Aggregator

A vulnerability, which was classified as problematic, has been found in Mattermost up to 10.11.10/11.3.x. This affects an unknown part of the component API Endpoint. This manipulation causes incorrect authorization. This vulnerability is handled as CVE-2026-26230. The attack can be initiated remotely. There is not any exploit available. It is advisable to upgrade the affected component.

A vulnerability was found in Forgejo up to 13.0.3. It has been classified as problematic. The affected element is an unknown function of the component File Attachment Handler. The manipulation leads to denial of service. This vulnerability is referenced as CVE-2025-68971. Remote exploitation of the attack is possible. No exploit is available.

针对厂区接入云端高敏AI模型的迫切需求，本文提出采用IPsec VPN实现低成本、高安全的云地互联方案。文章简述IPsec工作原理，并提供可参考的实战架构拓扑、加密策略、访问控制的安全实战落地指南。

记录 Wiz Cloud Hunting Games CTF 的完整调查过程：从 S3 数据外泄溯源，到 CloudTrail 追踪、Overlay 日志隐藏识别，再到持久化清除。

GhostClaw macOS 窃密恶意软件的最新攻击动向。 该恶意活动原本以恶意 npm 包为主要传播载体，而最新监测发现，攻击者已将攻击范围大幅拓展，通过仿冒合法项目的 GitHub 仓库、劫持 AI 辅助开发工作流两大新路径实施规模化供应链攻击，可绕过传统安全防护，窃取目标设备的系统凭证与敏感数据，影响范围从专业开发者群体扩大至普通 macOS 用户与自动化开发流程。 该攻击已跳出早期 npm 包单一投递模式，新增两大主流感染途径： 一是恶意 GitHub 仓库，仿冒交易机器人、开发 SDK 等合法工具，采用 “先上传良性代码养号、后植入恶意组件” 的分阶段部署手法，部分仓库积累超 380 个星标强化伪装可信度，通过 README 诱导用户执行 curl 拉取的远程 shell 命令，绕过包管理器安全防护； 二是 AI 辅助开发工作流定向攻击，通过 SKILL.md 文件伪装 OpenClaw 等框架的技能插件，利用 AI 编码智能体自动执行安装脚本，实现无人工干预的静默感染。 全流程采用无需管理员权限的轻量化多阶段载荷设计： ①初始引导阶段，install.sh 脚本伪装 Node.js 环境部署，通过 curl -k 参数禁用 TLS 证书校验，通过 GHOST_PASSWORD_ONLY 环境变量切换交互式安装 / 静默窃取双模式，衔接后续恶意载荷； ②核心窃密阶段，高度混淆的 setup.js 载荷伪造系统安装进度与 macOS 原生认证弹窗，调用系统原生 dscl 命令校验并窃取用户密码，诱导开启全磁盘访问权限，对接 C2 域名 trackpipe.dev 拉取加密的 GhostLoader 二级载荷，以分离进程执行后删除临时文件，通过伪装 npm 系统路径实现持久化； ③反取证阶段，postinstall.js 清空终端攻击痕迹，伪装合法 npm 包安装制造溯源混淆，或输出虚假成功提示迷惑用户。 所有恶意变种复用单一 C2 域名 trackpipe[.]dev，通过 UUID 区分不同攻击渠道，以 NODE_CHANNEL 环境变量标记攻击迭代版本，核心目标为 macOS 平台的开发者与 AI 开发场景，最终实现系统凭证窃取与设备持久化控制。 具体报告信息： https://www.jamf.com/blog/ghostclaw-ghostloader-malware-github-repositories-ai-workflows/

A vulnerability categorized as problematic has been discovered in Wavlink WL-WN578W2 221110. This affects an unknown function of the file /cgi-bin/login.cgi of the component POST Request Handler. Executing a manipulation of the argument homepage/hostname/login_page can lead to cross site scripting. This vulnerability is registered as CVE-2026-4544. It is possible to launch the attack remotely. Furthermore, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in Wavlink WL-WN578W2 221110. It has been rated as critical. The impacted element is an unknown function of the file /cgi-bin/firewall.cgi of the component POST Request Handler. Performing a manipulation of the argument dmz_flag/del_flag results in command injection. This vulnerability is cataloged as CVE-2026-4543. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

Submit #774714 / VDB-350368

Submit #774711 / VDB-336194

Submit #774696 / VDB-352361

Submit #774693 / VDB-352361

Submit #774692 / VDB-352361

Submit #774691 / VDB-352360

Submit #774690 / VDB-352360

A vulnerability was found in SSCMS 4.7.0. It has been declared as critical. The affected element is an unknown function of the file LayerImageController.Submit.cs of the component layerImage Endpoint. Such manipulation of the argument filePaths leads to path traversal. This vulnerability is listed as CVE-2026-4542. The attack may be performed from remote. In addition, an exploit is available.

Submit #774689 / VDB-352359

A vulnerability was found in janmojzis tinyssh up to 20250501. It has been classified as problematic. Impacted is an unknown function of the file tinyssh/crypto_sign_ed25519_tinyssh.c of the component Ed25519 Signature Handler. This manipulation causes improper verification of cryptographic signature. This vulnerability is tracked as CVE-2026-4541. The attack is restricted to local execution. Moreover, an exploit is present. Upgrading the affected component is recommended.

A vulnerability was found in projectworlds Online Notes Sharing System 1.0 and classified as critical. This issue affects some unknown processing of the file /login.php of the component Parameters Handler. The manipulation of the argument User results in sql injection. This vulnerability is identified as CVE-2026-4540. The attack can be executed remotely. Additionally, an exploit exists.

Безопасность ИИ-агентов теперь оценивают по их способности совершать вредные действия.

Древний шлейф из 40 тысяч звезд раскрыл тайны темной материи.