Aggregator

经验丰富的攻击者拿到一份泄露的 kubeconfig（cluster-admin 权限）后，第一件事可能不是立阅读更多

Check Point says a critical vulnerability in its Remote Access VPN and Mobile Access solutions has been exploited by Qilin

特朗普签署关于人工智能的第11号国家安全总统备忘录

开源软件供应链投毒越演越烈

Самый безопасный маршрут внезапно оказался «протоптанной дорожкой» для атаки.

Speaking at Infosecurity Europe, Ashish Shrestha, former CISO at Jaguar Land Rover revealed why he wanted over 30,000 employees to change their passwords in the immediate aftermath of the incident

速修复

速修复

F6 зафиксировала более 220 атак программ-вымогателей в России за январь–май 2026 года.

气候中心（Climate Central）发布分析结果称，美加墨世界杯比赛将遭遇全球变暖带来的高温天气，球员表现受到负面影响的可能性升高。此次世界杯将在 16 个场馆共举行 104 场比赛，其中 97 场比赛可能出现导致恢复能力等下降的炎热天气。不仅球员的健康风险上升，比赛的质量也可能受到影响。本届世界杯由美国、墨西哥、加拿大共同主办，赛程为当地时间 6 月 11 日至 7 月 19 日。基于以往数据对赛事期间气温的预测显示，有较高概率在 97 场比赛中出现超过 28 度的气温。此前研究指出，超过 28 度会对球员的跑动速度、距离与恢复时间产生影响，也会影响到战术和比赛风格。

美国企业在强推 AI 之际公众对 AI 的抵触情绪也日益高涨。现在一名叫 Erin Maus 的 34 岁软件工程师找到了一种变通方法，以宗教理由豁免于使用 AI。她信仰普救一位神教（Unitarian Universalism），这是一个开明、包容的宗教，接受多元化和互联性，致力促进个人灵性成长。她以 AI 的环境和伦理问题为由称使用 AI 与其宗教信仰不符。她的雇主上个月批准了宗教豁免。Maus 说，她现在仍然手写代码，自己审查代码，就和两年前一样。

CISA has ordered U.S. government agencies to secure their Check Point Remote Access VPN and Mobile Access deployments against a critical vulnerability exploited in zero-day attacks by Qilin ransomware affiliates. [...]

Meta’s WhatsApp demands contempt ruling after users report NSO Group-linked phishing

Представители индустрии рискуют оказаться запертыми в тесном цифровом контуре.

A vulnerability was found in Huawei HarmonyOS 6.1.0. It has been classified as critical. This affects an unknown function of the component Package Management Module. Performing a manipulation results in improper access controls. This vulnerability is known as CVE-2026-41984. Attacking locally is a requirement. No exploit is available.

A vulnerability was found in Huawei HarmonyOS 5.1.0/6.0.0/6.1.0 and classified as critical. The impacted element is an unknown function of the component IPC Module. Such manipulation leads to use after free. This vulnerability is traded as CVE-2026-41982. The attack may be launched remotely. There is no exploit available.

A vulnerability has been found in Huawei HarmonyOS 5.1.0/6.0.0/6.1.0 and classified as critical. The affected element is an unknown function of the component IPC Module. This manipulation causes heap-based buffer overflow. This vulnerability appears as CVE-2026-41981. The attack requires local access. There is no available exploit.

A vulnerability, which was classified as problematic, was found in Huawei HarmonyOS and EMUI 4.0.0/4.2.0/4.3.0/4.3.1. Impacted is an unknown function of the component Log Service. The manipulation results in integer overflow. This vulnerability is reported as CVE-2026-41977. The attack requires a local approach. No exploit exists.

A vulnerability, which was classified as critical, has been found in Huawei HarmonyOS and EMUI. This issue affects some unknown processing. The manipulation leads to permission issues. This vulnerability is documented as CVE-2026-41976. The attack needs to be performed locally. There is not any exploit available.