中美两国的 AI 公司采取了不同的发布策略:中国侧重于开源权重模型,美国公司如 OpenAI 和 Anthropic 则采用闭源策略。Hugging Face 前亚太生态系统高管 Tiezhen Wang 表示,OpenAI 和 Anthropic 指责中国 AI 公司蒸馏其模型,他认为蒸馏是中性的,美国 AI 公司是通过抓取互联网上的信息训练模型,它们并非知识的创造者,却试图阻止其他人重复利用知识,有点讽刺。所有 AI 生成的内容都应该没有版权,否则拥有算力的人能滥用权力,生成各种组合内容然后对所有内容都申请版权。他发现中国公司和美国公司在最大化使用 token 上有明显差异,因为中国有很多开源权重模型,其使用成本没有美国大,因此中国互联网公司都鼓励员工最大化使用 token,鼓励员工成为 AI 原生开发者,甚至禁止他们手动完成撰写文档之类的日常工作。
Cybersecurity researchers have flagged two previously undocumented Windows variants of what was believed to be a Linux-only backdoor called SprySOCKS.
"The Windows variants discovered are internally marked as WIN_DRV and WIN_PLUS," ESET said in a report shared with The Hacker News. "Both come with a hard-coded C&C [command-and-control] configuration and support communication over TCP, UDP,
A vulnerability identified as critical has been detected in raszi node-tmp up to 0.2.5. This issue affects some unknown processing of the component Temporary Directory Handler. Performing a manipulation results in path traversal.
This vulnerability is reported as CVE-2026-44705. The attack is possible to be carried out remotely. No exploit exists.
You should upgrade the affected component.
A vulnerability classified as critical was found in Vim up to 9.2.495. This impacts the function stepmatch of the file runtime/ftplugin/cucumber.vim of the component Pattern Handler. Such manipulation leads to code injection.
This vulnerability is uniquely identified as CVE-2026-47167. The attack can be launched remotely. No exploit exists.
Upgrading the affected component is advised.
A vulnerability was found in vim up to 9.2.494. It has been declared as critical. The impacted element is the function NetrwBookHistSave of the file runtime/pack/dist/opt/netrw/autoload/netrw.vim of the component Directory Handler. Executing a manipulation can lead to injection.
This vulnerability is tracked as CVE-2026-47162. The attack can be launched remotely. No exploit exists.
It is recommended to upgrade the affected component.
A vulnerability labeled as critical has been found in Apple macOS up to 15.3. This vulnerability affects unknown code of the component App. Executing a manipulation can lead to symlink following.
This vulnerability is registered as CVE-2025-43278. The attack needs to be launched locally. No exploit is available.
The affected component should be upgraded.
A vulnerability classified as problematic has been found in Apple macOS up to 26.0. The affected element is an unknown function of the component App. This manipulation causes information disclosure.
This vulnerability appears as CVE-2025-46313. The attack requires local access. There is no available exploit.
It is recommended to upgrade the affected component.
A vulnerability, which was classified as critical, has been found in vim up to 9.2.0560. This affects an unknown function of the component Working Directory Handler. Performing a manipulation results in code injection.
This vulnerability is known as CVE-2026-52858. Remote exploitation of the attack is possible. No exploit is available.
It is advisable to upgrade the affected component.
A vulnerability, which was classified as critical, was found in vim up to 9.2.596. This impacts the function exec of the component Command Line Handler. Executing a manipulation can lead to code injection.
This vulnerability is handled as CVE-2026-52860. The attack can be executed remotely. There is not any exploit available.
You should upgrade the affected component.
A vulnerability categorized as problematic has been discovered in vim up to 9.2.564. This issue affects the function update_snapshot of the file src/terminal.c of the component Command Line Handler. Executing a manipulation can lead to out-of-bounds read.
This vulnerability is tracked as CVE-2026-52859. The attack can be launched remotely. No exploit exists.
It is advisable to upgrade the affected component.
A vulnerability was found in OpenClaw up to 2026.5.26. It has been declared as problematic. The affected element is an unknown function. The manipulation results in untrusted search path.
This vulnerability is known as CVE-2026-53819. Attacking locally is a requirement. No exploit is available.
It is recommended to upgrade the affected component.
A vulnerability was found in Google Chrome. It has been rated as problematic. This impacts an unknown function of the component DevTools. This manipulation causes permissive cross-domain policy with untrusted domains.
The identification of this vulnerability is CVE-2026-12024. It is possible to initiate the attack remotely. There is no exploit available.
Upgrading the affected component is advised.
A vulnerability classified as critical was found in Premmerce Dev Tools Plugin up to 2.0 on WordPress. This affects the function generatePluginHandler. Such manipulation of the argument premmerce_plugin_namespace leads to unrestricted upload.
This vulnerability is uniquely identified as CVE-2026-6933. The attack can be launched remotely. No exploit exists.
Upgrading the affected component is advised.
A vulnerability, which was classified as critical, was found in zealopensource Abandoned Contact Form 7 Plugin up to 2.2 on WordPress. This issue affects the function action__remove_abandoned. Executing a manipulation can lead to missing authorization.
The identification of this vulnerability is CVE-2026-9187. The attack may be launched remotely. There is no exploit available.
You should upgrade the affected component.
A vulnerability has been found in mohammadtanzilurrahman Static Block Plugin up to 2.2 on WordPress and classified as problematic. Impacted is the function static_block_content of the component Shortcode Handler. The manipulation of the argument ID leads to authorization bypass.
This vulnerability is referenced as CVE-2026-10780. Remote exploitation of the attack is possible. No exploit is available.
A vulnerability identified as problematic has been detected in Nokia SR Linux up to 23.10.7/24.10.5/25.7.1. Affected by this vulnerability is an unknown functionality. The manipulation leads to Local Privilege Escalation.
This vulnerability is documented as CVE-2025-9912. The attack needs to be performed locally. There is not any exploit available.
You should upgrade the affected component.
A vulnerability was found in WP Review Slider Pro Plugin up to 12.6.8 on WordPress. It has been rated as critical. This impacts the function get_results of the component AJAX Action Handler. Performing a manipulation of the argument curselrevs results in sql injection.
This vulnerability is cataloged as CVE-2026-8444. It is possible to initiate the attack remotely. There is no exploit available.