QuakeV10.2.1,有AI, 有福利!
QuakeV10.2.1 , 有AI, 有福利!
Aggregator
严重 Check Point VPN 漏洞遭利用,可绕过 IKEv1 配置中的密码认证
2 weeks 2 days ago
Check Point 警告称,一个影响 Remote Access VPN 和 Mobile Access 部署的严重漏洞正遭到活跃利用,这些部署配置使用了已弃用的 IKEv1 密钥交换协议。 该漏洞编号为 CVE-2026-50751(CVSS 评分:9.3),是证书验证中的逻辑流缺陷,允许未经身份验证的远程攻击者绕过用户身份验证,在无需有效用户密码的情况下建立远程访问 VPN 连接...
hackernews
LiteLLM 漏洞遭野外利用,链式攻击可实现未授权 RCE
2 weeks 2 days ago
美国网络安全和基础设施安全局(CISA)周一将影响 BerriAI LiteLLM 的一个高危漏洞添加到其已知被利用漏洞(KEV)目录中,并引用了活跃利用的证据。 该漏洞编号为 CVE-2026-42271(CVSS 评分:8.7),是一个命令注入漏洞,可能允许任何经过身份验证的用户在主机上执行任意命令。 它影响以下版本的 LiteLLM Python 包: = 1.74.2 < ...
hackernews
MonkeyCode 离线部署版发布:数据不出本地,SaaS 版功能全保留
2 weeks 2 days ago
过去几个月,我们后台私信和技术社群里,类似的提问一直没断过:"代码涉密不能上公网,公司有死命令,什么时候出内
Что будет, если ИИ сыграет миллионы виртуальных партий в аэрохоккей, а затем выйдет в реальный мир? Проверили — ответ впечатляет
2 weeks 2 days ago
Вместо аккуратной физики ему дали хаос. Так робот научился играть в аэрохоккей в реальном мире.
Защита API от бот-атак и злоупотребления бизнес-логикой
2 weeks 2 days ago
Сегодня наряду с атаками, связанными с эксплуатацией уязвимостей, все чаще встречаются сценарии, в которых злоумышленники используют штатные возможности API для получения доступа к данным, создания избыточной нагрузки или извлечения коммерческой выгоды из чужих данных.
CVE-2026-23111: Linux nf_tables Flaw Enables Root Exploits
2 weeks 2 days ago
A Linux kernel nf_tables bug lets local users gain root via use-after-free caused by a logic error; patch removes a single “!”. CVE-2026-23111 lives in nf_tables, the Linux kernel’s packet filtering framework. Exodus Intelligence researcher Oliver Sieber found the bug in early 2025 and chained it into a full local privilege escalation. The flaw was […]
Pierluigi Paganini
CVE-2026-41539 | QNAP QTS/QuTS hero cross site scripting (qsa-26-31)
2 weeks 2 days ago
A vulnerability identified as problematic has been detected in QNAP QTS and QuTS hero. This impacts an unknown function. The manipulation leads to cross site scripting.
This vulnerability is referenced as CVE-2026-41539. Remote exploitation of the attack is possible. No exploit is available.
You should upgrade the affected component.
vuldb.com
CVE-2026-5067 | zephyrproject-rtos Zephyr up to 4.3.0 WebSocket Upgrade strlen null termination (GHSA-wgr4-9pwq-94vj)
2 weeks 2 days ago
A vulnerability categorized as very critical has been discovered in zephyrproject-rtos Zephyr up to 4.3.0. This affects the function strlen of the component WebSocket Upgrade Handler. Executing a manipulation can lead to improper null termination.
The identification of this vulnerability is CVE-2026-5067. The attack may be launched remotely. There is no exploit available.
vuldb.com
CVE-2026-11572 | degit up to 2.8.5/3.3.0 exec os command injection (SNYK-JS-DEGIT-17116207)
2 weeks 2 days ago
A vulnerability was found in degit up to 2.8.5/3.3.0. It has been rated as critical. The impacted element is the function exec. Performing a manipulation results in os command injection.
This vulnerability was named CVE-2026-11572. The attack may be initiated remotely. There is no available exploit.
Upgrading the affected component is advised.
vuldb.com
CVE-2026-8981 | Custom Block Builder Plugin up to 4.2.x on WordPress Installation cross site scripting (EUVD-2026-35352)
2 weeks 2 days ago
A vulnerability was found in Custom Block Builder Plugin up to 4.2.x on WordPress. It has been declared as problematic. The affected element is an unknown function of the component Installation Handler. Such manipulation leads to cross site scripting.
This vulnerability is uniquely identified as CVE-2026-8981. The attack can be launched remotely. No exploit exists.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2026-4986 | WPForms Plugin 1.9.1.6/1.9.2.3/1.10.0.1 on WordPress Transaction authorization
2 weeks 2 days ago
A vulnerability was found in WPForms Plugin 1.9.1.6/1.9.2.3/1.10.0.1 on WordPress. It has been classified as critical. Impacted is an unknown function of the component Transaction Handler. This manipulation causes missing authorization.
This vulnerability is handled as CVE-2026-4986. The attack can be initiated remotely. There is not any exploit available.
Upgrading the affected component is recommended.
vuldb.com
雷神众测漏洞周报2026.6.02-2024.6.07
2 weeks 2 days ago
雷神众测拥有该文章的修改和解释权。如欲转载或传播此文章,必须保证此文章的副本,包括版权声明等全部内容。声明雷神众测允许,不得任意修改或增减此文章内容,不得以任何方式将其用于商业目的。
«Картофельные» эксплойты в корпоративном сервере. Всё, что нужно знать о новой китайской кибершпионской группе OP-512
2 weeks 2 days ago
Китайские хакеры месяцами готовили атаку на устаревшую инфраструктуру.
软件工程的终结:AI智能体如何从根本上重构软件范式
2 weeks 2 days ago
作者:Zhenfeng Cao 原文链接:https://arxiv.org/pdf/2606.05608 摘要 半个多世纪以来,软件工程一直建立在一个基本前提之上:人类工程师负责拆解问题,将决策逻辑编码为静态代码,并在需求演变时手动调整代码。本文认为,AI智能体(AI agents)的出现——即以大型语言模型作为主要推理引擎,将代码动态生成与丢弃作为工具性资源的系统——并非渐进式的改进,而是对软...
Google patches new Chrome zero-day flaw exploited in the wild
2 weeks 2 days ago
Google has released emergency updates to patch another Chrome zero-day vulnerability that has been exploited in the wild, the fifth such flaw patched since the start of the year. [...]
Sergiu Gatlan
网信办对网络评测进行设限
2 weeks 2 days ago
国家网信办、市场监管总局联合发布了《网络测评活动规范》。网信办称,制定该规范的原因是“一些网络测评存在夸大宣传、只评不测、商测一体等问题,不仅影响消费者信任度和购物体验,也扰乱市场环境”。《规范》要求:
三、网络测评所选取的样本,应当是消费者可以从市场上购买到的普通商品且来源可以追溯,不得是为测评活动准备的特殊物品。从事网络测评活动,接受第三方委托、赞助或者与测评样本相关方存在利益关系的,应当作出显著提示。
四、从事网络测评活动,涉及对产品功能、性能等项目测试,应当委托具有法定检验检测资质许可的检验检测机构按照相关标准以及技术规范开展测试,并明示测试依据的标准以及技术规范,按照规定保留测试样本以及测试数据、图片、视频等记录,确保测试数据、结果可以追溯。
五、未对产品开展测试,仅凭感知、观察、体验等主观感受对产品进行评价,应当进行说明,并在信息展示过程中显著标明“仅为个人体验”或者“主观感受,仅供参考”等内容。
四、从事网络测评活动,涉及对产品功能、性能等项目测试,应当委托具有法定检验检测资质许可的检验检测机构按照相关标准以及技术规范开展测试,并明示测试依据的标准以及技术规范,按照规定保留测试样本以及测试数据、图片、视频等记录,确保测试数据、结果可以追溯。
五、未对产品开展测试,仅凭感知、观察、体验等主观感受对产品进行评价,应当进行说明,并在信息展示过程中显著标明“仅为个人体验”或者“主观感受,仅供参考”等内容。
Нет «Макса» — нет веселья. Жителей Красноярска пустят на концерт лишь по пропуску из национального мессенджера
2 weeks 2 days ago
Музыка останется бесплатной, но дорога к ней пройдёт через необычный цифровой барьер.
被时尚潮流占据的社交网络
2 weeks 2 days ago
社交网络不再是为了社交,而是为了跟随时尚潮流。今天的社交活动主要发生在消息应用上。社交媒体正演变成类似电视的被动式平台,但不同于需要遥控器去切换电视频道,社媒平台的算法已经为你量身定制了内容,平台利用你的信息获利,作为回报它提供的内容是免费的。社交平台的核心商业模式仍然是广告,而且其收入还在持续增长。2026 年全球社交媒体广告收入将达到 3170 亿美元,超过 2025 年的 2770 亿美元。其中 Meta 的广告收入将达到 2430 亿美元,预计将首次超过 Google。Instagram 和 TikTok 之类的大型平台越来越注重娱乐和发现内容,而 WhatsApp 之类的应用则变成社交活动的主要场所,但此类消息应用的变现比较难。
LiteLLM Flaw CVE-2026-42271 Exploited in the Wild, Chains to Unauthenticated RCE
2 weeks 2 days ago
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a high-severity flaw impacting BerriAI LiteLLM to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.
The vulnerability, tracked as CVE-2026-42271 (CVSS score: 8.7), is a command injection vulnerability that could allow any authenticated user to run arbitrary commands on the
The Hacker News