Aggregator

Гендиректор F6 Валерий Баулин сообщил о возможном выходе компании на биржу.

A vulnerability has been found in Mozilla Firefox up to 148 and classified as critical. The impacted element is an unknown function of the component Telemetry. The manipulation leads to sandbox issue. This vulnerability is listed as CVE-2026-4687. The attack may be initiated remotely. There is no available exploit. The affected component should be upgraded.

A vulnerability, which was classified as critical, was found in Mozilla Firefox up to 148. The affected element is an unknown function of the component Canvas2D. Executing a manipulation can lead to memory corruption. This vulnerability is tracked as CVE-2026-4686. The attack can be launched remotely. No exploit exists. You should upgrade the affected component.

A vulnerability was found in Mozilla Firefox up to 148. It has been declared as critical. Affected is an unknown function of the component Canvas2D. Such manipulation leads to memory corruption. This vulnerability is documented as CVE-2026-4685. The attack can be executed remotely. There is not any exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Mozilla Thunderbird up to 140.8/148. It has been classified as problematic. This impacts an unknown function of the component Email Handler. The manipulation leads to out-of-bounds read. This vulnerability is traded as CVE-2026-4371. It is possible to initiate the attack remotely. There is no exploit available. Upgrading the affected component is recommended.

A vulnerability, which was classified as critical, has been found in Mozilla Firefox up to 148. Impacted is an unknown function of the component WebRender. Performing a manipulation results in use after free. This vulnerability is identified as CVE-2026-4684. The attack can be initiated remotely. There is not any exploit available. It is advisable to upgrade the affected component.

A vulnerability was found in Mozilla Thunderbird up to 140.8/148. It has been rated as problematic. Affected by this vulnerability is an unknown functionality. This manipulation causes improper restriction of rendered ui layers. This vulnerability is handled as CVE-2026-3889. The attack can be initiated remotely. There is not any exploit available. Upgrading the affected component is advised.

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Adobe, Fortinet, Microsoft Exchange Server, and Microsoft Windows flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Apple, Laravel Livewire and Craft CMS flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws added to the catalog: Last week, […]

嗯，用户让我用中文总结一篇文章，控制在一百个字以内，而且不需要用“文章内容总结”之类的开头。好的，我得先仔细看看这篇文章讲了什么。 文章主要讲的是美国网络安全和基础设施安全局（CISA）将Adobe、Fortinet、微软Exchange Server和Windows的一些漏洞加入到他们的已知被利用漏洞目录中。具体来说，提到了几个CVE编号，比如CVE-2026-34621、CVE-2012-1854等，这些漏洞涉及 Prototype Pollution、DLL hijacking、SQL注入等问题。 然后，CISA要求联邦机构在2026年4月27日之前修复这些漏洞，除了CVE-2026-21643要在4月16日前修复。专家还建议私营组织检查目录并修复漏洞。 好的，现在我需要把这些信息浓缩到一百个字以内。要抓住关键点：CISA新增了哪些公司的漏洞，具体的漏洞类型，以及修复的截止日期。 可能的结构是：CISA新增了Adobe、Fortinet、微软的多个高危漏洞至目录，并设定了修复期限。 再检查一下有没有遗漏的重要信息。比如，Adobe Acrobat Reader的Prototype Pollution漏洞和Fortinet的SQL注入漏洞都是比较严重的。还有微软的Exchange Server和Windows的问题。 所以总结的时候要提到这些公司和漏洞类型，并说明CISA设定了修复期限。这样就能在有限的字数内传达主要信息了。 美国网络安全机构CISA将Adobe、Fortinet、微软Exchange Server和Windows的多个高危漏洞加入已知被利用漏洞目录，并设定修复期限以应对潜在攻击风险。

嗯，用户让我总结一下这篇文章的内容，控制在一百个字以内，而且不需要用“文章内容总结”或者“这篇文章”这样的开头。直接写描述就行。 首先，我需要仔细阅读文章。文章提到深圳坪山区的一个立体车库发生了火灾，时间是2026年4月14日2时48分。消防部门迅速赶到现场扑灭了火势，没有人员伤亡。有网民误以为是比亚迪工厂着火，但比亚迪回应说火灾发生在他们的立体车库，那里停放的是试验和报废车辆。 接下来，我要把这些信息浓缩到一百字以内。要包含时间、地点、事件、结果以及比亚迪的回应。同时要避免使用开头的常用语。 可能的结构是：时间地点发生火灾，消防扑灭无伤亡，网民误以为比亚迪工厂着火，比亚迪澄清情况。 这样应该能控制在一百字以内。 深圳坪山区一立体车库发生火灾，火势已扑灭无人员伤亡。网民误传为比亚迪工厂起火，比亚迪回应称火情发生在其园区立体车库内。

A vulnerability, which was classified as critical, has been found in sigstore timestamp-authority up to 2.0.5. This issue affects some unknown processing. This manipulation causes improper certificate validation. This vulnerability is registered as CVE-2026-39984. Remote exploitation of the attack is possible. No exploit is available. It is advisable to upgrade the affected component.

A vulnerability classified as critical was found in Apache PDFBox Examples up to 2.0.36/3.0.7. This vulnerability affects unknown code of the component ExtractEmbeddedFiles. The manipulation results in path traversal. This vulnerability is cataloged as CVE-2026-33929. The attack may be launched remotely. There is no exploit available. Upgrading the affected component is advised.

A vulnerability classified as problematic has been found in Apache APISIX up to 3.14.x. This affects an unknown part of the component tencent-cloud-cls. The manipulation leads to cleartext transmission of sensitive information. This vulnerability is listed as CVE-2026-31924. The attack may be initiated remotely. There is no available exploit. It is recommended to upgrade the affected component.

Fake Claude website impersonates Anthropic and delivers PlugX RAT via ZIP download using DLL sideloading. A fake website impersonating Anthropic’s Claude service was found distributing the PlugX remote access trojan, according to Malwarebytes. The rogue site abuses the chatbot’s popularity to trick users into downloading a ZIP archive presented as a “pro version” installer. The […]

好的，我现在需要帮用户总结一篇文章的内容，控制在100字以内，并且不需要特定的开头。首先，我得通读整篇文章，抓住主要信息。 文章讲的是一个假的Claude AI安装网站，它利用DLL侧加载技术传播PlugX远程访问木马。这个假网站模仿了Anthropic的官方网站，诱导用户下载ZIP文件，里面包含一个伪装成合法安装程序的恶意软件。 恶意软件通过DLL侧加载执行，使用合法的G DATA更新器来加载恶意DLL，从而部署PlugX。攻击者还采取了自我删除机制，减少被发现的可能性。此外，PlugX常用于网络间谍活动，这次攻击结合了AI主题来欺骗用户。 总结时要包括：假网站、 DLL侧加载、 PlugX RAT、 模仿Claude服务、 下载ZIP文件、 隐蔽执行和自我删除机制。这些要点要简洁明了地表达出来，确保在100字以内。 Fake Claude AI installer滥用DLL侧加载技术传播PlugX远程访问木马。该恶意网站伪装成Anthropic的Claude服务，诱导用户下载ZIP文件以获取“专业版”安装程序。恶意软件通过DLL侧加载执行，并利用合法G DATA更新器加载恶意DLL以部署PlugX。攻击者还采用自删除机制隐藏痕迹，减少系统可见性。

OpenAI CEO Sam Altman 过去几天遭遇了两次袭击。第一次是一名男子朝他在旧金山的住宅扔燃烧瓶，并在 OpenAI 总部大楼前发口头威胁；第二次是有人在汽车内朝 Altman 的家开枪。三位嫌疑人都遭到了逮捕。扔燃烧瓶的嫌疑人是 20 岁的 Daniel Moreno-Gama，FBI 搜查了他在德州的家。Moreno-Gama 还被发现在 Substack 上撰写博客表达对 AI 的担忧以及反对 AI 高管。他还是 Discord 服务器 PauseAI 的成员，该组织是一个致力于禁止开发最强大的 AI 模型以保护公众的激进组织。Moreno-Gama 被捕时携带了一份文件，表达对 AI 以及 AI 公司高管的反对立场，他本人此前并没有犯罪记录。

好的，我现在需要帮用户总结一篇文章，控制在100字以内，而且不需要特定的开头。首先，我得仔细阅读文章内容。 文章讲的是OpenAI CEO山姆·阿尔特曼最近遭遇了两次袭击。第一次有人向他的旧金山住宅扔燃烧瓶，并在总部大楼前威胁。第二次有人开车向他的家开枪。三名嫌疑人被逮捕，其中扔燃烧瓶的是20岁的丹尼尔·莫雷诺-加马。FBI搜查了他的德州住处，发现他曾在Substack上写博客表达对AI的担忧，并反对AI高管。他还是Discord服务器PauseAI的成员，该组织致力于禁止开发最强AI模型以保护公众。被捕时他携带了一份反对AI和高管的文件，之前没有犯罪记录。 接下来，我需要提炼关键信息：袭击事件、嫌疑人背景、他们的动机以及结果。然后用简洁的语言把这些点连贯起来。 可能的结构是：阿尔特曼遭遇两次袭击，嫌疑人被逮捕，其中一人是反AI组织成员，曾发表反对言论，并携带相关文件。 最后检查字数是否在100字以内，并确保语言流畅自然。 Sam Altman遭遇两次袭击，三名嫌疑人被捕。其中一名男子向其旧金山住宅扔燃烧瓶并在总部大楼前威胁；另一次有人开车向其家开枪。扔燃烧瓶者为20岁男子Daniel Moreno-Gama，FBI搜查其德州住处发现其为反AI组织成员并发表反对言论。

A vulnerability described as problematic has been identified in Apache APISIX up to 3.14.x. Affected by this issue is some unknown functionality of the component Openid-connect. Executing a manipulation of the argument tls_verify can lead to cleartext transmission of sensitive information. This vulnerability is tracked as CVE-2026-31923. The attack can be launched remotely. No exploit exists. Upgrading the affected component is recommended.

A vulnerability marked as critical has been reported in Apache APISIX up to 3.15.0. Affected by this vulnerability is an unknown functionality of the component Forward Auth Plugin. Performing a manipulation results in injection. This vulnerability is identified as CVE-2026-31908. The attack can be initiated remotely. There is not any exploit available. It is suggested to upgrade the affected component.

A vulnerability labeled as critical has been found in vendidero Germanized for WooCommerce Plugin up to 3.20.5 on WordPress. Affected is an unknown function of the component Shortcode Handler. Such manipulation of the argument account_holder leads to code injection. This vulnerability is referenced as CVE-2026-2582. It is possible to launch the attack remotely. No exploit is available.