Aggregator

Debian 发布团队宣布 Debian 项目的软件包将要求可复现构建。发布团队将阻止迁移无法复现的新软件包，或者在可复现性上出现性能下降的现有软件包。对于可复现（reproducible）的具体含义，开发者指的是在 Debian 构建环境实例中进行构建。

Debian 发布团队宣布 Debian 项目的软件包将要求可复现构建。发布团队将阻止迁移无法复现的新软件包，或者在可复现性上出现性能下降的现有软件包。对于可复现（reproducible

The Polish clinical laboratory network Optimed has formally apprised its patients of a cyber offensive that may have

The post Optimed Cyberattack Exposes PESEL and Lab Results—Immediate Steps for Patients appeared first on Penetration Testing Tools.

A supply chain attack that started with a relatively obscure open-source scanner has now reached one of the most widely used application security tools in the industry. In May 2026, a malicious version of the Checkmarx Jenkins AST plugin was quietly published to the Jenkins Marketplace, exposing development pipelines to credential theft and unauthorized access. […]

The post TeamPCP Compromised Checkmarx Jenkins AST Plugin Following KICS Supply Chain Attack appeared first on Cyber Security News.

In a seminal transgression, adversaries have endeavored to compromise municipal water infrastructure by wielding the sophisticated cognitive capabilities

The post AI’s Zero-Day Move: How Claude and GPT-4.1 Orchestrated the First Major Assault on Industrial Water Systems appeared first on Penetration Testing Tools.

Vim Tabpanel Modeline 远程命令执行漏洞分析（CVE-2026-34714）

本文主要面向初学者，系统性地介绍了Python部分语言特性、Flask基本机制、Jinja2模板引擎特性、Payload的各种构造思路等，期望解决当前简中互联网上关于Python Web安全系统性资料的缺失，希望能帮助更多初学者。

Anthropic has asserted that the instances of artificial intelligence resorting to blackmail during evaluations were not indicative of

The post The “Evil AI” Loop: How Anthropic Fixed Claude’s Blackmail Behavior and Solved Agentic Misalignment appeared first on Penetration Testing Tools.

通过历史漏洞的利用加一些小技巧成功shell，请勿利用文章内的相关技术从事非法测试，仅作技术分享目的。

2026新春杯web方向除java题以外加域渗透wp

Users of Android smartphones operating without Google services have begun to encounter a formidable new obstacle: websites fortified

The post The “De-Googled” Dilemma: How Google is Using reCAPTCHA to Block Privacy-Focused Android Users appeared first on Penetration Testing Tools.

Vulnerability / Network SecurityAmerican educational technology company Instructure, the parent co

American educational technology company Instructure, the parent company of Canvas, said it reached an "agreement" with a decentralized cybercrime extortion group after it breached its network and threatened to leak stolen information from thousands of schools and universities. In an update shared on Monday, the Utah-based firm said it "reached an agreement with the unauthorized actor involved in

The TrustedVolumes platform, a vital conduit for transactions across several decentralized finance protocols, was divested of approximately $6.7

The post DeFi Security Alert: TrustedVolumes Drained of $6.7M—Why 1inch Says Its Users Are Safe appeared first on Penetration Testing Tools.

За знакомой кнопкой скачивания прячется цепочка, рассчитанная на невнимательность и спешку.

5月30日，我们北京见，欢迎报名！

In a chilling blow to mobile security, Google’s May 2026 Android Security Bulletin has unmasked a catastrophic zero-click vulnerability lurking within the core Android System. The CVE-2026-0073 flaw in Android’s adbd daemon lets nearby threat actors remotely gain full shell access without victim interaction. Unearthed by BARGHEST security researchers, this critical cryptographic breakdown completely shatters […]

The post PoC Exploit Released for Android Zero-Click Vulnerability that Enables Remote Shell Access appeared first on Cyber Security News.

各大制造商多年来日益加强了对其安卓手机的锁定，阻止用户获得Root访问权限。三星也不例外，因为它将Galaxy S26系列严加锁定。然而，部分Galaxy S26机型刚被通过明显的漏洞彻底破解Root

A vulnerability, which was classified as critical, has been found in zephyrproject-rtos Zephyr up to 4.3. This vulnerability affects unknown code of the component IPv4 Address Handler. Performing a manipulation results in uncontrolled recursion. This vulnerability is reported as CVE-2026-1681. The attack requires a local approach. No exploit exists.

A vulnerability classified as problematic was found in Axis Communications AB AXIS OS up to 12.10.35. This affects an unknown part of the component Configuration File Handler. Such manipulation leads to incorrect permission assignment. This vulnerability is documented as CVE-2026-1185. The attack can be executed remotely. There is not any exploit available. Upgrading the affected component is advised.