Aggregator

2026年3月，一名独立安全研究员在调查一起中东冲突相关的信息操纵行动时，输入了一个可疑的伊朗宣传账号邮箱地

跨平台、跨工具的威胁活动挑战当今国家安全威胁行为者（包括恐怖主义者、J端主义者等）日益善于利用多个网络平台和

日本在霍尔木兹问题上向美国表示愿合作但强调法律边界，警惕日本将“非战斗支援”升级为海外准军事介入常态化（资料

一个让人不舒服的事实在二十几年的情报工作中，遇到过形形色色的分析员。

A vulnerability was found in Oracle Communications Cloud Native Core Console 22.1.2. It has been classified as critical. The affected element is an unknown function of the component CNC Console. This manipulation causes denial of service. This vulnerability is registered as CVE-2018-25032. Remote exploitation of the attack is possible. No exploit is available. Upgrading the affected component is recommended.

A vulnerability was found in Oracle Communications Cloud Native Core Network Exposure Function 22.1.1. It has been declared as critical. The impacted element is an unknown function of the component NEF. Such manipulation leads to denial of service. This vulnerability is documented as CVE-2018-25032. The attack can be executed remotely. There is not any exploit available. It is recommended to upgrade the affected component.

A vulnerability labeled as critical has been found in zlib 1.2.11. Impacted is an unknown function. Executing a manipulation can lead to memory corruption. This vulnerability is tracked as CVE-2018-25032. The attack is only possible within the local network. No exploit exists. It is advisable to implement a patch to correct this issue.

A vulnerability categorized as problematic has been discovered in Apple macOS up to 12.3. Impacted is an unknown function of the component zlib. Executing a manipulation can lead to memory corruption. The identification of this vulnerability is CVE-2018-25032. The attack can only be executed locally. There is no exploit available. It is advisable to upgrade the affected component.

A vulnerability has been found in image_processing up to 1.12.1 and classified as critical. Affected by this vulnerability is the function apply of the component Active Storage Handler. This manipulation causes os command injection. The identification of this vulnerability is CVE-2022-24720. It is possible to initiate the attack remotely. There is no exploit available. The affected component should be upgraded.

A vulnerability, which was classified as problematic, was found in containerd up to 1.4.11/1.5.9/1.6.0. This issue affects some unknown processing of the component CRI Handler. The manipulation results in information disclosure. This vulnerability is cataloged as CVE-2022-23648. The attack may be launched remotely. There is no exploit available. You should upgrade the affected component.

A vulnerability classified as critical was found in gogs up to 0.12.4. Affected is an unknown function. The manipulation results in improper authorization. This vulnerability is cataloged as CVE-2022-0871. The attack must originate from the local network. There is no exploit available. Upgrading the affected component is advised.

A vulnerability was found in PNPM up to 6.15.0 on Windows. It has been declared as critical. The affected element is an unknown function. Executing a manipulation can lead to untrusted search path. This vulnerability is handled as CVE-2022-26183. The attack can be executed remotely. There is not any exploit available. A patch should be applied to remediate this issue.

Zscaler's Jay Chaudhry on Infrastructure, Agents and Oversight
Zscaler CEO Jay Chaudhry explains why distributed infrastructure and zero trust models will shape AI security, the agent risks mirroring human threats and why strong oversight and identity validation remain essential for mission-critical applications.

Roadmap Focuses on OT Security, Grid Hardening and Incident Response
A new Department of Energy strategy defines its role as sector risk manager for grid security, prioritizing OT defense, resilience and response - but analysts say it faces execution challenges tied to reduced funding, workforce constraints and reliance on weakened federal partners.

IT Worker Scheme, Laptop Farm Siphon Funds Back to North Korea
A U.S. federal judge sentenced a now-former Army soldier to one year in prison Friday for renting his identity to North Korean IT workers who used it to collect more than $193,000 in salaries from American companies. Also sentenced were two California men who facilitated $1.28M in fraudulent salaries.

J.P. Morgan’s Brian Essex on Why Valuations Drop as Fundamentals Hold Steady
Investor anxiety over AI's long-term impact is dragging down stock valuations despite steady growth and profitability, while companies focus on long-term valuation assumptions and secure business models, said Brian Essex, executive director of U.S. software equity research at J.P. Morgan.

好，我需要帮用户总结这篇文章的内容，控制在100字以内。首先，文章讲的是FCC禁止进口某些无线路由器，因为安全担忧。这些路由器主要来自海外，可能对市场有很大影响。 用户要求直接写描述，不需要开头用“文章内容总结”之类的。所以我要简洁明了地表达主要信息：FCC禁止进口外国生产的无线路由器，原因是国家安全威胁，特别是担心被恶意攻击者利用漏洞攻击美国平民。 还要注意字数限制，确保在100字以内。可能需要精简句子，去掉一些细节，比如公司可以申请豁免的部分可能不需要提到。 最后检查一下是否涵盖了所有关键点：FCC、禁止进口、安全担忧、海外生产、影响市场、攻击者利用漏洞攻击平民。 美国联邦通信委员会以国家安全威胁为由禁止进口外国生产的消费级无线路由器。此举可能撼动市场，因这些产品主要来自海外。FCC指出，恶意攻击者正利用此类设备的漏洞对美国平民发起攻击。

嗯，用户让我帮忙总结一篇文章的内容，控制在一百个字以内，而且不需要用“文章内容总结”或者“这篇文章”这样的开头，直接写描述。首先，我需要理解文章的主要内容。 文章是关于学习渗透测试和网络安全资源的推荐，包括在线平台、书籍、YouTube频道和认证。比如TryHackMe、Hack The Box这些平台，还有像John Hammond这样的教程频道。另外还提到了一些书籍和认证，比如CompTIA Security+和CEH。 用户的需求是让内容简洁明了，适合快速浏览。所以我要抓住关键点：资源类型、推荐的具体例子以及学习建议。同时要注意字数限制，确保不超过一百个字。 可能用户是刚开始学习网络安全的人，想快速了解有哪些资源可用。他们可能需要一个简明扼要的指南来选择合适的资源开始学习。 总结的时候要涵盖主要资源类别，并提到一些具体的例子，这样用户能有一个清晰的方向。同时，可能还要提到实践的重要性，因为文章中多次强调动手练习的重要性。 最后，确保语言流畅自然，避免使用过于正式或复杂的词汇，让用户容易理解。 文章推荐了学习渗透测试和网络安全的资源，包括在线平台（如TryHackMe、Hack The Box）、书籍（如《Hacking: The Art of Exploitation》）、YouTube频道（如John Hammond）及认证（如CompTIA Security+）。建议从基础学起并多加实践。

A vulnerability was found in ImageMagick up to 6.9.13-40/7.1.2-15. It has been rated as critical. Affected by this issue is some unknown functionality of the component MSL Decoder. This manipulation causes use after free. This vulnerability is tracked as CVE-2026-28687. The attack is possible to be carried out remotely. No exploit exists. Upgrading the affected component is advised.