Aggregator

A vulnerability has been found in MinIO and classified as critical. Affected by this vulnerability is the function extractMetadataFromMime. The manipulation leads to improper authentication. This vulnerability is uniquely identified as CVE-2026-34204. The attack is possible to be carried out remotely. No exploit exists. The affected component should be upgraded.

A vulnerability, which was classified as critical, was found in parse-community parse-server up to 8.6.70/9.7.0. Affected is an unknown function of the component HTTP Range Request Handler. Executing a manipulation can lead to improper authorization. This vulnerability is handled as CVE-2026-34784. The attack can be executed remotely. There is not any exploit available. You should upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in parse-community parse-server up to 8.6.62/9.7.0-alpha.6. This impacts an unknown function of the component Verify Password Endpoint. Performing a manipulation results in information disclosure. This vulnerability is known as CVE-2026-34215. Remote exploitation of the attack is possible. No exploit is available. It is advisable to upgrade the affected component.

A vulnerability classified as critical was found in Nautobot up to 2.4.29/3.0.9. This affects an unknown function of the file nautobot_config.py of the component REST API. Such manipulation leads to weak password requirements. This vulnerability is traded as CVE-2026-34203. The attack may be launched remotely. There is no exploit available. Upgrading the affected component is advised.

A vulnerability classified as problematic has been found in Pegasystems Pega Infinity up to 25.0.x. The impacted element is an unknown function of the component User Interface. This manipulation causes cross site scripting. This vulnerability appears as CVE-2025-62184. The attack may be initiated remotely. There is no available exploit. It is recommended to upgrade the affected component.

A vulnerability described as critical has been identified in Anritsu Remote Spectrum Monitor MS27100A, Remote Spectrum Monitor MS27101A, Remote Spectrum Monitor MS27102A and Remote Spectrum Monitor MS27103A. The affected element is an unknown function. The manipulation results in missing authentication. This vulnerability is reported as CVE-2026-3356. The attack can be launched remotely. No exploit exists.

A vulnerability marked as critical has been reported in Zora Post, Trade, Earn Crypto 2.60.0. Impacted is an unknown function of the component File Import. The manipulation leads to privilege escalation. This vulnerability is documented as CVE-2026-30285. The attack requires being on the local network. There is not any exploit available.

A vulnerability labeled as critical has been found in Lodash up to 4.17.x. This issue affects the function _.unset/_.omit. Executing a manipulation can lead to improperly controlled modification of object prototype attributes. This vulnerability is registered as CVE-2026-2950. It is possible to launch the attack remotely. No exploit is available. The affected component should be upgraded.

A vulnerability identified as critical has been detected in Funambol Zefiro Cloud 32.0.2026011614. This vulnerability affects unknown code. Performing a manipulation results in privilege escalation. This vulnerability is cataloged as CVE-2026-30286. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability categorized as critical has been discovered in Rareprob Video Player Play All Videos 1.0.135. This affects an unknown part. Such manipulation leads to privilege escalation. This vulnerability is listed as CVE-2026-30280. The attack must be carried out from within the local network. There is no available exploit.

2026年03月31日（現地時間）、米国CISAがCISA ICS Advisory / ICS Medical Advisoryを公表しました。

好的，我需要帮用户总结这篇文章的内容，控制在100字以内。首先，文章讲的是作者正在黑一个自动贩卖机。机器的显示屏运行的是安卓系统，有一个固定的应用程序供用户购买商品。 作者发现了一个巧妙的方法，可以通过这个固定的应用程序打开其他应用。他现在几乎可以访问所有东西，除了硬件部分。他拿到了APK文件，并找到了一些关键的硬编码信息，比如可以访问设置、打电话、下载或加载任何应用或代码到机器上。 不过，作者并没有进行逆向工程或编写代码，感觉这个过程还不完整。他想进一步黑掉机器，让产品免费发放。虽然不期待具体的教程，但希望得到一些资源来帮助他学习。 此外，作者已经通知了公司，公司正在和财务团队讨论补偿，并且还给了他毕业后的工作机会。不过他还是想负责任地完成这次黑客行动，并请求专家分享知识。 总结一下：文章描述了作者通过安卓应用黑进自动贩卖机的过程，获得了大量权限但尚未完全控制硬件以实现免费发放产品，并寻求进一步的技术资源。 文章描述了一位黑客通过安卓应用黑进自动贩卖机的过程，获得了大量权限但尚未完全控制硬件以实现免费发放产品，并寻求进一步的技术资源。

Why Remote Access to Industrial Operations Is the Biggest Unmanaged Risk
Remote access has become one of the largest unmanaged attack surfaces in industrial operations. Legacy VPNs and jump servers expose OT environments to serious risk. Learn how Cisco Cyber Vision's Secure Equipment Access can secure vendor and engineer access while protecting critical infrastructure.

A Disorienting Future: Rapid Pace of Change and AI Agents in the Hands of Attackers
Reflecting the current state of cybersecurity, uncertainty dominated at this year's annual RSAC Conference in San Francisco, as advances in artificial intelligence, including agentic artificial intelligence, now pose risks experts never saw coming. It's a disorientating state of affairs for all involved.

AI is accelerating cyberattacks faster than organizations can prioritize them, forcing security leaders to rethink how they define and defend against “emerging threats.” Most modern threats aren’t new, just amplified by AI, says Akamai's Brent Maynard.

TriMed Is Among Several Other Medical Device Firms Recently Attacked
A California maker of implantable orthopedic gear is the latest medical device maker in recent weeks to disclose it's been a victim of a cybersecurity incident. The disclosure of the hack on TriMed comes on the heels of an Iranian hacktivist attack on Stryker and a data theft from UFP Technologies.

Founder and CEO Eric Foster Wants to Reduce Dwell Time and Scale Engineering Teams
Tenex plans to use its $250 million Series B funding to expand its AI-driven SOC platform and hire hundreds of engineers. The company aims to improve alert coverage, automate response and reduce attacker dwell time while maintaining human oversight for complex threats.

Analysts Warn Compliance Goals May Outpace Real Security Outcomes
The Pentagon's zero trust overhaul aims to unify cyber defenses, but with a small percentage of target activities reportedly complete, persistent gaps in identity, data and governance are raising doubts about whether the 2027 deadline will deliver real security gains.

一. 研究背景与核心贡献1.1传统智能体的核心痛点传统智能体遵循预训练加后训练两阶段范式，后训练的监督微调和强

一. 大模型概述2022年，OpenAI 公司推出了名为 ChatGPT [1]的人工智能聊天机器人。