Aggregator

加州年龄验证法律的修正案将豁免大部分 Linux 发行版和自由开源软件。年龄验证法律要求操作系统提供商在设置询问用户年龄。该法案的修改版 AB-1856 缩小了适用的操作系统提供商和应用程序的范围：(2) “操作系统提供商”不包括在许可条款允许接收方复制、重新分发和修改该软件的情况下，分发操作系统或应用程序的个人或实体。(2) “应用程序”不包括其本身并未作为独立可执行应用程序、通过受监管的应用程序商店向消费者提供的软件组件。Valve 的 SteamOS 平台仍然受到影响，因为它的 Steam 客户端是受监管的应用商店。

North Korea’s adversarial presence within the digital theater has transcended the legacy paradigm of isolated, decentralized hacking collectives. Per comprehensive threat intelligence compiled by Krypt3ia, the state’s offensive cyber apparatus has evolved into a...

The post The Consolidation of North Korean Cyber Doctrine: From Fragmented Threat Actors to a Unified Cyber Ecosystem appeared first on Information Security News.

The state-sponsored North Korean threat syndicate designated as Void Dokkaebi has fundamentally recalibrated the delivery architecture of its flagship backdoor, InvisibleFerret, systematically elevating its defensive evasion capabilities. The adversaries have abandoned the distribution of...

The post The Evolutionary Stratagem of Void Dokkaebi: Analyzing the Cythonized Mutation of InvisibleFerret appeared first on Information Security News.

华为τ定律的战略意义

85 операторов оштрафованы за молчание об IP-адресах.

The ShinyHunters extortion gang stole the personal information of over 183,000 people after hacking the systems of convenience store chain giant 7-Eleven in April, according to data breach notification service Have I Been Pwned. [...]

雷神众测拥有该文章的修改和解释权。如欲转载或传播此文章，必须保证此文章的副本，包括版权声明等全部内容。声明雷神众测允许，不得任意修改或增减此文章内容，不得以任何方式将其用于商业目的。

An illicit ledger advertised within subterranean cybercrime forums is currently being cross-examined by security researchers following assertions that it encapsulates 340 million sensitive user records harvested from OnlyFans. While the preliminary manifesto suggested a...

The post The Proliferation of Synthetic Telemetry: Unmasking the Alleged OnlyFans Mass Exfiltration Campaign appeared first on Information Security News.

当行业还在卷参数和评测榜单时，一家港股 AI 医疗公司用 12 年沉淀，把 AI 真正「焊」进了三甲医院的诊疗工作流——并率先跑通了商业闭环。

​AI 算力的下一个增长点，在互连。

A vulnerability labeled as critical has been found in Totolink N300RH 6.1c.1353_B20190305. Affected is the function setPasswordCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Such manipulation of the argument admpass leads to os command injection. This vulnerability is documented as CVE-2026-9543. The attack can be executed remotely. Additionally, an exploit exists.

A vulnerability marked as critical has been reported in Shenzhen Sixun Software Sixun Shanghui Group Business Management System 10. Affected by this vulnerability is an unknown functionality of the file /api/Dinner/PayConfig. Performing a manipulation of the argument tableno results in sql injection. This vulnerability is reported as CVE-2026-9544. The attack is possible to be carried out remotely. Moreover, an exploit is present. The vendor was contacted early about this disclosure but did not respond in any way.

发布时间: 2026-0

A vulnerability labeled as critical has been found in Totolink N300RH 6.1c.1353_B20190305. Affected is the function setPasswordCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Such manipulation of the argument admpass leads to os command injection. This vulnerability is documented as CVE-2026-9543. The attack can be executed remotely. Additionally, an exploit exists.

A vulnerability identified as problematic has been detected in pacote up to 11.2.7. This impacts the function addGitSha. This manipulation causes inefficient regular expression complexity. This vulnerability is registered as CVE-2026-9496. Remote exploitation of the attack is possible. No exploit is available.

Submit #815425 / VDB-365608

Submit #815070 / VDB-201881

Submit #815069 / VDB-201880

A vulnerability categorized as problematic has been discovered in Hitachi Ops Center Analyzer, Ops Center Analyzer viewpoint and Infrastructure Analytics Advisor. This affects an unknown function. The manipulation results in missing password field masking. This vulnerability is cataloged as CVE-2026-3314. An attack on the physical device is feasible. There is no exploit available. It is advisable to upgrade the affected component.