CISA:SolarWinds Serv-U 高危漏洞已遭利用
速修复
Aggregator
【NCC会议议题】从三天到一夜:AI Agent 加速业务逻辑测试的工程实践
2 weeks 3 days ago
Yakit x Memfit AI 加速助力业务逻辑漏洞测试
美国家安全局被曝正使用Mythos模型开展进攻性网络行动
2 weeks 3 days ago
Anthropic公司协助美国家安全局利用定制Mythos模型开展网络攻击活动
AI刺激网络安全需求增长,多家网安巨头业绩超预期
2 weeks 3 days ago
AI需求加速增长,促使更多企业加大力度落实更严格的网络安全控制
Two-Thirds of Open Source Community Unaware of Cyber Resilience Act
2 weeks 3 days ago
The State of AI in SecOps, the Unintended Consequences of Vulnmaxxing, and the News - Filip Stojkovski - ESW #462
2 weeks 3 days ago
Jun 8, 2026Interview with Filip Stojkovski on the State of AI inSecOpsFilip joins us to talk throu
CVE-2026-41724 | VMware VCF operations up to 8.18.7 cross site scripting
2 weeks 3 days ago
A vulnerability was found in VMware VCF operations, Aria Operations and Telco Cloud Platform up to 8.18.7. It has been declared as problematic. Affected by this issue is some unknown functionality. Executing a manipulation can lead to cross site scripting.
This vulnerability is tracked as CVE-2026-41724. The attack can be launched remotely. No exploit exists.
It is recommended to upgrade the affected component.
vuldb.com
The Gentleman
2 weeks 3 days ago
You must login to view this content
cohenido
CVE-2026-41723 | VMware VCF operations cross site scripting
2 weeks 3 days ago
A vulnerability was found in VMware VCF operations, Aria Operations and Telco Cloud Platform. It has been classified as problematic. Affected by this vulnerability is an unknown functionality. Performing a manipulation results in cross site scripting.
This vulnerability is identified as CVE-2026-41723. The attack can be initiated remotely. There is not any exploit available.
Upgrading the affected component is recommended.
vuldb.com
CVE-2026-41722 | VMware VCF operations cross site scripting
2 weeks 3 days ago
A vulnerability was found in VMware VCF operations, Aria Operations and Telco Cloud Platform and classified as problematic. Affected is an unknown function. Such manipulation leads to cross site scripting.
This vulnerability is referenced as CVE-2026-41722. It is possible to launch the attack remotely. No exploit is available.
It is suggested to upgrade the affected component.
vuldb.com
The Gentleman
2 weeks 3 days ago
You must login to view this content
cohenido
The Gentleman
2 weeks 3 days ago
You must login to view this content
cohenido
CVE-2026-3238 | Samba WINS Service null pointer dereference
2 weeks 3 days ago
A vulnerability has been found in Samba and classified as problematic. This impacts an unknown function of the component WINS Service. This manipulation causes null pointer dereference.
The identification of this vulnerability is CVE-2026-3238. It is possible to initiate the attack remotely. There is no exploit available.
vuldb.com
一图读懂 | 公共安全行业标准 GA/T 2347—2025《信息安全技术 网络安全等级保护云计算测评指引》
2 weeks 3 days ago
国家安全部提示:“AI中转站”风险不容小觑
2 weeks 3 days ago
国家安全部提示:“AI中转站”风险不容小觑一段时间以来,随着人工智能应用需求的迅猛增长,批量提供海内外大模型访问服务的 “AI中转站” 在国内迅速走红。然而也因粗放发展、无序运营滋生了一系列安全风险。
Из «Антифрода 2.0» исключили обязательное подтверждение значимых действий через мессенджер Max
2 weeks 3 days ago
Банки и операторы связи обяжут компенсировать похищенное мошенниками.
可疑的 Polyfill 登录提示出现在东芝和无印良品网站上
2 weeks 3 days ago
科技巨头东芝和大型零售商无印良品警告访客,其网站上出现的可疑登录弹窗可能会窃取用户凭证。 这两家日本公司均建议在认证界面中输入了账户登录信息的用户立即更改密码,以保护其服务账户安全。 这些登录弹窗由托管在 polyfill[.]io 的外部服务生成。该服务于 2024 年在其 CDN 分发的脚本中引入了恶意代码。 东芝在一则简短通报中表示:「我们已确认,我们网站的某些部分可能会...
hackernews
可疑的 Polyfill 登录提示出现在东芝和无印良品网站上
2 weeks 3 days ago
error code: 1003
关键 Everest Forms Pro 漏洞被利用,可接管 WordPress 网站
2 weeks 3 days ago
黑客正在积极利用 Everest Forms Pro 插件中的一个关键漏洞(CVE-2026-3300),该漏洞可让他们完全控制 WordPress 网站。 该安全问题影响插件 1.9.12 及更早版本,无需身份验证即可被利用,在服务器上执行任意代码。 Everest Forms Pro 是 WordPress 表单构建插件 Everest Forms 的商业附加组件。它用于创建联系表单、注册表单...
hackernews
关键 Everest Forms Pro 漏洞被利用,可接管 WordPress 网站
2 weeks 3 days ago
error code: 1003