Aggregator

A vulnerability was found in OpenClaw up to 2026.5.11 and classified as problematic. Affected by this issue is some unknown functionality of the component Slack Plugin. Such manipulation leads to incorrect authorization. This vulnerability is referenced as CVE-2026-32906. It is possible to launch the attack remotely. No exploit is available. It is suggested to upgrade the affected component.

A vulnerability has been found in OpenClaw up to 2026.5.17 and classified as critical. Affected by this vulnerability is an unknown functionality. This manipulation causes missing authorization. The identification of this vulnerability is CVE-2026-35630. It is possible to initiate the attack remotely. There is no exploit available. The affected component should be upgraded.

A vulnerability, which was classified as critical, was found in dokploy up to 0.29.1. Affected is an unknown function. The manipulation of the argument destinationPath results in command injection. This vulnerability was named CVE-2026-45663. The attack may be performed from remote. There is no available exploit.

A vulnerability, which was classified as critical, has been found in dokploy up to 0.29.0. This impacts the function shEscape of the file packages/server/src/services/registry.ts. The manipulation leads to os command injection. This vulnerability is uniquely identified as CVE-2026-45662. The attack is possible to be carried out remotely. No exploit exists.

A vulnerability classified as problematic was found in OpenClaw up to 2026.4.28. This affects an unknown function. Executing a manipulation can lead to incorrect authorization. This vulnerability is handled as CVE-2026-35673. The attack can be executed remotely. There is not any exploit available. Upgrading the affected component is advised.

A vulnerability classified as critical has been found in OpenClaw up to 2026.4.28. The impacted element is an unknown function of the component QQBot Admin Command Handler. Performing a manipulation results in incorrect authorization. This vulnerability is known as CVE-2026-34507. Remote exploitation of the attack is possible. No exploit is available. It is recommended to upgrade the affected component.

生活在美国数据中心周围的居民都有电费大幅上涨的经历。他们可能并不知道，部分电费账单其实是支付给英伟达的税。英伟达控制着 81% 的数据中心 AI 芯片市场，上个财年其数据中心业务收入 1937 亿美元，毛利率为 75%。对英伟达顶尖 GPU 芯片的拆解报告显示，其制造成本约 3300 美元，但售价高达 2.8 万美元，利润率高达 88%。如此高的利润其实是一种税，总要有人来承担。数据中心周围的居民就处于这条支付链条的末端。为了少给英伟达缴税，科技巨头都在竞相开发更便宜的 AI 加速芯片，如 Google 的 TPU、亚马逊的 Trainium、微软的 Maia 以及 Meta 的 MTIA，OpenAI 也在与博通合作设计 AI 芯片。但我们为什么要给英伟达缴税？

A newly analyzed ransomware strain called The Gentlemen is raising serious alarms across the cybersecurity community. Built in the Go programming language and obfuscated with a tool called Garble, it combines powerful per-file encryption with an aggressive ability to spread itself silently across entire networks without any human intervention. Organizations in education, healthcare, transportation, and […]

The post Ransomware Uses SYSTEM Scheduled Task to Encrypt Local Drives With Elevated Privileges appeared first on Cyber Security News.

大数据 AI 下的银狐威胁情报与向前防御 by ourren

将遏制网络犯罪的关口前移 by ourren

AI 渗透测试 Agent 的 Harness 工程演进、防御与我的思考 by ourren

更多最新文章，请访问SecWiki

提供 Flatpak 打包应用的 Linux 应用商店 Flathub 更新了其生成式 AI 政策，事实上禁止 AI 生成应用。Flathub 声明：不允许提交包含 AI 生成或 AI 辅助代码、文档或其它内容的应用。提交 AI 应用会直接被拒绝而无需进一步审查。屡次违反政策会导致被永久禁止提交应用。开发者表示他们受够了此类应用，但以前递交和批准的 AI 辅助编程应用不会被追溯，仍然可以正常使用。

A new threat actor tracked as JINX-0164 has been running calculated attacks against cryptocurrency organizations, using LinkedIn profiles to lure developers into downloading custom macOS malware. Active since at least mid-2025, the group has combined social engineering, credential theft, and supply chain sabotage into a seamless operation that puts the entire software development pipeline at […]

The post JINX-0164 Threat Actor Using LinkedIn Social Engineering to Deploy Custom macOS Malware appeared first on Cyber Security News.

Google 从本世纪初开始就支配着搜索引擎市场。为了让自家内容被搜索到所有媒体都要遵守 Google 制定的规则并以此进行优化，但如果有一天搜索引擎只为自己优化？这一天已经到来，Google 上周宣布将使用 Gemini 处理所有搜索查询。此前 Google 已经通过 AI Overview 冲击了所有媒体，导致它们的流量下降了四分之一之多。如今搜索巨人准备完全切断新闻业的生存之道。Facebook 和 X 等社媒平台通过限制链接（throttling links）确保用户留在自己的网站上而不是点击链接离开。通过转向 AI 搜索 Google 正在拥抱这一趋势，让用户在获取信息上更依赖机器而不是真人。鉴于 Google 的无处不在和无法避开，它正引领科技行业贬值人类的思想和人类本身。Google 恨你也恨我。

A wave of sophisticated supply chain attacks has put millions of software developers on high alert, with threat actors turning everyday developer tools into weapons for stealing credentials, cloud tokens, and source code. What makes these campaigns especially alarming is how they exploit the very systems developers trust most: their editors, automated pipelines, and version […]

The post Attackers Abuse Trusted Developer Tooling to Exfiltrate Source Code and Secrets appeared first on Cyber Security News.

This publication provides your organization with additional details on frontier AI, the associated risks and suggested mitigation measures to enhance your cyber security posture.

A threat actor using the alias Moelester claims to be selling a dataset allegedly originating from Swiss Medical, a major Argentine private healthcare and health-insurance company.

A threat actor using the alias ChimeraZ claims to have leaked a database allegedly belonging to Amepi (Amanda), described as the leading French cooperative platform for sharing exclusive listings among real-estate agencies.

Ask any developer who has run a container image scan what happens next, and you will hear the same story. The scanner returns 200 CVEs. Most are noise. A handful are real. The report gets closed, the image ships, and the vulnerabilities go with it. That gap between finding a problem and fixing it is […]

The post From 200 CVEs to Actionable Fixes – DockSec Brings AI to Container Security appeared first on Cyber Security News.

An unknown threat actor has been observed using a large language model (LLM) agent to conduct post-compromise actions after obtaining initial access following the exploitation of a publicly-accessible Marimo network using a recently disclosed vulnerability. "The attacker compromised an internet-reachable Marimo notebook via CVE-2026-39987, extracted two cloud credentials from the compromised

Authorities dismantle Russian-aligned hosting firm, FBI warns of in-person data thefts, and TrapDoor steals credentials via software supply chain attack.

A newly discovered malicious NuGet package masquerading as an official Sicoob software development kit (SDK) has been caught exfiltrating highly sensitive banking credentials, raising serious concerns about software supply chain security in financial ecosystems. The package, published under the name “Sicoob. Sdk,” targeted developers building integrations with Brazil’s Sicoob banking APIs and silently harvested authentication […]

The post Malicious NuGet Package as Sicoob SDK Exfiltrates Banking Passwords appeared first on Cyber Security News.