中国公司开发了逾 1500 个大模型
中国迄今为止发布了 1509 种大模型,以国家计算排名第一。其中评价提高的是阿里巴巴的 Qwen(千问)模型。
Hugging Face的数据,截至 2026 年 1 月千问系列的累计下载量超过 7 亿次,成为平台上下载量最多的开源 AI 模型。中国企业的战斗方式与美国企业不同的情况也很明显。美国 AI 以最尖端 GPU 和巨额投资为前提,而中国则以效率化、轻量化为核心确保竞争力。
Aggregator
«Уж лучше пусть следят из Китая». Американцы начали массово удалять TikTok после смены владельца
2 months 1 week ago
Отечественные спецслужбы пугают лояльную аудиторию куда сильнее внешней разведки.
CVE-2025-27821 | Apache HDFS Native Client up to 3.4.1 URI Parser out-of-bounds write (WID-SEC-2026-0216)
2 months 1 week ago
A vulnerability, which was classified as critical, has been found in Apache HDFS Native Client up to 3.4.1. This vulnerability affects unknown code of the component URI Parser. This manipulation causes out-of-bounds write.
This vulnerability appears as CVE-2025-27821. The attack may be initiated remotely. There is no available exploit.
It is advisable to upgrade the affected component.
vuldb.com
CVE-2026-24656 | Apache Karaf up to 2.11.x Decanter log-socket Collector deserialization
2 months 1 week ago
A vulnerability described as problematic has been identified in Apache Karaf up to 2.11.x. The affected element is an unknown function of the component Decanter log-socket Collector. Such manipulation leads to deserialization.
This vulnerability is listed as CVE-2026-24656. The attack may be performed from remote. There is no available exploit.
Upgrading the affected component is recommended.
vuldb.com
Energy sector targeted in multi-stage phishing and BEC campaign using SharePoint
2 months 1 week ago
Microsoft warns of a multi-stage phishing and BEC campaign hitting energy firms, abusing SharePoint links and inbox rules to steal credentials. Microsoft reports an active multi-stage phishing campaign targeting energy sector organizations. The campaign misused SharePoint file-sharing to deliver phishing links and created inbox rules to hide malicious activity and maintain persistence. After the initial […]
Pierluigi Paganini
CVE-2026-23003 | Linux Kernel up to 6.12.66/6.18.6/6.19-rc5 ip6_tunnel include/net/inet_ecn.h skb_vlan_inet_prepare information disclosure (EUVD-2026-4621 / Nessus ID 296526)
2 months 1 week ago
A vulnerability described as critical has been identified in Linux Kernel up to 6.12.66/6.18.6/6.19-rc5. Affected by this issue is the function skb_vlan_inet_prepare in the library include/net/inet_ecn.h of the component ip6_tunnel. The manipulation results in information disclosure.
This vulnerability is identified as CVE-2026-23003. The attack can only be performed from the local network. There is not any exploit available.
Upgrading the affected component is recommended.
vuldb.com
CVE-2026-23013 | Linux Kernel up to 6.12.66/6.18.6/6.19-rc5 octep_vf_request_irqs use after free (EUVD-2026-4616 / Nessus ID 296529)
2 months 1 week ago
A vulnerability classified as critical has been found in Linux Kernel up to 6.12.66/6.18.6/6.19-rc5. Impacted is the function octep_vf_request_irqs. Performing a manipulation results in use after free.
This vulnerability is identified as CVE-2026-23013. The attack can only be performed from the local network. There is not any exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2026-23007 | Linux Kernel up to 6.18.6/6.19-rc5 block uninitialized pointer (EUVD-2026-4628 / Nessus ID 296527)
2 months 1 week ago
A vulnerability, which was classified as critical, has been found in Linux Kernel up to 6.18.6/6.19-rc5. The impacted element is an unknown function of the component block. The manipulation leads to uninitialized pointer.
This vulnerability is listed as CVE-2026-23007. The attack must be carried out from within the local network. There is no available exploit.
It is advisable to upgrade the affected component.
vuldb.com
CVE-2026-23000 | Linux Kernel up to 6.12.66/6.18.6/6.19-rc5 mlx5e_netdev_change_profile null pointer dereference (EUVD-2026-4618 / Nessus ID 296528)
2 months 1 week ago
A vulnerability labeled as critical has been found in Linux Kernel up to 6.12.66/6.18.6/6.19-rc5. This affects the function mlx5e_netdev_change_profile. The manipulation results in null pointer dereference.
This vulnerability was named CVE-2026-23000. The attack needs to be approached within the local network. There is no available exploit.
The affected component should be upgraded.
vuldb.com
CVE-2025-58063 | CoreDNS up to 1.12.3 plugin/etcd/etcd.go numeric conversion (GHSA-93mf-426m-g6x9 / Nessus ID 296576)
2 months 1 week ago
A vulnerability identified as problematic has been detected in CoreDNS up to 1.12.3. This vulnerability affects unknown code of the file plugin/etcd/etcd.go. The manipulation leads to incorrect conversion between numeric types.
This vulnerability is documented as CVE-2025-58063. The attack can be initiated remotely. There is not any exploit available.
You should upgrade the affected component.
vuldb.com
极客无疆——2025京麒白帽大会暨JSRC年终盛典圆满落幕!
2 months 1 week ago
明年再会!
Poland repels data-wiping malware attack on energy systems
2 months 1 week ago
Suspected Russian cyber attackers tried to take down parts of Poland’s energy infrastructure with new data-wiping malware – and failed. According to information shared by the Polish government earlier this month, the attacks happened on 29 and 30 December 2025, and targeted two combined heat and power (CHP) plants and a system enabling the management of electricity generated from wind turbines and photovoltaic farms. Attack attribution “Everything indicates that these attacks were prepared by groups … More →
The post Poland repels data-wiping malware attack on energy systems appeared first on Help Net Security.
Zeljka Zorz
New Malware Toolkit Sends Users to Malicious Websites While the URL Stays the Same
2 months 1 week ago
Browser attacks have become far more dangerous and organized than before. A new threat called Stanley, discovered in January 2026, shows just how serious the problem has become. This malware-as-a-service toolkit, priced between $2,000 and $6,000, does something particularly deceptive: it displays fake websites to users while the URL bar keeps showing the legitimate address. […]
The post New Malware Toolkit Sends Users to Malicious Websites While the URL Stays the Same appeared first on Cyber Security News.
Tushar Subhra Dutta
$6000 за взлом Google Chrome. В сети нашли сервис, который гарантированно пропихивает вирусы в Chrome Web Store
2 months 1 week ago
Хакеры начали продавать сервис Stanley для незаметной подмены контента на популярных сайтах.
Okta Flags Customized, Reactive Vishing Attacks Which Bypass MFA
2 months 1 week ago
Threat actors posing as IT support teams use phishing kits to generate fake login sites in real-time to trick victims into handing over credentials
CVE-2016-15057 | Apache Continuum REST API command injection
2 months 1 week ago
A vulnerability categorized as critical has been discovered in Apache Continuum. This impacts an unknown function of the component REST API. Executing a manipulation can lead to command injection. This vulnerability only affects products that are no longer supported by the maintainer.
This vulnerability appears as CVE-2016-15057. The attack may be performed from remote. There is no available exploit.
It is recommended to use an alternative to replace the affected component.
vuldb.com
科学家识别定义“你”的脑电波
2 months 1 week ago
你与外部世界的界限在哪里?大脑如何判断这条界线?根据发表在《Nature Communications》期刊上的研究,瑞典和法国的研究人员让 106 名参与者体验“橡胶手错觉(rubber hand illusion)”,监测和刺激大脑活动,观察其产生的影响。实验将参与者的一只手藏起来,用橡胶手代替。当参与者的真手和假手同时被反复触摸时,会产生橡胶手是自己身体一部分的错觉。实验用脑电图(EEG)记录大脑活动,结果显示,身体所有权感似乎源于顶叶皮层——负责绘制身体地图、处理感觉输入和构建自我意识的大脑区域——的 α 波频率。加快 α 波会收缩受试者的身体所有权感,对细微的时间差异更加敏感。减慢 α 波则会产生相反的效果,更难区分自身身体和外部世界。
Qilin
2 months 1 week ago
You must login to view this content
cohenido
New Fake CAPTCHA Scam Abuses Microsoft Tools to Install Amatera Stealer
2 months 1 week ago
Another day, another fake CAPTCHA scam, but this one abuses Microsoft’s signed tools.
Deeba Ahmed
CISA Adds Five Known Exploited Vulnerabilities to Catalog
2 months 1 week ago
CISA has added five new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.
- CVE-2018-14634 Linux Kernel Integer Overflow Vulnerability
- CVE-2025-52691 SmarterTools SmarterMail Unrestricted Upload of File with Dangerous Type Vulnerability
- CVE-2026-21509 Microsoft Office Security Feature Bypass Vulnerability
- CVE-2026-23760 SmarterTools SmarterMail Authentication Bypass Using an Alternate Path or Channel Vulnerability
- CVE-2026-24061 GNU InetUtils Argument Injection Vulnerability
These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.
Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.
Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of KEV Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.
CISA