Aggregator

A vulnerability categorized as problematic has been discovered in louislam uptime-kuma up to 2.2.0. This affects the function require.resolve of the file notification-provider.js. Such manipulation leads to improper control of filename for include/require statement in php program ('php remote file inclusion'). This vulnerability is uniquely identified as CVE-2026-33130. The attack can be launched remotely. No exploit exists. It is advisable to upgrade the affected component.

“银狐”木马再升级：专挑VPN用户下手，下载页面全是高仿

应对OpenClaw漏洞危机 360龙虾卫士筑牢智能体安全防线！

速修复

速修复

从稳定可测到分散隐匿：伊朗黑客基础设施部署三阶段蜕变。

公司称遭遇DDoS攻击，已恢复正常

Рассказываем о провале, который поставил под удар миллионы устройств.

营造清朗的网络空间，保护企业合法权益，是为数字经济与实体经济融合发展保驾护航的重要举措。目前，我国已初步构建起涉企网络侵权举报制度体系，有关部门出台的相关工作规范和指导意见，明确了平台处置涉企侵权信息的责任。但面对由AI技术赋能的网络水军……

数据作为数字经济时代的关键生产要素，其产权制度的构建与完善直接关系到国家创新活力和经济发展潜力。党的二十届三中全会《决定》明确提出“加快建立数据产权归属认定、市场交易、权益分配、利益保护制度”，为数据基础制度建设指明了方向。

3月19日，华为中国合作伙伴大会2026在深圳举行。大会以“因聚而升，融智有为”为主题，旨在通过“伙伴+华为”体系在战略、能力、价值的全面融合与协同，共筑数智化升级新引擎。

根据国家信息安全漏洞库（CNNVD）统计，近期共采集重要人工智能漏洞155个，CNNVD对这些漏洞进行了收录。本周人工智能类漏洞主要涵盖了OpenClaw、腾讯、HCL等多个厂商（项目）。CNNVD对其危害等级进行了评价，其中超危漏洞18个，高危漏洞56个，中危漏洞81个。

此次修法将关基安全保护的法律责任作为重点关切，通过体系化、梯度化的责任设计，切实推动运营者履行安全保护主体责任，并进一步完善网络产品和服务责任链条，全面提升关基供应链安全水平，充分彰显法治建设与时代发展协同适配的治理逻辑。

In our recent report, Beyond the Black Box, we found a striking gap: 80% of executives believe their organizations have strong security coverage for AI systems. Only about 40% of AppSec practitioners agree.

Related: AI moves mainstream

That’s not … (more…)

The post GUEST ESSAY: Executives trust AI security even as security teams confront blind spots, new risks first appeared on The Last Watchdog.

The post GUEST ESSAY: Executives trust AI security even as security teams confront blind spots, new risks appeared first on Security Boulevard.

A vulnerability was found in TotalSuite TotalContest Lite Plugin up to 2.9.1 on WordPress. It has been rated as problematic. The impacted element is an unknown function. This manipulation causes deserialization. This vulnerability is handled as CVE-2026-0677. The attack can be initiated remotely. There is not any exploit available.

A vulnerability was found in blakeblackshear frigate up to 0.16.x. It has been declared as critical. The affected element is an unknown function of the file /users/{username}/password of the component Password Reset Handler. The manipulation results in improper authentication. This vulnerability is known as CVE-2026-33124. It is possible to launch the attack remotely. No exploit is available. It is recommended to upgrade the affected component.

A vulnerability was found in blakeblackshear frigate up to 0.16.2. It has been classified as critical. Impacted is an unknown function. The manipulation leads to improper authorization. This vulnerability is traded as CVE-2026-33125. It is possible to initiate the attack remotely. There is no exploit available. Upgrading the affected component is recommended.

A vulnerability was found in PinchTab up to 0.8.2 and classified as critical. This issue affects the function validateDownloadURL of the file /download of the component Internal Service. Executing a manipulation can lead to server-side request forgery. This vulnerability appears as CVE-2026-33081. The attack may be performed from remote. There is no available exploit. It is suggested to upgrade the affected component.

A vulnerability has been found in h3js h3 up to 1.15.5 and classified as problematic. This vulnerability affects the function formatEventStreamMessage of the component SSE Message Handler. Performing a manipulation of the argument id/event/data/comment results in crlf injection. This vulnerability is reported as CVE-2026-33128. The attack is possible to be carried out remotely. No exploit exists. The affected component should be upgraded.

关注高级攻防对抗技术热点，研究对手技术进行高级威胁模拟，研判攻击安全发展方向。