黑客利用React Native Metro高危漏洞入侵开发者系统
该漏洞的根源在于Metro服务器的/open-url HTTP端点会接收POST请求中用户提交的URL参数,且该参数未经任何安全清理,便直接传递给系统的open()函数执行。
Aggregator
AI真的能取代人类吗?提升效率利用AI辅助写代码,真的靠谱吗?
2 days 10 hours ago
希望每一位程序员朋友,都能既享受AI带来的便利,也守住安全的底线。AI是工具,高效是目标,安全才是根本。
Cyber risk is becoming a hold-period problem for private equity firms
2 days 10 hours ago
Private equity firms have spent years treating cybersecurity as an IT hygiene issue inside portfolio companies. That approach is getting harder to sustain as ransomware, data theft, and regulatory pressure interfere with value creation during the hold period. Has cybersecurity risk had any financial impact on your portfolio companies? (Source: Kroll) A recent Kroll survey of 325 private equity portfolio leaders found that 80% of firms experienced some form of disruption tied to cybersecurity risk … More →
The post Cyber risk is becoming a hold-period problem for private equity firms appeared first on Help Net Security.
Anamarija Pogorelec
Вышла новая Windows, но она не для вас. И, скорее всего, даже не для вашего ноутбука
2 days 11 hours ago
Почему версия 26H1 станет головной болью для разработчиков старого софта.
JVN: FileZenにおけるOSコマンドインジェクションの脆弱性
2 days 11 hours ago
株式会社ソリトンシステムズが提供するFileZenには、OSコマンドインジェクションの脆弱性が存在します。
Ваша популярность — липа. НАТО доказало, что купить 200 тысяч просмотров проще, чем сходить в ресторан
2 days 11 hours ago
Алгоритмы больше не справляются с натиском цифровых призраков.
JVN: ZOLL ePCR IOS Mobile Applicationにおける外部からアクセス可能なファイルやディレクトリへの機微な情報の保存の脆弱性
2 days 11 hours ago
ZOLLが提供するZOLL ePCR IOS Mobile Applicationには、外部からアクセス可能なファイルやディレクトリへの機微な情報の保存の脆弱性が存在します。
Сначала — любопытство, потом — утечка. Как одна вредоносная надстройка для PowerPoint открывает хакерам доступ к секретным документам
2 days 12 hours ago
Разбираем изнанку работы группировок, которые ценят терпение выше ярких спецэффектов.
注意喚起: FileZenにおけるOSコマンドインジェクションの脆弱性(CVE-2026-25108)に関する注意喚起 (公開)
2 days 12 hours ago
Anubis
2 days 12 hours ago
You must login to view this content
cohenido
JVN: Siemens製品に対するアップデート(2026年2月)
2 days 12 hours ago
Siemensから各製品向けのアップデートが公開されました。
JVN: Siemens製品に対するアップデート(2026年1月)
2 days 12 hours ago
Siemensから各製品向けのアップデートが公開されました。
JVN: Siemens製品に対するアップデート(2025年12月)
2 days 12 hours ago
Siemensから各製品向けのアップデートが公開されました。
CVE-2026-21877:n8n Git 节点任意文件写入漏洞分析 (三)
2 days 12 hours ago
本篇是 n8n 漏洞分析系列的第三篇。在此前,我们分析了利用裸仓库特性的 CVE-2025-62726 和利用配置注入的 CVE-2025-65964。而今天要分析的 CVE-2026-21877,它利用 Git 节点的 `Clone` 操作,可以将恶意仓库的内容写入服务器的任意目录,进而导致远程命令执行漏洞。
toC 的 AI 社交产品,终于出来一个「有胆有趣」的
2 days 12 hours ago
这是一个对 AI 的「动态记忆」,和「代理机制」在社交大赛道的先锋试验。
CVE-2026-20634 | Apple macOS/watchOS/visionOS/iOS/iPadOS/tvOS up to 26.2 Image memory corruption
2 days 12 hours ago
A vulnerability marked as critical has been reported in Apple macOS, watchOS, visionOS, iOS, iPadOS and tvOS up to 26.2. The impacted element is an unknown function of the component Image Handler. The manipulation leads to memory corruption.
This vulnerability is documented as CVE-2026-20634. The attack can be initiated remotely. There is not any exploit available.
It is suggested to upgrade the affected component.
vuldb.com
CVE-2026-20652 | Apple Safari/macOS/visionOS/iOS/iPadOS up to 26.2 denial of service
2 days 12 hours ago
A vulnerability described as problematic has been identified in Apple Safari, macOS, visionOS, iOS and iPadOS up to 26.2. This affects an unknown function. The manipulation results in denial of service.
This vulnerability is reported as CVE-2026-20652. The attack can be launched remotely. No exploit exists.
Upgrading the affected component is recommended.
vuldb.com
CVE-2026-20635 | Apple Safari/macOS/watchOS/visionOS/iOS/iPadOS/tvOS up to 26.2 Web memory corruption
2 days 12 hours ago
A vulnerability, which was classified as critical, was found in Apple Safari, macOS, watchOS, visionOS, iOS, iPadOS and tvOS up to 26.2. This issue affects some unknown processing of the component Web Handler. The manipulation results in memory corruption.
This vulnerability is known as CVE-2026-20635. It is possible to launch the attack remotely. No exploit is available.
You should upgrade the affected component.
vuldb.com
CVE-2026-20644 | Apple Safari/macOS/visionOS/iOS/iPadOS up to 26.2 Web memory corruption
2 days 12 hours ago
A vulnerability was found in Apple Safari, macOS, visionOS, iOS and iPadOS up to 26.2 and classified as critical. The affected element is an unknown function of the component Web Handler. Such manipulation leads to memory corruption.
This vulnerability is uniquely identified as CVE-2026-20644. The attack can be launched remotely. No exploit exists.
It is suggested to upgrade the affected component.
vuldb.com
CVE-2026-20650 | Apple macOS/watchOS/visionOS/iOS/iPadOS/tvOS up to 26.2 Bluetooth denial of service
2 days 12 hours ago
A vulnerability was found in Apple macOS, watchOS, visionOS, iOS, iPadOS and tvOS up to 26.2. It has been declared as problematic. This affects an unknown function of the component Bluetooth Handler. Executing a manipulation can lead to denial of service.
The identification of this vulnerability is CVE-2026-20650. The attack needs to be done within the local network. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com