Aggregator

2026年5月初，一条不起眼的消息从以色列安全圈子里流出来：两名以色列空军人员被捕，指控是替伊朗从事间谍活动

在很多外行想象里，现代情报机关像一间巨大的作战大厅：卫星在天上看，监听站在远处听，线人在街角报，AI在后台算，

A vulnerability marked as critical has been reported in Google Chrome. Affected by this vulnerability is an unknown functionality of the component Skia. This manipulation causes use after free. This vulnerability appears as CVE-2026-7920. The attack may be initiated remotely. There is no available exploit. It is suggested to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Google Chrome. This issue affects some unknown processing of the component Aura. The manipulation leads to use after free. This vulnerability is uniquely identified as CVE-2026-7919. The attack is possible to be carried out remotely. No exploit exists. It is advisable to upgrade the affected component.

A vulnerability was found in Google Chrome. It has been classified as critical. Affected by this issue is some unknown functionality of the component Passwords. This manipulation causes use after free. This vulnerability is handled as CVE-2026-7921. The attack can be initiated remotely. There is not any exploit available. Upgrading the affected component is recommended.

A vulnerability described as critical has been identified in Google Chrome. Affected by this issue is some unknown functionality of the component GPU. Such manipulation leads to use after free. This vulnerability is traded as CVE-2026-7918. The attack may be launched remotely. There is no exploit available. Upgrading the affected component is recommended.

A vulnerability classified as critical has been found in Google Chrome on Windows. This affects an unknown part of the component Fullscreen. Performing a manipulation results in use after free. This vulnerability is known as CVE-2026-7917. Remote exploitation of the attack is possible. No exploit is available. It is recommended to upgrade the affected component.

Meta 最近开始在美国员工电脑上安装追踪软件，捕捉员工鼠标移动、点击和按键数据以用于训练 AI 模型，此举是该公司构建能自动执行工作任务的 AI 智能体的大计划的一部分。被称为 Model Capability Initiative(MCI)的工具将在工作相关应用和网站上运行，会不定时截取屏幕内容的快照。本周二 Meta 员工在多个办公室散发传单抗议公司的跟踪软件。传单出现在办公室会议室、自动售货机和卫生纸架上，鼓励员工签署一份反对跟踪软件的在线请愿书。传单和请愿书援引了法律 U.S. National Labor Relations Act，称当选择组织起来改善工作条件时员工的行为受到法律保护。

Meta 最近开始在美国员工电脑上安装追踪软件，捕捉员工鼠标移动、点击和按键数据以用于训练 AI 模型，此举是该公司构建能自动执行工作任务的 AI 智能体的大计划的一部分。被称为 Mode

Евросоюз обещал прозрачность, но оставил за ширмой самое интересное.

周二，谷歌推出一项安卓新功能 “入侵日志”，该功能默认不开启，用于存储取证日志，以便更好地分析复杂的间谍软件攻击。   谷歌表示，“入侵日志” 作为 “高级保护模式” 的一部分，可实现 “持久且保护隐私的取证日志记录，以便在设备疑似遭到入侵时进行调查”。   谷歌补充称，该功能是与国...

error code: 1003

A vulnerability marked as critical has been reported in Linux Kernel. This impacts an unknown function of the component XFRM ESP-in-TCP Subsystem. Performing a manipulation results in write-what-where condition. This vulnerability is identified as CVE-2026-46300. The attack is only possible with local access. Additionally, an exploit exists.

A vulnerability, which was classified as problematic, was found in GitLab Community Edition and Enterprise Edition up to 18.9.6/18.10.5/18.11.2. This impacts an unknown function. The manipulation results in cross-site request forgery. This vulnerability is cataloged as CVE-2026-4527. The attack may be launched remotely. There is no exploit available. You should upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in GitLab Community Edition and Enterprise Edition up to 18.9.6/18.10.5/18.11.2. This affects an unknown function. The manipulation leads to allocation of resources. This vulnerability is listed as CVE-2026-8280. The attack may be initiated remotely. There is no available exploit. It is advisable to upgrade the affected component.

A vulnerability classified as problematic was found in GitLab Community Edition and Enterprise Edition up to 18.9.6/18.10.5/18.11.2. The impacted element is an unknown function of the component Private Group Handler. Executing a manipulation can lead to missing authorization. This vulnerability is tracked as CVE-2026-8144. The attack can be launched remotely. No exploit exists. Upgrading the affected component is advised.

A vulnerability classified as problematic has been found in GitLab Enterprise Edition up to 18.9.6/18.10.5/18.11.2. The affected element is an unknown function. Performing a manipulation results in cross site scripting. This vulnerability is identified as CVE-2026-7481. The attack can be initiated remotely. There is not any exploit available. It is recommended to upgrade the affected component.

A vulnerability described as critical has been identified in GitLab Enterprise Edition up to 18.9.6/18.10.5/18.11.2. Impacted is an unknown function. Such manipulation leads to server-side request forgery. This vulnerability is referenced as CVE-2026-7471. It is possible to launch the attack remotely. No exploit is available. Upgrading the affected component is recommended.

A vulnerability marked as problematic has been reported in GitLab Enterprise Edition up to 18.9.6/18.10.5/18.11.2. This issue affects some unknown processing of the component Analytics Dashboard. This manipulation causes cross site scripting. The identification of this vulnerability is CVE-2026-7377. It is possible to initiate the attack remotely. There is no exploit available. It is suggested to upgrade the affected component.