. The intrusion ran from October 2025 through at least March 2026, designed entirely around one single goal: stealing the complete contents of one person’s […]
The post Stock Exchange Executive’s Outlook Account Targeted to Exfiltrate Credentials appeared first on Cyber Security News.
Tushar Subhra Dutta
Томас Эдисон считался отцом звукозаписи 150 лет. Историки только что это опровергли
1 week 1 day ago
Говорящая машина XVIII века умела смеяться, плакать и петь арии. А не фонограф ли это?
Supreme Court rules FCC fines punishing telecom giants for sharing location data were legal
1 week 1 day ago
The Trump administration had backed the FCC’s position and, apart from Justice Clarence Thomas, the high court agreed.
Государство блокирует VPN, но разрешит «Билайну» сделать свой, правильный VPN
1 week 1 day ago
VPN, который не надо включать, искать и прятать — мечта или тариф?
iFood Confirms Data Breach Affecting 1.2 Million Users in Brazil
1 week 1 day ago
iFood confirms a data breach affecting 1.2 million customers in Brazil, while hackers on BreachForums claim the actual theft is much larger.
Deeba Ahmed
U.S. CISA adds Mirasvit Full Page Cache Warmer flaw to its Known Exploited Vulnerabilities catalog
1 week 1 day ago
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Mirasvit Full Page Cache Warmer flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Mirasvit Full Page Cache Warmer flaw, tracked as CVE-2026-45247 (CVSS ver 4.0 score of 9.3), to its Known Exploited Vulnerabilities (KEV) catalog. The CVE-2026-45247 flaw is a […]
Pierluigi Paganini
CISA Warns of critical Magento Cache Warmer RCE flaw Exploited in Attacks
1 week 1 day ago
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning about a critical remote code execution vulnerability affecting the Mirasvit Full Page Cache Warmer extension for Magento, tracked as CVE-2026-45247. The flaw, stemming from insecure deserialization of untrusted data, is now being actively exploited in real-world attacks, raising concerns across eCommerce environments […]
The post CISA Warns of critical Magento Cache Warmer RCE flaw Exploited in Attacks appeared first on Cyber Security News.
Abinaya