Aggregator

TrendAI™ integrates Anthropic's Claude Compliance API into TrendAI Vision One™ through two collectors that bring AI-aware visibility and detection to Claude Enterprise usage: one keeps all data inside the environment, while the other feeds TrendAI Vision One™ for deeper correlation and compliance.

Two separate Russia-aligned campaigns are still exploiting the WinRAR flaw CVE-2025-8088 against Ukrainian organizations nearly a year after it was patched, showing how unmanaged software keeps an exploited entry point open long after the fix ships.

OpenEMR 7.0.2 - Arbitrary File Read

本期周报简介： 1、针对开源邮件安全检测系统，尤其是基于小模型或零样本模型的方案，在实际选型中会考虑吗？防钓鱼、防木马的优缺点分别在哪？ 2、内部邮箱被盗后，如何有效阻止其向全员群发钓鱼邮件？还有哪些实操中好用的网关检测或发送限制手段？

快来注册体验吧~

《能源行业数据安全管理办法（试行）》

环境异常 当前环境异常，完成验证后即可继续访问。 去验证

环境异常 当前环境异常，完成验证后即可继续访问。 去验证

环境异常 当前环境异常，完成验证后即可继续访问。 去验证

环境异常 当前环境异常，完成验证后即可继续访问。 去验证

环境异常 当前环境异常，完成验证后即可继续访问。 去验证

环境异常 当前环境异常，完成验证后即可继续访问。 去验证

文末有两种获取方法

随着CDN加速和各类安全防护的普及，大量网站的真实IP被层层隐藏，用户只能接触到经CDN中转的代理节点。当我们需要对目标网站进行技术分析、安全评估，或排查源服务器故障时，找到那张被层层遮挡的“真实面孔”。

A vulnerability labeled as critical has been found in openlabs docker-wkhtmltopdf-aas. This vulnerability affects unknown code of the file app.py of the component POST Request Handler. Executing a manipulation can lead to os command injection. This vulnerability is registered as CVE-2026-36576. The attack requires access to the local network. No exploit is available.

A vulnerability marked as problematic has been reported in gobgp 4.3.0. This issue affects the function BGPUpdate.DecodeFromBytes of the file /bgp/bgp.go of the component BGP Handler. The manipulation leads to integer underflow. This vulnerability is documented as CVE-2026-37462. The attack can be initiated remotely. There is not any exploit available.

A vulnerability was found in RockRMS up to 16.13/17.7.0. It has been classified as problematic. Affected by this issue is some unknown functionality of the component User Profile Handler. This manipulation causes cross site scripting. The identification of this vulnerability is CVE-2026-36748. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability classified as critical has been found in Mercusys AC12G. This issue affects some unknown processing of the component Kernel Memory Handler. This manipulation causes information disclosure. This vulnerability is registered as CVE-2026-36602. The attack requires access to the local network. No exploit is available.

A vulnerability, which was classified as critical, has been found in Mercusys AC12G. The affected element is an unknown function of the component DDNS Service. Performing a manipulation results in channel accessible by non-endpoint. This vulnerability is reported as CVE-2026-36610. The attacker must have access to the local network to execute the attack. No exploit exists.