Aggregator

Every organisation gets audited. The question is who does the auditing.

Google 周一宣布推出 Chrome 149 更新，修复了 74 个漏洞，其中包括一个已在野外被利用的零日漏洞。 该被利用的漏洞编号为 CVE-2026-11645，被描述为 V8 中的一个高危越界读/写问题，允许远程攻击者通过特制的 HTML 页面在沙箱内执行任意代码。 目前没有关于利用 CVE-2026-11645 的攻击细节，但威胁行为者很可能将其与沙箱逃逸漏洞进行了链式利用。...

WhatsApp 在调查用户报告的社会工程攻击后，检测并阻止了据称由 NSO Group 发起的鱼叉式钓鱼活动。 NSO Group 是一家以色列商业间谍软件供应商，以其先进的“Pegasus”工具而闻名，该工具曾被用于针对政界人士、活动人士、记者、学者及其他“高价值”个人。 自 2021 年 11 月以来，该公司因向外国政府提供被用于针对美国境内个...

F6 зафиксировала более 220 атак программ-вымогателей в России за январь–май 2026 года.

气候中心（Climate Central）发布分析结果称，美加墨世界杯比赛将遭遇全球变暖带来的高温天气，球员表现受到负面影响的可能性升高。此次世界杯将在 16 个场馆共举行 104 场比赛，其中 97 场比赛可能出现导致恢复能力等下降的炎热天气。不仅球员的健康风险上升，比赛的质量也可能受到影响。本届世界杯由美国、墨西哥、加拿大共同主办，赛程为当地时间 6 月 11 日至 7 月 19 日。基于以往数据对赛事期间气温的预测显示，有较高概率在 97 场比赛中出现超过 28 度的气温。此前研究指出，超过 28 度会对球员的跑动速度、距离与恢复时间产生影响，也会影响到战术和比赛风格。

黑客在 PyPI 上入侵了 19 个软件包，这些包累计下载量达数十万次。这是一次新的 Shai-Hulud 供应链攻击，旨在分发窃取开发者机密的恶意软件。 许多受感染的包是流行的生物信息学工具，例如 Dynamo、Spateo、CoolBox、U-FISH 和 Napari-UFISH。 应用安全公司 Socket 发现了此次新活动，该活动涉及 19 个包的 37 个恶意发布版本，这些包似乎来自同...

美国企业在强推 AI 之际公众对 AI 的抵触情绪也日益高涨。现在一名叫 Erin Maus 的 34 岁软件工程师找到了一种变通方法，以宗教理由豁免于使用 AI。她信仰普救一位神教（Unitarian Universalism），这是一个开明、包容的宗教，接受多元化和互联性，致力促进个人灵性成长。她以 AI 的环境和伦理问题为由称使用 AI 与其宗教信仰不符。她的雇主上个月批准了宗教豁免。Maus 说，她现在仍然手写代码，自己审查代码，就和两年前一样。

CISA has ordered U.S. government agencies to secure their Check Point Remote Access VPN and Mobile Access deployments against a critical vulnerability exploited in zero-day attacks by Qilin ransomware affiliates. [...]

Meta’s WhatsApp demands contempt ruling after users report NSO Group-linked phishing

Представители индустрии рискуют оказаться запертыми в тесном цифровом контуре.

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds BerriAI LiteLLM and Check Point Security Gateway flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added BerriAI LiteLLM and Check Point Security Gateway flaws to its Known Exploited Vulnerabilities (KEV) catalog. The two flaws added to the catalog are: The CVE-2026-42271 […]

A vulnerability was found in Huawei HarmonyOS 6.1.0. It has been classified as critical. This affects an unknown function of the component Package Management Module. Performing a manipulation results in improper access controls. This vulnerability is known as CVE-2026-41984. Attacking locally is a requirement. No exploit is available.

A vulnerability was found in Huawei HarmonyOS 5.1.0/6.0.0/6.1.0 and classified as critical. The impacted element is an unknown function of the component IPC Module. Such manipulation leads to use after free. This vulnerability is traded as CVE-2026-41982. The attack may be launched remotely. There is no exploit available.

A vulnerability has been found in Huawei HarmonyOS 5.1.0/6.0.0/6.1.0 and classified as critical. The affected element is an unknown function of the component IPC Module. This manipulation causes heap-based buffer overflow. This vulnerability appears as CVE-2026-41981. The attack requires local access. There is no available exploit.

A vulnerability, which was classified as problematic, was found in Huawei HarmonyOS and EMUI 4.0.0/4.2.0/4.3.0/4.3.1. Impacted is an unknown function of the component Log Service. The manipulation results in integer overflow. This vulnerability is reported as CVE-2026-41977. The attack requires a local approach. No exploit exists.

A vulnerability, which was classified as critical, has been found in Huawei HarmonyOS and EMUI. This issue affects some unknown processing. The manipulation leads to permission issues. This vulnerability is documented as CVE-2026-41976. The attack needs to be performed locally. There is not any exploit available.

A vulnerability classified as critical was found in Huawei HarmonyOS and EMUI. This vulnerability affects unknown code of the component Notifications Handler. Executing a manipulation can lead to improper access controls. This vulnerability is registered as CVE-2026-41974. The attack needs to be launched locally. No exploit is available.

A vulnerability classified as problematic has been found in Huawei HarmonyOS and EMUI. This affects an unknown part. Performing a manipulation results in business logic errors. This vulnerability is cataloged as CVE-2026-41973. The attack must be initiated from a local position. There is no exploit available.

A vulnerability described as critical has been identified in Huawei HarmonyOS 5.1.0/6.0.0/6.1.0. Affected by this issue is some unknown functionality. Such manipulation leads to path traversal. This vulnerability is listed as CVE-2026-41972. The attack may be performed from remote. There is no available exploit.

A vulnerability marked as problematic has been reported in Huawei HarmonyOS 6.0.0/6.1.0. Affected by this vulnerability is an unknown functionality. This manipulation causes improper resource management. This vulnerability is tracked as CVE-2026-41983. The attack is possible to be carried out remotely. No exploit exists.