Смотреть можно, но только если вы в погонах или со степенью. Власти исправляют закон, который мешал им ловить экстремистов
Минцифры решило, кому в России можно законно гуглить «запрещенку».
Aggregator
增强网络入侵检测系统:一种抵御对抗攻击的多层集成方法
1 day 22 hours ago
作者:Nasim Soltani, Shayan Nejadshamsi等
译者:知道创宇404实验室翻译组
原文链接:https://arxiv.org/html/2603.10413v1
摘要
对抗样本会对机器学习(ML)算法构成严重威胁。若被用于操控基于机器学习的网络入侵检测系统(NIDS)行为,将危及网络安全。本研究旨在通过提升网络入侵检测系统对抗对抗攻击的鲁棒性来降低此类风险。为此...
Trivy Hack Spreads Infostealer via Docker, Triggers Worm and Kubernetes Wiper
1 day 22 hours ago
Cybersecurity researchers have uncovered malicious artifacts distributed via Docker Hub following the Trivy supply chain attack, highlighting the widening blast radius across developer environments.
The last known clean release of Trivy on Docker Hub is 0.69.3. The malicious versions 0.69.4, 0.69.5, and 0.69.6 have since been removed from the container image library.
"New image tags 0.69.5 and
The Hacker News
Submit #775856: itsourcecode Online Enrollment System V1.0 sql [Accepted]
1 day 22 hours ago
Submit #775856 / VDB-352499
Guanxin
CVE-2026-3587 | WAGO Lean Managed Switch 852-1816-010-000 010-001 prior V1.2.1.S0 Restricted Interface backdoor (VDE-2026-020 / EUVD-2026-14385)
1 day 22 hours ago
A vulnerability was found in WAGO Lean Managed Switch 852-1812, Lean Managed Switch 852-1813, Lean Managed Switch 852-1813-000-001, Lean Managed Switch 852-1816, Industrial Managed Switch 852-303, Industrial Managed Switch 852-1305, Industrial Managed Switch 852-1305-000-001, Industrial Managed Switch 852-1505-000-001, Industrial Managed Switch 852-1505, Industrial Managed Switch 852-602, Industrial Managed Switch 852-603, Industrial Managed Switch 852-1605, Lean Managed Switch 852-1812-010-000, Lean Managed Switch 852-1813-010-000 and Lean Managed Switch 852-1816-010-000 010-001. It has been classified as critical. This affects an unknown part of the component Restricted Interface. Performing a manipulation results in backdoor.
This vulnerability is reported as CVE-2026-3587. The attack is possible to be carried out remotely. No exploit exists.
Upgrading the affected component is recommended.
vuldb.com
CVE-2025-6229 | shaonsina Sina Extension for Elementor Plugin up to 3.7.0 on WordPress cross site scripting (EUVD-2025-208932)
1 day 22 hours ago
A vulnerability was found in shaonsina Sina Extension for Elementor Plugin up to 3.7.0 on WordPress and classified as problematic. Affected by this issue is some unknown functionality. Such manipulation leads to cross site scripting.
This vulnerability is documented as CVE-2025-6229. The attack can be executed remotely. There is not any exploit available.
It is suggested to upgrade the affected component.
vuldb.com
CVE-2025-13997 | kingaddons King Addons for Elementor Plugin up to 51.1.49 on WordPress render_full_form information disclosure (EUVD-2025-208931)
1 day 22 hours ago
A vulnerability has been found in kingaddons King Addons for Elementor Plugin up to 51.1.49 on WordPress and classified as problematic. Affected by this vulnerability is the function render_full_form. This manipulation causes information disclosure.
This vulnerability is registered as CVE-2025-13997. Remote exploitation of the attack is possible. No exploit is available.
The affected component should be upgraded.
vuldb.com
International police Operation Alice take down 373,000 dark web sites exploiting children
1 day 23 hours ago
Operation Alice: Police dismantle a massive dark web network with 373,000 fake sites luring users seeking child sexual abuse material. An international law enforcement operation, code named Operation Alice, shut down one of the largest dark web scams, uncovering over 373,000 fake sites tricking users seeking child sexual abuse content. The operation, first investigated in […]
Pierluigi Paganini
CVE-2025-43520
1 day 23 hours ago
Currently trending CVE - Hype Score: 1 - A memory corruption issue was addressed with improved memory handling. This issue is fixed in watchOS 26.1, iOS 18.7.2 and iPadOS 18.7.2, macOS Tahoe 26.1, visionOS 26.1, tvOS 26.1, macOS Sonoma 14.8.2, macOS Sequoia 15.7.2, iOS 26.1 and iPadOS 26.1. A malicious application may ...
Удары по HIMARS и испытания оружия. Что нашли в утечке секретных технологий Китая
1 day 23 hours ago
Кто и как смог вынести 10 петабайт информации из-под носа у Пекина.
New KB5085516 emergency update fixes Microsoft account sign-in
1 day 23 hours ago
Microsoft has released an emergency update to address a major issue that breaks sign-ins with Microsoft accounts across multiple Microsoft apps, including Teams and OneDrive. [...]
Sergiu Gatlan
Ghost in the Beacon: Mastering In-Memory PE Execution with BOF RunPE
1 day 23 hours ago
BOF RunPE is a Beacon Object File for Cobalt Strike that executes PE files entirely in-memory within the
The post Ghost in the Beacon: Mastering In-Memory PE Execution with BOF RunPE appeared first on Penetration Testing Tools.
ddos
The AI Accelerator: How 29 Million Leaked Secrets are Fueling a New Era of Digital Insecurity
1 day 23 hours ago
The ubiquitous integration of artificial intelligence into software development over the past year has precipitously accelerated production cycles
The post The AI Accelerator: How 29 Million Leaked Secrets are Fueling a New Era of Digital Insecurity appeared first on Penetration Testing Tools.
ddos
The Support Snare: How Cybercriminals are Hijacking LiveChat to Impersonate Amazon and PayPal
1 day 23 hours ago
Phishing bombardments have long possessed the acumen to meticulously forge correspondence from colossal brands; however, contemporary digital marauders
The post The Support Snare: How Cybercriminals are Hijacking LiveChat to Impersonate Amazon and PayPal appeared first on Penetration Testing Tools.
ddos
The Cheat Code Trap: How Vidar 2.0 is Hijacking GitHub and Reddit to Pillage the Gaming World
1 day 23 hours ago
The vanguard at Acronis has chronicled a sprawling campaign of malicious software proliferation, coursing through the veins of
The post The Cheat Code Trap: How Vidar 2.0 is Hijacking GitHub and Reddit to Pillage the Gaming World appeared first on Penetration Testing Tools.
ddos
The Illusion of Sapience: Unmasking the “Performative” AI and the Rise of Agentic Malware
1 day 23 hours ago
Malefactors are already endeavoring to weave artificial intelligence into the fabric of malicious software, yet the current manifestations
The post The Illusion of Sapience: Unmasking the “Performative” AI and the Rise of Agentic Malware appeared first on Penetration Testing Tools.
ddos
【附下载】深度拆解OpenClaw“龙虾”风险:AI时代供应链安全,为何成了行业致命软肋?
1 day 23 hours ago
前言:
“龙虾”问题不是一次普通漏洞事件,而是AI时代软件供应链、开源治理、社会工程、数据安全等集中爆发的典型风险事件(AI跳出沙箱对系统有核心的操控权限,普通人没有规范使用龙虾的能力),是未来AI安全的“预警级样本”。
来源:重庆信通设计院天空实验室
网络伍豪
Ghost in the Inbox: How the “GhostMail” Attack Weaponized Zimbra’s Own API to Siphon Critical State Secrets
1 day 23 hours ago
Phishing bombardments directed at webmail architectures are customarily orchestrated along a deeply familiar trajectory: a pernicious attachment, a
The post Ghost in the Inbox: How the “GhostMail” Attack Weaponized Zimbra’s Own API to Siphon Critical State Secrets appeared first on Penetration Testing Tools.
ddos
【长线活动】2026淘天电商反爬专项
1 day 23 hours ago
淘天电商反爬专项活动50W奖金池!
The Invisible Key-Snatcher: How VoidStealer’s Hardware Breakpoints Shatter Chrome’s Latest Defenses
1 day 23 hours ago
Malicious software designed to pillage browser data has once again circumvented Google’s defensive measures, albeit with a markedly
The post The Invisible Key-Snatcher: How VoidStealer’s Hardware Breakpoints Shatter Chrome’s Latest Defenses appeared first on Penetration Testing Tools.
ddos