Aggregator

FCC 将所有外国制造的消费级路由器加入到监管清单，在美国禁售此类产品。FCC 给出的理由是国家安全，称“恶意行为者利用外国制造路由器的安全漏洞攻击美国家庭、破坏网络、进行间谍活动和窃取知识产权”。美国居民仍然可以使用现有的外国制造路由器，禁令适用于所有新路由器。外国制造路由器如果要在美国上市需要获得 FCC 的批准，相关公司必须披露其外国投资者并制定将路由器生产转移到美国的计划。

Финансовый сектор страны получил систему, которая меняет правила игры на уровне инфраструктуры.

A vulnerability marked as critical has been reported in Sercomm SCE4255W 23080418. This affects an unknown function of the file /ftl/bin/cwmp of the component ACS Endpoint. This manipulation causes os command injection. This vulnerability appears as CVE-2025-67113. The attack may be initiated remotely. There is no available exploit. It is suggested to upgrade the affected component.

A vulnerability described as critical has been identified in Sercomm SCE4255W 23080418. This impacts an unknown function of the file /ftl/bin/calc_f2. Such manipulation leads to improper authentication. This vulnerability is traded as CVE-2025-67114. The attack may be launched remotely. There is no exploit available. Upgrading the affected component is recommended.

A vulnerability classified as problematic has been found in Elastic Packetbeat up to 8.19.10/9.2.4. Affected is an unknown function of the component Protocol Parser. Performing a manipulation results in improper validation of array index. This vulnerability is known as CVE-2026-26933. Access to the local network is required for this attack. No exploit is available.

A vulnerability, which was classified as critical, has been found in Sercomm SCE4255W 23080418. Affected by this issue is some unknown functionality of the file /ftl/web/setup.cgi. The manipulation of the argument log_type leads to path traversal. This vulnerability is uniquely identified as CVE-2025-67115. The attack is possible to be carried out remotely. No exploit exists. It is advisable to upgrade the affected component.

A vulnerability has been found in Elastic Kibana up to 8.19.11/9.2.5/9.3.0 and classified as problematic. This vulnerability affects unknown code of the component Endpoint. This manipulation causes missing authorization. The identification of this vulnerability is CVE-2026-26939. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in Elastic Kibana up to 8.19.12/9.2.6/9.3.1. It has been classified as problematic. Impacted is an unknown function of the component Timelion Visualization Plugin. Performing a manipulation results in improper validation of specified quantity in input. This vulnerability is identified as CVE-2026-26940. The attack can be initiated remotely. There is not any exploit available.

A vulnerability categorized as critical has been discovered in Devome GRR 4.5.0. This affects an unknown part of the file include/session.inc.php. Such manipulation of the argument referer/user-agent leads to sql injection. This vulnerability is documented as CVE-2026-30711. The attack can be executed remotely. There is not any exploit available.

A vulnerability classified as critical was found in wgcloud 3.6.3. This affects an unknown function of the component Connection Test Handler. Such manipulation leads to server-side request forgery. This vulnerability is uniquely identified as CVE-2026-30404. The attack can be launched remotely. No exploit exists.

A vulnerability was found in Artifex PyMuPDF up to 1.26.6. It has been declared as critical. This vulnerability affects unknown code of the file _main_.py. Such manipulation leads to path traversal. This vulnerability is listed as CVE-2026-3029. The attack may be performed from remote. There is no available exploit. It is recommended to upgrade the affected component.

A vulnerability was found in wgcloud up to 3.6.3. It has been rated as critical. This issue affects some unknown processing of the component Backend Database Management. Performing a manipulation results in path traversal. This vulnerability is cataloged as CVE-2026-30403. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability classified as critical was found in Sercomm SCE4255W 23080418. Affected by this vulnerability is an unknown functionality of the component Configuration Backup Handler. Executing a manipulation can lead to use of hard-coded cryptographic key . This vulnerability is handled as CVE-2025-67112. The attack can be executed remotely. There is not any exploit available. Upgrading the affected component is advised.

好的，我现在要帮用户总结这篇文章。首先，我需要仔细阅读文章内容，理解主要信息。文章提到日立将在东京开设一个“物理AI体验工作室”，时间是4月1日。这个工作室主要是利用AI自主控制机器人来改善制造业等现场作业。日立希望通过这项技术帮助客户解决人手短缺的问题。 接下来，文章详细介绍了日立的技术：AI可以通过学习来优化机器人动作速度。具体来说，机器人通过摄像头和关节动作数据不断学习，提升作业效率。举例说明，产品安装时间从47秒缩短到10秒，效果显著。此外，这项技术不仅限于制造业，还可以应用到设备维修保养等多个领域。 现在，我需要将这些信息浓缩到100字以内，并且直接描述内容，不需要开头语。我应该包括以下几个要点：日立开设工作室的时间和地点、技术名称（物理AI）、技术的应用领域、AI的学习优化能力、具体案例（时间缩短）以及技术的广泛应用潜力。 接下来，我会组织语言，确保信息准确且简洁。例如：“日立将于4月在东京开设‘物理AI体验工作室’，利用AI自主控制机器人改善制造业等现场作业。该技术通过学习优化机器人动作速度，在产品安装作业中将时间从47秒缩短至10秒，并可应用于设备维修保养等领域。” 检查一下是否在100字以内，并且涵盖了所有关键点：工作室的开设、技术名称、应用领域、优化能力和具体案例及广泛应用。 日立将于4月在东京开设“物理AI体验工作室”，利用AI自主控制机器人改善制造业等现场作业。该技术通过学习优化机器人动作速度，在产品安装作业中将时间从47秒缩短至10秒，并可应用于设备维修保养等领域。

10月24日 上海西岸 人类黑客 vs. AI

好的，我现在需要帮用户总结这篇文章的内容，控制在100字以内。首先，我得通读整篇文章，抓住主要信息。 文章讲述了一位作者从中国昆明出发，沿着中老铁路南下，途经老挝万象、泰国曼谷，最后到达马来西亚槟城的旅行经历。他记录了旅途中的饮食体验、街拍见闻以及遇到的人和事。使用了vivo X300手机拍照，没有携带专业设备，强调随性自然的旅行方式。 接下来，我需要将这些信息浓缩到100字以内。要突出旅行路线、主要体验和随性的态度。注意不要使用“文章总结”之类的开头，直接描述内容。 可能的结构：作者从昆明出发，沿铁路南下至槟城，记录饮食、街拍和随机故事，用手机拍摄，随性自然。 检查字数是否符合要求，并确保内容准确传达文章的核心。 作者从昆明出发沿中老铁路南下至槟城，记录旅途中的饮食体验、街拍见闻及随机故事。以vivo X300手机为主拍摄工具，强调随性自然的旅行方式。

Mazda Motor Corporation has officially disclosed a security incident involving unauthorized external access to an internal warehouse management system, potentially exposing 692 personal data records of employees, group company staff, and business partners. The Japanese automaker published its formal breach notification on March 19, 2026, revealing that the intrusion had first been detected in mid-December […]

The post Mazda Data Breach Exposing Employee and Partner Records Via System Vulnerability appeared first on Cyber Security News.

好的，我现在需要帮用户总结一篇文章的内容，控制在100字以内。用户的要求是直接写文章描述，不需要开头语。首先，我得仔细阅读文章内容，抓住关键信息。 文章主要讲的是OVHCloud被黑客入侵，窃取了大量数据，包括160万用户信息和590万个网站数据。黑客声称这些数据都是最新的，并且正在寻找买家出售，还提供中介分成。目前OVH还未回应，这可能对企业造成严重影响。 接下来，我需要将这些信息浓缩到100字以内。要涵盖黑客行为、数据量、数据类型、出售方式以及潜在影响。同时，语言要简洁明了。 可能的结构是：黑客入侵OVHCloud，窃取大量用户和网站数据，包括数据库和配置信息。黑客要求买家报价，并提供中介分成。OVH尚未回应，事件可能对企业造成灾难性影响。 检查一下字数是否符合要求，并确保所有关键点都涵盖在内。 黑客声称入侵欧洲知名云服务提供商 OVHCloud，窃取 160 万用户数据及 590 万个网站数据（含数据库），并要求买家主动报价出售。目前 OVH 尚未回应此事，若属实将对企业造成重大影响。

致力于让安全结论更可验证、让修复更可执行

为大规模部署 AI Agent 提供安全与合规保障