Aggregator

Разбираем схему новой северокорейской кибератаки по шагам.

A vulnerability identified as problematic has been detected in Vmware Spring for GraphQL up to 1.0.6/1.3.8/1.4.5/2.0.3. This vulnerability affects unknown code. This manipulation causes origin validation error. This vulnerability is handled as CVE-2026-41700. The attack can be initiated remotely. There is not any exploit available. You should upgrade the affected component.

A vulnerability classified as critical was found in Vmware Spring for GraphQL up to 1.0.6/1.3.8/1.4.5/2.0.3. This affects an unknown function. The manipulation results in improper access controls. This vulnerability is identified as CVE-2026-41856. The attack can be executed remotely. There is not any exploit available. Upgrading the affected component is advised.

A vulnerability was found in Freemius SDK Plugin up to 2.5.9 on WordPress and classified as problematic. This affects the function fs_request_get. Such manipulation leads to cross site scripting. This vulnerability is traded as CVE-2023-33999. The attack may be launched remotely. There is no exploit available.

A vulnerability labeled as problematic has been found in WPOnlineSupport Accordion and Accordion Slider Plugin, Album and Image Gallery plus Lightbox Plugin, Blog Designer Plugin, Countdown Timer Ultimate Plugin, Meta Slider and Carousel with Lightbox Plugin, Portfolio and Projects Plugin, Post grid and filter ultimate Plugin, Post Ticker Ultimate Plugin, Team Slider and Team Grid Showcase plus Team Carousel Plugin, Testimonial Grid and Testimonial Slider plus Carousel with Rotator Widget Plugin, Timeline and History slider Plugin, Trending Popular Post Slider and Widget Plugin and Video gallery and Player Plugin on WordPress. This issue affects the function wpos_anylc_admin_init_process. Executing a manipulation can lead to missing authorization. The identification of this vulnerability is CVE-2023-40200. The attack needs to be done within the local network. There is no exploit available. The affected component should be upgraded.

A vulnerability labeled as problematic has been found in Appsero Plugin up to 2.0.0 on WordPress. This issue affects the function handle_optin_optout. The manipulation results in missing authorization. This vulnerability is identified as CVE-2024-32110. The attack can be executed remotely. There is not any exploit available. The affected component should be upgraded.

gbl_root_canoe隐藏BL状态原理分析

八部门发布《可能影响未成年人身心健康的网络信息分类办法》，采用“列举+概括”的规定方式，将可能影响未成年人身心健康的网络信息具体划分为四类，前两类侧重于未成年人行为规范与价值观引导，后两类则聚焦于未成年人人格及隐私权益保护……

全文请查收！

2025年11月，习近平总书记在主持二十届中央政治局第二十三次集体学习时，对加强网络生态治理作出重要论述，指出网络生态治理“事关国家发展和安全，事关人民群众切身利益”，强调抓网络生态治理必须“坚持法治护航”……

根据中央网信办等三部门联合发布的《关于开展2026年个人信息保护系列专项行动的公告》，依据《网络安全法》《个人信息保护法》等法律法规和有关规定，中央网信办组织对App（含小程序）收集使用个人信息行为进行检测，现对有关问题予以通报：

技能作为智能体与外部世界交互的核心接口，也是相关安全风险的主要载体与放大器。因此，深入研究智能体技能所面临的安全威胁及其防护机制，对于有效化解新兴技术应用带来的现实风险、保障智能体生态可持续发展具有重要现实意义。

GitHub 项目 accesskey_tools 的 AWS 模块被植入供应链后门已三年，攻击者通过仿冒 enumerate-iam 依赖包和 Endpoint 劫持窃取用户 AWS AccessKey。据「知攻善防实验室」公众号披露，该后门目前仍在活跃。使用过该工具的用户需立即轮换凭据并审计账户。

A vulnerability was found in protobufjs protobuf.js up to 7.5.5/8.0.1. It has been rated as problematic. Affected is an unknown function. Performing a manipulation results in improper handling of unicode encoding. This vulnerability is known as CVE-2026-44288. Remote exploitation of the attack is possible. No exploit is available. Upgrading the affected component is advised.

A vulnerability was found in NLnet Labs ldns up to 1.9.0. It has been rated as problematic. This affects an unknown function of the component Destination Handler. Performing a manipulation results in origin validation error. This vulnerability is known as CVE-2026-10846. Remote exploitation of the attack is possible. No exploit is available. Upgrading the affected component is advised.

A vulnerability was found in SQLFluff up to 4.0.x. It has been declared as problematic. The affected element is an unknown function of the component Query Handler. The manipulation results in uncontrolled recursion. This vulnerability was named CVE-2026-46373. The attack may be performed from remote. There is no available exploit. It is recommended to upgrade the affected component.

A vulnerability was found in Debian debusine up to 0.14.5. It has been classified as critical. This impacts an unknown function. Performing a manipulation results in permission issues. This vulnerability is reported as CVE-2026-11852. The attacker must have access to the local network to execute the attack. No exploit exists. Upgrading the affected component is recommended.

Extortion-only attacks are increasing as data theft drives most ransomware claims, with many organizations unable to stop stolen data from being exposed

Anthropic公司宣布推出最新AI模型Fable 5和Mythos 5

甘蔗收割作业全面中断，食糖生产被扰乱