Aggregator

好，我现在需要帮用户总结这篇文章的内容，控制在100字以内。首先，我得通读整篇文章，抓住关键点。 文章讲的是Crunchyroll发生了数据泄露事件，黑客声称窃取了680万人的个人信息。Crunchyroll正在调查，并提到泄露的信息主要来自客服工单，涉及第三方供应商Telus International的员工。攻击者通过感染员工电脑获取凭证，访问了多个应用系统，下载了800万条工单记录。虽然没有信用卡详细信息的大规模泄露，但部分信息可能被暴露。黑客索要赎金但未得到回应。 接下来，我需要把这些信息浓缩到100字以内。要确保包括Crunchyroll、数据泄露、680万人、第三方供应商、客服工单、攻击手段、赎金要求等关键点。 可能会这样组织句子：Crunchyroll遭遇数据泄露，680万用户信息被窃取。事件源于第三方供应商员工账户被入侵，导致客服工单数据外泄。黑客索要500万美元赎金未果。 这样既涵盖了主要事件、原因和后果，又控制在了字数限制内。 知名动漫流媒体平台Crunchyroll遭遇数据泄露事件，约680万名用户个人信息被窃取。此次事件源于第三方供应商员工账户被入侵，导致客服工单数据外泄。攻击者索要500万美元赎金未果。

A vulnerability identified as critical has been detected in Indico up to 3.3.11. The affected element is an unknown function of the file indico.conf of the component LaTeX Handler. The manipulation leads to os command injection. This vulnerability is referenced as CVE-2026-33046. Remote exploitation of the attack is possible. No exploit is available. You should upgrade the affected component.

A vulnerability categorized as problematic has been discovered in OpenClaw up to 2026.3.6. Impacted is an unknown function of the file /acp. Executing a manipulation can lead to incorrect authorization. The identification of this vulnerability is CVE-2026-27646. The attack can only be executed locally. There is no exploit available. It is advisable to upgrade the affected component.

HackerNews 编译，转载请注明出处： 半导体服务企业Trio-Tech International披露，其位于新加坡的子公司遭到勒索软件攻击。 该公司在向美国证券交易委员会（SEC）提交的文件中表示，事件发生于3月11日，导致其网络内部分文件被加密。 Trio-Tech称，该子公司立即启动应急响应程序，主动将系统下线以控制事态蔓延。此外，子公司还在第三方网络安全专家协助下展开调查，并通知了执法部门。 “该子公司正采取措施控制事件、恢复受影响系统，并加强整个网络环境的监控。同时正在按适用法律要求通知受影响方，”公司在文件中写道。 Trio-Tech最初认为该事件不会造成重大影响，但攻击者随后公布了从其网络窃取的部分数据，”管理层因此认定该事件可能构成重大网络安全事件”。 公司表示调查仍在进行中，尚未确定可能受影响数据的全部范围。”该子公司还在与其网络保险提供商密切合作，以支持调查、修复及潜在的理赔流程，”Trio-Tech补充道。 公司未透露攻击者身份细节，但Gunra勒索软件团伙已在其Tor泄露网站上将Trio-Tech列入受害者名单。 SecurityWeek已向Trio-Tech发送邮件，寻求关于攻击者声明的更多信息，如获回复将更新本文。 总部位于加州的Trio-Tech International提供半导体后端解决方案（SBS），包括制造、测试和分销服务，以及工业电子设备。该公司在美国、中国、马来西亚、新加坡和泰国均设有办事处。 消息来源：securityweek.com； 本文由 HackerNews.cc 翻译整理，封面来源于网络； 转载请注明“转自 HackerNews.cc”并附上原文

好，我现在需要帮用户总结一篇文章，控制在100字以内。首先，我得仔细阅读文章内容，抓住关键信息。 文章讲的是Trio-Tech International的子公司在新加坡遭到勒索软件攻击。事件发生在3月11日，导致部分文件被加密。公司立即启动应急响应，下线系统，并与第三方专家合作调查，还通知了执法部门。攻击者泄露了部分数据，公司认为这可能构成重大事件。目前调查仍在进行中，公司正在与保险公司合作处理理赔，并未透露攻击者身份，但Gunra团伙声称是他们干的。 接下来，我需要把这些信息浓缩到100字以内。重点包括：子公司被勒索软件攻击、时间、影响、应对措施、数据泄露、重大事件认定、调查进展和保险合作。 可能的结构：Trio-Tech子公司遭受勒索软件攻击，导致文件加密；公司采取应急措施并展开调查；攻击者泄露数据，可能构成重大事件；调查中，与保险公司合作；Gunra团伙声称责任。 现在组合成一个连贯的句子： Trio-Tech子公司遭遇勒索软件攻击，部分文件被加密；公司启动应急程序并展开调查；攻击者泄露数据，可能构成重大事件；调查仍在进行中，并与保险公司合作处理理赔；Gunra团伙声称对此负责。 检查字数是否在100字以内。看起来没问题。 Trio-Tech International位于新加坡的子公司遭遇勒索软件攻击，导致部分文件被加密。公司迅速启动应急响应程序，并在第三方专家协助下展开调查。攻击者随后泄露了部分数据，可能构成重大网络安全事件。目前调查仍在进行中，并与网络保险提供商合作处理理赔事宜。

A vulnerability was found in expresstech Quiz and Survey Master Plugin up to 10.3.5 on WordPress. It has been rated as critical. This issue affects the function sanitize_text_field of the component Parameter Handler. Performing a manipulation of the argument wpdb results in sql injection. This vulnerability was named CVE-2026-2412. The attack may be initiated remotely. There is no available exploit. Upgrading the affected component is advised.

A vulnerability was found in thimpress LearnPress Plugin up to 4.3.2.8 on WordPress. It has been declared as problematic. This vulnerability affects the function delete_question_answer. Such manipulation leads to missing authorization. This vulnerability is uniquely identified as CVE-2026-3225. The attack can be launched remotely. No exploit exists. It is recommended to upgrade the affected component.

A vulnerability was found in wpjobportal WP Job Portal Plugin up to 2.4.8 on WordPress. It has been classified as critical. This affects an unknown part of the component Parameter Handler. This manipulation of the argument radius causes sql injection. This vulnerability is handled as CVE-2026-4306. The attack can be initiated remotely. There is not any exploit available. Upgrading the affected component is recommended.

A vulnerability was found in inc2734 Smart Custom Fields Plugin up to 5.0.6 on WordPress and classified as problematic. Affected by this issue is the function relational_posts_search. The manipulation results in missing authorization. This vulnerability is known as CVE-2026-4066. It is possible to launch the attack remotely. No exploit is available.

A vulnerability has been found in OpenClaw up to 2026.3.6 and classified as critical. Affected by this vulnerability is an unknown functionality of the component Header Validation Handler. The manipulation leads to insufficiently protected credentials. This vulnerability is traded as CVE-2026-32913. It is possible to initiate the attack remotely. There is no exploit available. The affected component should be upgraded.

A vulnerability, which was classified as problematic, was found in rails actionpack up to 8.1/8.1.2.1. Affected is the function consider_all_requests_local. Executing a manipulation can lead to cross site scripting. This vulnerability appears as CVE-2026-33167. The attack may be performed from remote. There is no available exploit. You should upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in OpenClaw up to 2026.3.6. This impacts an unknown function. Performing a manipulation results in incorrect authorization. This vulnerability is reported as CVE-2026-27183. The attack requires a local approach. No exploit exists. It is advisable to upgrade the affected component.

A vulnerability classified as problematic was found in rails activesupport. This affects the function html_unsafe. Such manipulation leads to cross site scripting. This vulnerability is documented as CVE-2026-33170. The attack can be executed remotely. There is not any exploit available. Upgrading the affected component is advised.

A vulnerability classified as critical has been found in wpeverest User Registration & Membership Plugin up to 5.1.4 on WordPress. The impacted element is the function check_permissions of the component REST API Endpoint. This manipulation causes missing authorization. This vulnerability is registered as CVE-2026-4056. Remote exploitation of the attack is possible. No exploit is available. It is recommended to upgrade the affected component.

A vulnerability described as critical has been identified in StellarWP LearnDash LMS Plugin up to 5.0.3 on WordPress. The affected element is an unknown function of the component AJAX Action Handler. The manipulation of the argument filters[orderby_order] results in sql injection. This vulnerability is cataloged as CVE-2026-3079. The attack may be launched remotely. There is no exploit available.

A vulnerability marked as critical has been reported in aquasecurity setup-trivy, trivy-action and trivy up to 0.2.5. Impacted is an unknown function. The manipulation leads to embedded malicious code. This vulnerability is listed as CVE-2026-33634. The attack may be initiated remotely. There is no available exploit. It is suggested to upgrade the affected component.

A vulnerability labeled as critical has been found in PTC Windchill PDMLink and FlexPLM up to 13.1.3.0. This issue affects some unknown processing. Executing a manipulation can lead to code injection. This vulnerability is tracked as CVE-2026-4681. The attack can be launched remotely. No exploit exists.

A vulnerability identified as problematic has been detected in rails activesupport. This vulnerability affects unknown code of the component Regular Expression Handler. Performing a manipulation results in resource consumption. This vulnerability is identified as CVE-2026-33169. The attack can be initiated remotely. There is not any exploit available. You should upgrade the affected component.

A vulnerability categorized as problematic has been discovered in rails activesupport. This affects an unknown part. Such manipulation leads to resource consumption. This vulnerability is referenced as CVE-2026-33176. It is possible to launch the attack remotely. No exploit is available. It is advisable to upgrade the affected component.

A vulnerability was found in artbees Jupiter X Core Plugin up to 4.14.1 on WordPress. It has been rated as critical. Affected by this issue is the function import_popup_templates. This manipulation causes unrestricted upload. The identification of this vulnerability is CVE-2026-3533. It is possible to initiate the attack remotely. There is no exploit available.