Aggregator

A security researcher has released exploit code for a Visual Studio Code (VS Code) zero-day vulnerability that allows attackers to steal GitHub authentication tokens by tricking users into clicking a link. [...]

中级： 12h：1200-1600元左右/天高级：12h：1600-2000元左右/天注意：人员能力特别突出

Как работает уязвимость в Citrix, позволяющая читать содержимое чужой памяти без единого пароля.

Netskope has announced Netskope One AI Command Center, bringing together AI discovery, risk intelligence, and autonomous response capabilities in a single platform. As the latest expansion of the Netskope One AI Security suite, it helps security teams understand what AI is running in their environments, determine which risks require action, and accelerate response efforts. Among enterprises tracked by Netskope Threat Labs, the average enterprise organization saw the number of AI applications in use grow fivefold … More →

The post Netskope adds AI asset discovery and AISecOps agent to AI security portfolio appeared first on Help Net Security.

美国总统特朗普周二签署了一项行政令，要求 AI 公司让政府先行评估其新模型的能力。行政令还要求 AI 公司在自愿的基础上参与基准测试流程，以评估模型的“高级网络能力”，确定其是否应被视为“受保护的前沿模型”。行政令要求 AI 公司在正式发布新模型前提前最多 30 天给予政府访问权限。

Cybersecurity researchers have flagged a new campaign targeting Minecraft players via YouTube to spread malware capable of gaining control of victims' systems. The Minecraft-focused malware-as-a-service (MaaS) campaign has been codenamed Weedhack by McAfee Labs, stating the activity has been active since January 2026 and impersonates Minecraft clients and mods to infect users. In all, 3820

Чем теплее диалог, тем дороже может обойтись откровенность.

Vim 项目在 2025 年 12 月宣布了生成式 AI 政策：只要大模型生成代码予以披露以及代码风格与现有代码保持一致，那么 AI 代码就可以接受。但项目的多位资深参与者对接受 AI 代码持反对意见，不想看到 AI 代码泛滥，他们选择了创建没有 AI 代码的分支，其中一个分支就是 Drew DeVault 的 Vim Classic。出于长期维护的考虑，Vim Classic 不是基于较新的 Vim 9 系列，而是基于 Vim 8.2.0148。他刚刚释出了 Vim Classic 8.3，主要是从上游版本移植了部分 bug 修正和补丁。由于缺乏资源，部分 Vim 插件与 Vim Classic 不兼容。

Submit #829543 / VDB-367927

В сети оказались чертежи всей цифровой архитектуры шведского бренда.

根据内部电子邮件，欧洲议会内部计算机的默认搜索引擎将于 6 月 4 日起从 Google 切换到法国搜索引擎 Qwant，此举是出于对数字主权和隐私的考虑。Qwant 被描述为以隐私为中心的欧洲搜索引擎，不追踪用户或收集个人数据。Qwant 成立于 2013 年，突出了隐私保护，为用户提供了 Google 之外的一种选择。通过 Firefox 和 Edge 浏览器地址栏进行的搜索将自动路由到 Qwant，但欧洲议会议员仍然可以自由使用其它搜索引擎或更改其默认设置。欧盟委员会正在加强技术主权，减少对外国技术供应商的依赖，扶持欧洲本土技术。

Online fraud complaints, ransomware cases, and phishing tips reach Slovenia’s national cyber response center in steady volume, and a team of around a dozen analysts sorts through them. Gorazd Božič, who manages SI-CERT at the public agency ARNES, described that work in an interview conducted in person at the Span Cyber Security Arena conference. He put the original proposal for a Slovenian CERT to ARNES leadership in 1994, and the center now records about 6,000 … More →

The post A small Slovenian team handles 6,000 cyber incidents a year appeared first on Help Net Security.

A vulnerability, which was classified as problematic, was found in cilium ebpf up to 0.21.0. This affects the function loadRawSpec of the file btf/btf.go of the component LoadCollectionSpec/LoadCollectionSpecFromReader. Such manipulation leads to integer overflow. This vulnerability is referenced as CVE-2026-10722. The attack can only be performed from a local environment. Furthermore, an exploit is available. A patch should be applied to remediate this issue.

Submit #818291 / VDB-368091

CERT/CCから本件に関するアドバイザリが公表されました。

CERT/CCから本件に関するアドバイザリが公表されました。

A vulnerability, which was classified as critical, has been found in RURBAN Cpanel::JSON::XS up to 4.40 on Perl. The impacted element is the function decode_hv. This manipulation causes type confusion. The identification of this vulnerability is CVE-2026-9334. It is possible to initiate the attack remotely. There is no exploit available. It is advisable to upgrade the affected component.

A vulnerability classified as problematic was found in Passeum Ticketing Plugin up to 1.0 on WordPress. The affected element is the function get_shop_url of the component Setting Handler. The manipulation of the argument shop_name results in cross site scripting. This vulnerability was named CVE-2026-7421. The attack may be performed from remote. There is no available exploit.

A vulnerability classified as problematic has been found in RURBAN Cpanel::JSON::XS up to 4.40 on Perl. Impacted is the function decode_json. The manipulation leads to release of reference. This vulnerability is uniquely identified as CVE-2026-9516. The attack is possible to be carried out remotely. No exploit exists. It is recommended to upgrade the affected component.

A vulnerability described as problematic has been identified in planetshaker EmergencyWP Plugin up to 1.4.2 on WordPress. This issue affects the function form_settings_ui of the file add_cap/remove_cap of the component Setting Handler. Executing a manipulation can lead to cross-site request forgery. This vulnerability is handled as CVE-2026-9732. The attack can be executed remotely. There is not any exploit available.