Aggregator

Go’s native fuzzing is useful, but it stands far behind state-of-the-art tooling that the Rust, C, a

Recent disclosures have revealed that open-source networking tool dnsmasq is grappling with a serious set of vulnerabilities. The problems span memory safety and input validation, with researchers identifying heap buffer overflows, heap corruption, and code execution bugs among the issues. Taken together, the security flaws open the door to various attacks: poisoning cached DNS entries, slipping past security controls, crashing the dnsmasq process, and in certain scenarios, escalating privileges locally. To address all of this, … More →

The post Six new dnsmasq vulnerabilities open the door to DNS cache poisoning, local root appeared first on Help Net Security.

据爆料人Jukan发布在X上的帖子称，英特尔即将获得特斯拉的订单，为其生产AI6芯片，这主要是因为特朗普政府对特斯拉施压。无论是最近宣布的苹果订单还是可能达成的特斯拉订单，这些都将成为特朗普政府中期选

阅读： 72026年4月至5月，全球人工智能治理领域迎来了两份具有里程碑意义的政策文件。4月30日，“五眼联盟”网络安全机构联合发布《Careful Adoptio

Researchers have exposed a catastrophic vulnerability hiding inside the “Claude in Chrome” extension. By weaponizing an otherwise harmless, zero-permission extension, invisible attackers can completely hijack the trusted AI assistant. Transform it into a malicious puppet that silently pillages private Gmail messages, restricted Google Drive documents, and secret GitHub repositories. This terrifying blind spot exposes the […]

The post Claude’s Chrome Extension Vulnerability Allows Malicious Extensions to Steal Gmail and Drive Data appeared first on Cyber Security News.

根据国家信息安全漏洞库（CNNVD）统计，本周（2026年5月4日至2026年5月10日）安全漏洞情况如下

Свежий пакет исправлений затрагивает WebKit, ядро системы, Spotlight, Команды и механизм скриншотов.

Agentic AI is already running in production environments across many organizations today. It is executing tasks, consuming data, and taking actions — most likely without meaningful involvement from the security team. The industry conversation has largely framed this as a question of policy: allow it, restrict it, or monitor it? However, that framing misses the point.  The more urgent

Agentic AI is already running in production environments across many organizations today. It is exe

中国市场监管总局今日发布公告，附加限制性条件批准腾讯控股有限公司收购喜马拉雅公司股权案。要求腾讯、喜马拉雅和集中后实体作出五项限制性承诺：不得提高在线音频播放平台服务价格、降低服务水平或者附加不合理交

Digg 今年一月初上线了一个 Reddit 克隆版本，提供类似的基于兴趣的社区。但两个月后就宣布关闭，理由是机器人账号泛滥。现在 Digg 准备再次尝试重启，这一次是转向它曾经的模样：新闻聚合。Digg 向 Beta 测试用户展示了新网站的预览，目标是追踪某个领域最具影响力的声音，推送真正值得关注的新闻。AI 是 Digg 目前测试的领域，如果成功将扩展到其他主题。Digg 会实时从 X 抓取内容以判断讨论热点，同时还会进行情感分析、聚类分析和信号检测，判断哪些内容最重要。

网络威胁情报团队DarkAtlas提出基于活动的APT归因框架

业内首次公开发现

环境异常 当前环境异常，完成验证后即可继续访问。 去验证

环境异常 当前环境异常，完成验证后即可继续访问。 去验证

Car manufacturer Škoda discovered that attackers had exploited a vulnerability in its online shop software and gained temporary unauthorized access to the system. What happened? After discovering the incident, the company took the shop offline as a precautionary measure, fixed the vulnerability, referred the incident to a specialized IT forensics team for technical analysis, and reported it to the data protection supervisory authority. “Technical analysis has revealed that access to data stored in the shop … More →

The post Škoda confirms unauthorized access to its online shop appeared first on Help Net Security.

这里提出了严峻的挑战，就是每个CPU需要有单独的kernel page table，尽管里面绝大多数内容应该是一模一样的（应该也是可以共享的），除了local mapping的这些percpu数据以外。在x86_64情况下，每个CPU通过将各自的。这个__per_cpu_local_off在各个CPU是一样的（关闭抢占也不再必要），当然它们对应的物理页面的位置确实是不同的。对于x86处理器而言，由于segment寄存器的存在，this_cpu_*操作可以一条指令完成，这个过程是原子的。

2026年4月全国受理网络违法和不良信息举报1686.1万件。

近年来，我国无人机保有量持续攀升、应用场景不断拓展。然而，个别人员因安全意识淡薄、操作不当，甚至故意违规，操控无人机侵入高铁线路区域或违法飞越铁路线路上空，给铁路运行安全带来极大隐患。