Aggregator

A vulnerability marked as problematic has been reported in Huawei HarmonyOS 6.0.0/6.1.0. Affected by this vulnerability is an unknown functionality. This manipulation causes improper resource management. This vulnerability is tracked as CVE-2026-41983. The attack is possible to be carried out remotely. No exploit exists.

A vulnerability labeled as critical has been found in QNAP QTS and QuTS hero. Affected is an unknown function. The manipulation results in stack-based buffer overflow. This vulnerability is identified as CVE-2025-62858. The attack can be executed remotely. There is not any exploit available. The affected component should be upgraded.

QuakeV10.2.1 ， 有AI, 有福利！

Check Point 警告称，一个影响 Remote Access VPN 和 Mobile Access 部署的严重漏洞正遭到活跃利用，这些部署配置使用了已弃用的 IKEv1 密钥交换协议。 该漏洞编号为 CVE-2026-50751（CVSS 评分：9.3），是证书验证中的逻辑流缺陷，允许未经身份验证的远程攻击者绕过用户身份验证，在无需有效用户密码的情况下建立远程访问 VPN 连接...

美国网络安全和基础设施安全局（CISA）周一将影响 BerriAI LiteLLM 的一个高危漏洞添加到其已知被利用漏洞（KEV）目录中，并引用了活跃利用的证据。 该漏洞编号为 CVE-2026-42271（CVSS 评分：8.7），是一个命令注入漏洞，可能允许任何经过身份验证的用户在主机上执行任意命令。 它影响以下版本的 LiteLLM Python 包： = 1.74.2 < ...

过去几个月，我们后台私信和技术社群里，类似的提问一直没断过："代码涉密不能上公网，公司有死命令，什么时候出内

Вместо аккуратной физики ему дали хаос. Так робот научился играть в аэрохоккей в реальном мире.

Сегодня наряду с атаками, связанными с эксплуатацией уязвимостей, все чаще встречаются сценарии, в которых злоумышленники используют штатные возможности API для получения доступа к данным, создания избыточной нагрузки или извлечения коммерческой выгоды из чужих данных.

A Linux kernel nf_tables bug lets local users gain root via use-after-free caused by a logic error; patch removes a single “!”. CVE-2026-23111 lives in nf_tables, the Linux kernel’s packet filtering framework. Exodus Intelligence researcher Oliver Sieber found the bug in early 2025 and chained it into a full local privilege escalation. The flaw was […]

A vulnerability identified as problematic has been detected in QNAP QTS and QuTS hero. This impacts an unknown function. The manipulation leads to cross site scripting. This vulnerability is referenced as CVE-2026-41539. Remote exploitation of the attack is possible. No exploit is available. You should upgrade the affected component.

A vulnerability categorized as very critical has been discovered in zephyrproject-rtos Zephyr up to 4.3.0. This affects the function strlen of the component WebSocket Upgrade Handler. Executing a manipulation can lead to improper null termination. The identification of this vulnerability is CVE-2026-5067. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in degit up to 2.8.5/3.3.0. It has been rated as critical. The impacted element is the function exec. Performing a manipulation results in os command injection. This vulnerability was named CVE-2026-11572. The attack may be initiated remotely. There is no available exploit. Upgrading the affected component is advised.

A vulnerability was found in Custom Block Builder Plugin up to 4.2.x on WordPress. It has been declared as problematic. The affected element is an unknown function of the component Installation Handler. Such manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2026-8981. The attack can be launched remotely. No exploit exists. It is recommended to upgrade the affected component.

A vulnerability was found in WPForms Plugin 1.9.1.6/1.9.2.3/1.10.0.1 on WordPress. It has been classified as critical. Impacted is an unknown function of the component Transaction Handler. This manipulation causes missing authorization. This vulnerability is handled as CVE-2026-4986. The attack can be initiated remotely. There is not any exploit available. Upgrading the affected component is recommended.

雷神众测拥有该文章的修改和解释权。如欲转载或传播此文章，必须保证此文章的副本，包括版权声明等全部内容。声明雷神众测允许，不得任意修改或增减此文章内容，不得以任何方式将其用于商业目的。

Китайские хакеры месяцами готовили атаку на устаревшую инфраструктуру.

作者：Zhenfeng Cao 原文链接：https://arxiv.org/pdf/2606.05608 摘要 半个多世纪以来，软件工程一直建立在一个基本前提之上：人类工程师负责拆解问题，将决策逻辑编码为静态代码，并在需求演变时手动调整代码。本文认为，AI智能体（AI agents）的出现——即以大型语言模型作为主要推理引擎，将代码动态生成与丢弃作为工具性资源的系统——并非渐进式的改进，而是对软...

Google has released emergency updates to patch another Chrome zero-day vulnerability that has been exploited in the wild, the fifth such flaw patched since the start of the year. [...]

国家网信办、市场监管总局联合发布了《网络测评活动规范》。网信办称，制定该规范的原因是“一些网络测评存在夸大宣传、只评不测、商测一体等问题，不仅影响消费者信任度和购物体验，也扰乱市场环境”。《规范》要求： 三、网络测评所选取的样本，应当是消费者可以从市场上购买到的普通商品且来源可以追溯，不得是为测评活动准备的特殊物品。从事网络测评活动，接受第三方委托、赞助或者与测评样本相关方存在利益关系的，应当作出显著提示。
四、从事网络测评活动，涉及对产品功能、性能等项目测试，应当委托具有法定检验检测资质许可的检验检测机构按照相关标准以及技术规范开展测试，并明示测试依据的标准以及技术规范，按照规定保留测试样本以及测试数据、图片、视频等记录，确保测试数据、结果可以追溯。
五、未对产品开展测试，仅凭感知、观察、体验等主观感受对产品进行评价，应当进行说明，并在信息展示过程中显著标明“仅为个人体验”或者“主观感受，仅供参考”等内容。

Музыка останется бесплатной, но дорога к ней пройдёт через необычный цифровой барьер.