Aggregator

一年一度的两会，是观察国家政策走向的重要窗口。2026年政府工作报告已经新鲜出炉，其中关于网络安全的表述，字字千钧。今天，我们就来深度拆解这份报告背后的安全信号。本次报告明确提出：“健全数据要素基础制度，强化数据安全与个人信息保护，完...

Expel has warned of malicious Chrome extensions stealing users’ AI conversations

这是一起利用AI编程信任链的供应链投毒攻击。攻击者通过污染开源仓库，植入含区块链C2、地理围栏的高级后门，系统窃取开发者数字资产与供应链凭证，影响广泛。

Organizations rely on MFA to enforce identity checks before granting access to systems and services. Microsoft has made external MFA generally available in Microsoft Entra ID, expanding support for third-party identity providers. Configure external MFA in Microsoft Entra ID (Source: Microsoft) External MFA supports organizations that use third-party MFA solutions to meet regulatory or business requirements, handle scenarios such as mergers and acquisitions, or maintain a consistent MFA approach within Microsoft Entra ID. Built on … More →

The post Microsoft hands Entra ID users new option for MFA appeared first on Help Net Security.

检测业务是否受到此漏洞影响，请联系长亭应急服务团队！

A vulnerability described as critical has been identified in Google Chrome. Affected is an unknown function of the component CSS. Executing a manipulation can lead to heap-based buffer overflow. This vulnerability is registered as CVE-2026-4442. It is possible to launch the attack remotely. No exploit is available. Upgrading the affected component is recommended.

A vulnerability has been found in Google Chrome and classified as critical. The impacted element is an unknown function of the component WebAudio. The manipulation leads to heap-based buffer overflow. This vulnerability is traded as CVE-2026-4443. It is possible to initiate the attack remotely. There is no exploit available. The affected component should be upgraded.

A vulnerability was found in Google Chrome and classified as critical. This affects an unknown function of the component WebRTC. The manipulation results in stack-based buffer overflow. This vulnerability is known as CVE-2026-4444. It is possible to launch the attack remotely. No exploit is available. It is suggested to upgrade the affected component.

A vulnerability categorized as critical has been discovered in Google Chrome. Affected by this issue is some unknown functionality of the component WebRTC. Executing a manipulation can lead to use after free. The identification of this vulnerability is CVE-2026-4445. The attack may be launched remotely. There is no exploit available. It is advisable to upgrade the affected component.

A vulnerability labeled as critical has been found in Google Chrome. This vulnerability affects unknown code of the component WebRTC. The manipulation results in use after free. This vulnerability is identified as CVE-2026-4446. The attack can be executed remotely. There is not any exploit available. The affected component should be upgraded.

A vulnerability was found in Google Chrome. It has been classified as critical. This impacts an unknown function of the component V8. This manipulation causes sandbox issue. This vulnerability is handled as CVE-2026-4447. The attack can be initiated remotely. There is not any exploit available. Upgrading the affected component is recommended.

A vulnerability has been found in Google Chrome and classified as critical. This affects an unknown part of the component ANGLE. Performing a manipulation results in heap-based buffer overflow. This vulnerability is reported as CVE-2026-4448. The attack is possible to be carried out remotely. No exploit exists. The affected component should be upgraded.

A vulnerability was found in Google Chrome and classified as critical. This vulnerability affects unknown code of the component V8. Executing a manipulation can lead to out-of-bounds write. This vulnerability appears as CVE-2026-4450. The attack may be performed from remote. There is no available exploit. It is suggested to upgrade the affected component.

A vulnerability was found in Google Chrome. It has been classified as critical. This issue affects some unknown processing of the component Blink. The manipulation leads to use after free. This vulnerability is traded as CVE-2026-4449. It is possible to initiate the attack remotely. There is no exploit available. Upgrading the affected component is recommended.

A vulnerability was found in Google Chrome. It has been declared as critical. Impacted is an unknown function of the component Navigation. The manipulation results in sandbox issue. This vulnerability is known as CVE-2026-4451. It is possible to launch the attack remotely. No exploit is available. It is recommended to upgrade the affected component.

A vulnerability was found in Google Chrome on Windows. It has been rated as critical. The affected element is an unknown function of the component ANGLE. This manipulation causes external control of assumed-immutable web parameter. This vulnerability is handled as CVE-2026-4452. The attack can be initiated remotely. There is not any exploit available. Upgrading the affected component is advised.

Hackers compromised Trivy, Checkmarx, and LiteLLM in a supply chain attack, stealing cloud credentials, tokens, and crypto wallet data from developers.

Тот случай, когда техподдержка нужна самой техподдержке.

《香港国安法》第四十三条实施细则赋权警员可要求指明人士提供电子设备所需的密码或解密方法，不遵从或可处罚款 10 万元及监禁 1 年。保安局长邓炳强回应称，警员须基于国安原因到法院申请手令，才可搜证。假如拒绝提供设备密码，情况有如警方以搜查令搜屋时，屋内的人“顶着道门”不让警察进入，“所以有罚则，也是非常合理的”。被问到忘记密码是否等同拒绝提供解密方法，邓炳强表示不能一概而论，要视警员观察指明人士的言行判断，他举例若指明人士当天曾数度使用手提电话，无理由突然忘记密码，但若有纪录显示，指明人士近一年或三年前接触该受查电子设备，忘记密码可能合理。

DDoS attacks are no longer only an infrastructure problem. They can quickly turn into a business issue, affecting uptime, customer experience, and operational stability. Kamasers is a strong example of this new reality, with broad attack capabilities and resilient command-and-control mechanisms that allow it to remain active under pressure. Let’s explore the Kamasers botnet through […]

The post Kamasers Analysis: A Multi-Vector DDoS Botnet Targeting Organizations Worldwide  appeared first on ANY.RUN's Cybersecurity Blog.