Aggregator

Linux Kernel Vulnerability “Copy Fail” lets attackers gain root access via memory flaw. Patch now or disable algif_aead to stay secure.

Ukrainian police arrested three hackers who hijacked 610,000 Roblox accounts and sold them for $225,000 in profit. Police in Ukraine arrested three suspects accused of hacking over 610,000 Roblox accounts and selling them for about $225,000. Officers carried out multiple searches in Lviv, seizing cash, phones, computers, laptops, tablets, and USB drives. The operation disrupted […]

一个严重漏洞影响了除最新版本之外的所有 cPanel 及 WebHost Manager（WHM）控制面板版本，该漏洞可被利用来在无需认证的情况下访问控制面板。   此安全问题目前编号为 CVE - 2026 - 41940，严重程度评分达 9.8。官方已发布紧急更新，不过需手动运行一条命令来获取软件的补丁版本。   WHM 和 cPanel 归 WebPros Interna...

The video hosting vanguard Vimeo has disclosed a security transgression impacting its user repository, precipitated by a compromise

The post Vimeo Revokes Access Following Security Breach at Third-Party Partner Anodot appeared first on Penetration Testing Tools.

The seemingly mundane git push command has emerged as a significantly more treacherous vector than conventionally presumed. A

The post The Poisoned Push: How a Hidden Flaw in Git Metadata Exposed GitHub to Remote Code Execution appeared first on Penetration Testing Tools.

网络安全研究人员在一个 npm 软件包中发现了恶意代码，该恶意软件包作为依赖项被引入到由 Anthropic 公司的 Claude Opus 大语言模型（LLM）参与的项目中。   这个被质疑的软件包是 “@validate - sdk/v2”，在 npm 上它被列为一个用于哈希运算、验证、编码 / 解码以及安全随机数生成的实用软件开发工具包（SDK）。然而，其真...

Google has addressed a maximum severity security flaw in Gemini CLI -- the "@google/gemini-cli" npm package and the "google-github-actions/run-gemini-cli" GitHub Actions workflow -- that could have allowed attackers to execute arbitrary commands on host systems. "The vulnerability allowed an unprivileged external attacker to force their own malicious content to load as Gemini configuration,"

Марка защитных решений стала для взломщиков куда важнее оборотов компании.

Goal Is for Faster, Better Treatment Innovation, Drug Therapies
The U.S. Food and Drug Administration is planning to launch a pilot program aimed at advancing real-time clinical trials through the use of artificial intelligence tools and data science. The goal is to accelerate the development of promising new drugs, which often end up slowed down in bottlenecks.

Elon Musk's Lawsuit Threatens a $852B AI Empire
Elon Musk took the stand this week in a lawsuit that could unwind OpenAI's corporate structure, derail its IPO bid and transform the artificial intelligence landscape. The stakes are high for enterprise customers that bet on OpenAI's technology platform.

Federal Charges Target Recruiters, Managers in Scam Centers After Global Takedown
U.S. and international law enforcement agencies dismantled a network of overseas scam centers linked to cryptocurrency investment fraud schemes, officials said Wednesday, arresting at least 276 individuals in a crackdown across the Middle East and Southeast Asia.

Fabrix Security Buy Adds Real-Time Decisioning for Human and Machine Identities
Silverfort's acquisition of Israeli startup Fabrix Security adds AI-driven, real-time access decisioning built on a contextual knowledge graph, aiming to replace static policies and scale identity security for human, machine and agentic identities operating at machine speed.

1秒root、九年无人知——Linux近年最屌提权漏洞

Но органика мужественно пережила Стёртское оледенение.

基因组学先驱 Craig Venter 去世，享年 79 岁。他因在 1990 年代末与人类基因组计划竞争建立一个基因组数据库而闻名，但他的数据库是设想要付费才能访问，因此在科学界并不受欢迎，促使其他科研团队加速公开发布基因组测序结果。2000 年由美国总统克林顿牵手，人类基因组计划和 Venter 创办的 Celera Genomics 公司同意所有人类基因组数据为人类共同财富，不允许专利保护，且对所有研究者公开。