Aggregator

Submit #775050 / VDB-352400

Submit #775039 / VDB-352399

Как GPT-3.5 помогает собирать рабочие вирусы тем, кто не умеет кодить.

玄机上有几道pwn题没什么人做，特意花时间做了并且进行整理

Кликнул на сообщение — потерял все пароли, токены 2FA и три месяца переписки.

Name: PolyPwnCTF 2026 (an PolyPwnCTF event.)
Date: March 21, 2026, 10 a.m. — 21 March 2026, 21:00 UTC  [add to calendar]
Format: Jeopardy
On-site
Location: Polytechnique Montréal
Offical URL: https://polypwn.polycyber.io/
Rating weight: 0.00
Event organizers: PolyCyber

Name: ZeroDays CTF 2026 (an ZeroDays CTF event.)
Date: March 21, 2026, 10 a.m. — 21 March 2026, 17:00 UTC  [add to calendar]
Format: Jeopardy
On-site
Location: Dublin, Ireland
Offical URL: http://www.zerodays.ie/
Rating weight: 0
Event organizers: Ireland without the RE

Name: Undutmaning 2026 (an Undutmaning event.)
Date: March 21, 2026, 11 a.m. — 21 March 2026, 19:00 UTC  [add to calendar]
Format: Jeopardy
On-line
Offical URL: https://undutmaning.se/
Rating weight: 33.00
Event organizers: Undutmaning

南沙的五港联动和OpenClaw

Анализ трафика показал рекламу, трекеры, сторонние SDK и даже подмену серверов в одном из популярных клиентов.

该漏洞出自Xiaomi路由器BE10000 Pro 稳定版 存在授权后远程RCE漏洞

23-го апреля 2026-го года в Москве пройдет CIRF- конференция про ИБ свободная от официоза.

A vulnerability identified as problematic has been detected in NaturalIntelligence fast-xml-parser up to 5.5.5. Affected is the function replaceEntitiesValue. Performing a manipulation results in xml entity expansion. This vulnerability is identified as CVE-2026-33036. The attack can be initiated remotely. There is not any exploit available. You should upgrade the affected component.

A vulnerability classified as critical has been found in alexcrichton tar-rs up to 0.4.44. This impacts an unknown function. Performing a manipulation results in type confusion. This vulnerability is reported as CVE-2026-33055. The attack is possible to be carried out remotely. No exploit exists. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in pydicom up to 3.0.1. This impacts an unknown function of the component DICOM File Parser. Executing a manipulation can lead to path traversal. This vulnerability appears as CVE-2026-32711. The attack may be performed from remote. There is no available exploit. Upgrading the affected component is advised.

A vulnerability classified as critical was found in Microsoft Windows. Impacted is an unknown function of the component Kernel. Executing a manipulation can lead to race condition. This vulnerability is handled as CVE-2025-62215. It is possible to launch the attack on the local host. Additionally, an exploit exists. It is advisable to implement a patch to correct this issue.

Инфостилеры научились обходить шифрование v20_master_key, подсматривая в память браузера.

好的，我现在需要帮用户总结这篇文章的内容，控制在100字以内。首先，我得仔细阅读文章，理解其主要观点。 文章开头提到2024年印度因网络诈骗损失了22845亿卢比，比前一年增加了206%。这说明问题非常严重。接着，作者赞扬了CERT-In等团队的努力，并指出问题不是因为他们的不尽力，而是现有的结构无法应对问题。 然后，文章描述了恶意链接在不同平台上传播的情况，比如WhatsApp、Instagram和X（推特）等，导致普通用户如祖母点击后损失积蓄。这表明问题的实际影响很大。 作者分析了根本原因：各个平台各自运行检测系统，不共享情报，导致恶意链接在不同平台之间传播延迟。再加上AI生成的钓鱼链接难以辨别，情况更加恶化。 解决方案是建立一个开源的恶意链接检测API，由CERT-In、Meta、Google、X等共同维护，实现统一的威胁情报层和实时响应。作者认为现有的机构框架存在，但缺乏技术标准。 最后，作者呼吁开发者和政策制定者合作，并询问是否有类似项目在进行中以及可能的障碍。 总结时需要涵盖关键点：网络诈骗损失增加、现有结构的问题、平台间缺乏合作、AI带来的挑战、提出的解决方案以及呼吁合作。控制在100字以内，直接描述内容。 印度2024年网络诈骗损失达2.28万亿卢比,同比增长206%。现有平台间检测系统孤立,情报不共享,导致恶意链接传播延迟。AI生成钓鱼链接加剧风险。建议建立开源统一检测API,由CERT-In等共同维护,实现实时同步响应,提升整体网络安全水平。

A vulnerability, which was classified as critical, was found in Phoenix Contact FL SWITCH 2005, FL SWITCH 2008, FL SWITCH 2016, FL SWITCH 2105, FL SWITCH 2108, FL SWITCH 2116, FL SWITCH 2204-2TC-2SFX, FL SWITCH 2205, FL SWITCH 2206-2FX, FL SWITCH 2206-2FX SM, FL SWITCH 2206-2FX SM ST, FL SWITCH 2206-2FX ST, FL SWITCH 2206-2SFX, FL SWITCH 2206-2SFX PN, FL SWITCH 2206C-2FX, FL SWITCH 2207-FX, FL SWITCH 2207-FX SM, FL SWITCH 2208, FL SWITCH 2208 PN, FL SWITCH 2208C, FL SWITCH 2212-2TC-2SFX, FL SWITCH 2214-2FX, FL SWITCH 2214-2FX SM, FL SWITCH 2214-2SFX, FL SWITCH 2214-2SFX PN, FL SWITCH 2216, FL SWITCH 2216 PN, FL SWITCH 2304-2GC-2SFP, FL SWITCH 2306-2SFP, FL SWITCH 2306-2SFP PN, FL SWITCH 2308, FL SWITCH 2308 PN, FL SWITCH 2312-2GC-2SFP, FL SWITCH 2314-2SFP, FL SWITCH 2314-2SFP PN, FL SWITCH 2316, FL SWITCH 2316 PN, FL SWITCH 2404-2TC-2SFX, FL SWITCH 2406-2SFX, FL SWITCH 2406-2SFX PN, FL SWITCH 2408, FL SWITCH 2408 PN, FL SWITCH 2412-2TC-2SFX, FL SWITCH 2414-2SFX, FL SWITCH 2414-2SFX PN, FL SWITCH 2416, FL SWITCH 2416 PN, FL SWITCH 2504-2GC-2SFP, FL SWITCH 2506-2SFP, FL SWITCH 2506-2SFP PN, FL SWITCH 2508, FL SWITCH 2508 PN, FL SWITCH 2512-2GC-2SFP, FL SWITCH 2514-2SFP, FL SWITCH 2514-2SFP PN, FL SWITCH 2516, FL SWITCH 2516 PN, FL SWITCH 2608, FL SWITCH 2608 PN, FL SWITCH 2708, FL SWITCH 2708 PN, FL SWITCH 2303-8SP1, FL NAT 2008, FL NAT 2208, FL NAT 2304-2GC-2SFP, FL SWITCH 2008F, K1, FL SWITCH TSN 2316, FL SWITCH TSN 2312-2GC-2SFP, FL SWITCH TSN 2314-2SFP, FL SWITCH 5924-4GC, FL SWITCH 5916-8GC-4SFP+, FL SWITCH 5924SFP-4GC, FL SWITCH 5924-4SFP+ and FL SWITCH 5916SFP-8GC-4SFP+ up to 3.52. The affected element is an unknown function of the component Telnet/SSH. Such manipulation leads to stack-based buffer overflow. This vulnerability is referenced as CVE-2026-22321. It is possible to launch the attack remotely. No exploit is available. You should upgrade the affected component.