Aggregator

苹果从 6 月 4 日周四起在美国德州引入年龄验证，此举是为了遵守德州的法律《App Store Accountability Act（SB 2420）》。去年 12 月法官阻止了该法律的

近期，奇安信威胁情报中心在日常样本跟踪分析过程中，发现一套高疑似勒索组织Qilin(Agenda)暴露在外的Cobalt Strike TeamServer工作目录。通过研判，可以确认该批文件并非单纯的黑客工具样本，而是能够直接反映Qilin(Agenda)勒索组织真实攻击活动的运营资料。

环境异常 当前环境异常，完成验证后即可继续访问。 去验证

On Thursday, Cisco warned of a high-severity, unpatched zero-day in the Cisco Catalyst SD-W

My forecast from last month was only partly right. After the Anthropic Mythos announcements and the deluge of newly discovered vulnerabilities from vendors like Mozilla, Microsoft’s updates were standard fare, 65 CVEs reported in Windows 11 and 58 in Windows 10. The Microsoft Office releases were a bit higher with 19 CVEs or so reported for the online versions. Apple did indeed release their OS security updates the day before Patch Tuesday, which garnered some … More →

The post June 2026 Patch Tuesday forecast: Where are the CVEs? appeared first on Help Net Security.

Новая ракета для комплексов HIMARS сможет поражать перемещаемые сухопутные и морские цели.

Meta在Facebook上推出新的AI创作者助手Meta在周四宣布，正在Facebook上推出一款新的AI创作者助手，该助手将根据创作者的内容风格、表现、社群和目标，为他们提供个性化推荐。创作者通常

Cisco has disclosed a high-severity vulnerability in its Catalyst SD-WAN Manager that is actively being exploited in the wild, allowing attackers to execute arbitrary commands with root privileges. The issue, tracked as CVE-2026-20245, carries a CVSS score of 7.8 and stems from improper input validation in the system’s command-line interface. According to Cisco’s advisory, the […]

The post Cisco SD-WAN Vulnerability Exploited in the Wild to Execute Arbitrary Commands as Root User appeared first on Cyber Security News.

希望赛事官方拉个官方比赛交流群，共同把比赛做好，让参赛办赛的每个师傅都能燃尽所有！

On Thursday, Cisco warned of a high-severity, unpatched zero-day in the Cisco Catalyst SD-WAN Manager (tracked as CVE-2026-20245) actively exploited in attacks enabling root privilege escalation. [...]

知名科幻作家姜峯楠（Ted Chiang）在《大西洋月刊》上发表文章认为 AI 没有意识，它只是在玩角色扮演游戏。Anthropic 被视为 AI 巨头，但它真正擅长的可能是拟人化。大模型能生成流畅的文本并不意味着它们有意识，虽然销售大模型的公司一直在助长这种误解。它输出的每个单词都以完全相同的方式生成。深度伪造通常指的是照片、音频和视频，但当讨论意识时，我们也需要将文本视为一种深度伪造媒介。深度伪造照片和大模型对话的主要区别在于前者是故意欺骗他人后者更多是自我欺骗。姜峯楠认为意识需要有主观体验，大模型缺乏主观体验这一事实与它能否成为有用工具或产生显著经济影响不相关。它们脱离现实的内在本质，以及概率性质意味着它们永远无法达到传统软件所具备的可靠性，虽然大模型可能足够优秀到能改变部分领域的工作方式。

A vulnerability was found in Znuny up to 6.5.20/7.3.2. It has been classified as problematic. Affected by this vulnerability is an unknown functionality of the component Communication Handler. This manipulation causes cross site scripting. This vulnerability appears as CVE-2026-50592. The attack may be initiated remotely. There is no available exploit. Upgrading the affected component is recommended.

A vulnerability was found in Znuny up to 6.5.20/7.3.2 and classified as problematic. Affected is an unknown function of the component User Preferences Handler. The manipulation results in cross site scripting. This vulnerability is reported as CVE-2026-50591. The attack can be launched remotely. No exploit exists. It is suggested to upgrade the affected component.

A vulnerability has been found in Mimecast Incydr up to 2.5.x and classified as problematic. This impacts an unknown function. The manipulation leads to incorrect permission assignment. This vulnerability is documented as CVE-2026-50590. The attack needs to be performed locally. There is not any exploit available. The affected component should be upgraded.

A vulnerability, which was classified as critical, was found in Microsoft Azure HorizonDB. This affects an unknown function. Executing a manipulation can lead to authentication bypass by spoofing. This vulnerability is registered as CVE-2026-48567. It is possible to launch the attack remotely. No exploit is available. This product is available as a managed service. Users are not able to maintain vulnerability countermeasures themselves.

A vulnerability, which was classified as critical, has been found in Microsoft 365 Copilot. The impacted element is an unknown function. Performing a manipulation results in command injection. This vulnerability is cataloged as CVE-2026-42824. It is possible to initiate the attack remotely. There is no exploit available. This product is a managed service. This means that users are not able to maintain vulnerability countermeasures themselves.

A vulnerability classified as problematic was found in OpenStack Ironic up to 35.0.1. The affected element is an unknown function of the component API/JSON-RPC Service. Such manipulation leads to allocation of resources. This vulnerability is listed as CVE-2026-50589. The attack may be performed from remote. There is no available exploit.

A vulnerability classified as critical has been found in OpenAI Atlas up to 1.2025.288.15. Impacted is an unknown function of the component Web Contents Handler. This manipulation causes improper access controls. This vulnerability is tracked as CVE-2026-11326. The attack is possible to be carried out remotely. No exploit exists. It is recommended to upgrade the affected component.

A vulnerability described as critical has been identified in wpdevteam Gutenberg Essential Blocks Plugin up to 6.1.3 on WordPress. This issue affects the function save_ai_generated_image. The manipulation results in server-side request forgery. This vulnerability is identified as CVE-2026-10586. The attack can be executed remotely. There is not any exploit available. Upgrading the affected component is recommended.