vLLM 供应链攻击RCE (CVE-2026-22807) 全链路分析
详细分析了最新的CVE-2026-22807
Aggregator
CVE-2026-22039:Kyverno 跨命名空间权限提升精解
18 hours 1 minute ago
漏洞描述Kyverno 是一个为云原生平台工程团队设计的策略引擎。1.16.3 和 1.15.3 之前的版本在命名空格的 Kyverno Policy apiCall 中设有关键授权边界绕过。解析后的“urlPath”通过Kyverno准入控制器ServiceAccount执行,且不强制请求仅限于策略命名空间。因此,任何有权限创建命名空间策略的认证用户都可以让 Kyverno 使用其准入控制器身份
禅道 21.7.8漏洞挖掘
18 hours 16 minutes ago
禅道最新版的一个任意文件读取,两个任意文件删除
From MSSP to Autonomous SOC: Replacing Linear Headcount with Infinite Compute
18 hours 56 minutes ago
MSSPs optimize for SLA metrics, not security outcomes. Autonomous SOC platforms like Morpheus can replace them at 10x lower cost.
The post From MSSP to Autonomous SOC: Replacing Linear Headcount with Infinite Compute appeared first on D3 Security.
The post From MSSP to Autonomous SOC: Replacing Linear Headcount with Infinite Compute appeared first on Security Boulevard.
Shriram Sharma
DeepChat FilePresenter 任意文件读取写入漏洞(可读取明文 key)
19 hours 4 minutes ago
DeepChat FilePresenter 组件未校验路径参数,导致通过 ../ 路径遍历可读写 userData 目录外任意文件,包括明文存储的 API 密钥。
揭秘开源神器:TruffleHog,守护你的代码安全防线
19 hours 17 minutes ago
在数字化浪潮席卷全球的今天,代码安全已成为企业生存的命脉。从GitHub到GitLab,从开源项目到企业私有仓库,代码泄露事件频发,让无数开发者夜不能寐。
使用EtherHiding技术隐藏C2通信流量窃密木马样本分析
19 hours 39 minutes ago
使用EtherHiding技术隐藏C2通信流量窃密木马样本分析
DragonForce
19 hours 53 minutes ago
You must login to view this content
cohenido
DragonForce
19 hours 53 minutes ago
You must login to view this content
cohenido
DragonForce
19 hours 53 minutes ago
You must login to view this content
cohenido
DragonForce
19 hours 54 minutes ago
You must login to view this content
cohenido
DragonForce
19 hours 54 minutes ago
You must login to view this content
cohenido
2026 Predictions: AI Is Breaking Identity, Data Security
20 hours 7 minutes ago
Agentic AI Is Reshaping Security Faster Than Traditional Defenses Can Keep Up
Agentic artificial intelligence is fundamentally altering organizational workflows and how risk materializes. In 2026, emerging cybersecurity trends will push organizations to move from deterministic, rule-based risk models toward adaptive models built for autonomous, non-deterministic systems.
Agentic artificial intelligence is fundamentally altering organizational workflows and how risk materializes. In 2026, emerging cybersecurity trends will push organizations to move from deterministic, rule-based risk models toward adaptive models built for autonomous, non-deterministic systems.
New NCSC-Led OT Security Guidance for Nuclear Reactors
20 hours 7 minutes ago
Four Principles Positioning the Nuclear Ecosystem for Long-Term Cyber Resilience
OT weaknesses are compounding across utilities, with 22% of critical infrastructure firms reporting OT incidents and external access driving half of breaches. U.K. NCSC's new guidance outlines connectivity principles that utilities can embed to avoid costly retrofits and compliance issues.
OT weaknesses are compounding across utilities, with 22% of critical infrastructure firms reporting OT incidents and external access driving half of breaches. U.K. NCSC's new guidance outlines connectivity principles that utilities can embed to avoid costly retrofits and compliance issues.
Can AI Ads Pay the Bills?
20 hours 7 minutes ago
OpenAI Tests Promos, Anthropic Rejects Them Amid Rising Compute Costs
OpenAI has a problem: Most users don't pay for access to ChatGPT. The company is now doing what almost every Silicon Valley company before it has done and turning to digital advertising. Whether ads can bridge OpenAI's well-documented revenue gap without users fleeing is another question.
OpenAI has a problem: Most users don't pay for access to ChatGPT. The company is now doing what almost every Silicon Valley company before it has done and turning to digital advertising. Whether ads can bridge OpenAI's well-documented revenue gap without users fleeing is another question.
The ROI Reckoning Is Coming for AI
20 hours 7 minutes ago
CIOs Say Stalled Pilots, Vendor Regret and Growing Fatigue Stifle AI Ambition
These may be the halcyon days for enterprise artificial intelligence, where money and ambition are only hindered by imagination as tech vendors race to gain a competitive edge. But CIOs say they're feeling increasing pressure to show ROI - and the reckoning is coming soon.
These may be the halcyon days for enterprise artificial intelligence, where money and ambition are only hindered by imagination as tech vendors race to gain a competitive edge. But CIOs say they're feeling increasing pressure to show ROI - and the reckoning is coming soon.
Proofpoint Purchases Startup Acuvity to Bolster AI Security
20 hours 7 minutes ago
Deal Targets GenAI Risks, Prompt Injection Attacks and Autonomous Agents
Proofpoint has acquired AI security startup Acuvity to address fast-evolving risks tied to generative AI, prompt injection and autonomous agents. The company says intent-based guardrails and deep AI forensics will help enterprises secure tools such as ChatGPT, Claude and emerging agent frameworks.
Proofpoint has acquired AI security startup Acuvity to address fast-evolving risks tied to generative AI, prompt injection and autonomous agents. The company says intent-based guardrails and deep AI forensics will help enterprises secure tools such as ChatGPT, Claude and emerging agent frameworks.
'Crazy' Hackers Strike Through Remote Monitoring Software
20 hours 7 minutes ago
VoidCrypt Ransomware Variant Taps RMM Tools, Says Huntress
Management isn't the only advocate for employee monitoring software, according to new research from cybersecurity firm Huntress. RMM tools - simultaneously open to remote connections and with privileged local access - are good for wiggling into corporate networks.
Management isn't the only advocate for employee monitoring software, according to new research from cybersecurity firm Huntress. RMM tools - simultaneously open to remote connections and with privileged local access - are good for wiggling into corporate networks.
CVE-2024-51962 | ESRI ArcGIS Server 10.9.1/11.1/11.2/11.3 Edit Operation sql injection
20 hours 29 minutes ago
A vulnerability was found in ESRI ArcGIS Server 10.9.1/11.1/11.2/11.3. It has been rated as critical. Affected by this issue is some unknown functionality of the component Edit Operation Handler. Performing a manipulation results in sql injection.
This vulnerability is identified as CVE-2024-51962. The attack can be initiated remotely. There is not any exploit available.
vuldb.com
CVE-2024-51954 | ESRI ArcGIS Server 10.9.1/11.1/11.2/11.3 on Windows access control
20 hours 29 minutes ago
A vulnerability categorized as critical has been discovered in ESRI ArcGIS Server 10.9.1/11.1/11.2/11.3 on Windows. This affects an unknown part. Executing a manipulation can lead to improper access controls.
This vulnerability is tracked as CVE-2024-51954. The attack can be launched remotely. No exploit exists.
vuldb.com