Aggregator

为深入贯彻党中央、国务院决策部署，落实中央经济工作会议、中央金融工作会议精神，推动银行业保险业扎实做好人工智能技术应用和风险防控，金融监管总局近日发布《关于银行业保险业人工智能安全开发应用的指导意见》。

意见反馈截止时间为2026年7月18日。

在平台社会背景下，互联网已深度嵌入未成年人的学习、社交与日常生活，成为影响其成长轨迹的重要环境变量。“罪错未成年人”这一概念将实施了从轻微不良行为到严重犯罪等一系列越轨行为的未成年人，整体纳入重点教育、矫治与保护的关注范畴。

Cybersecurity company F5 has released out-of-band security updates to address multiple NGINX web server vulnerabilities, including two critical-severity flaws that could allow attackers to execute code on vulnerable systems. [...]

A vulnerability was found in Google Chrome. It has been rated as problematic. Impacted is an unknown function of the component Passwords. This manipulation causes permissive cross-domain policy with untrusted domains. This vulnerability is tracked as CVE-2026-12446. The attack is possible to be carried out remotely. No exploit exists. Upgrading the affected component is advised.

A vulnerability has been found in OpenCPN 5.12.0 and classified as critical. This affects the function wxExecute. The manipulation leads to code injection. This vulnerability is documented as CVE-2025-56814. The attack needs to be performed locally. There is not any exploit available.

A vulnerability, which was classified as critical, has been found in Mozilla Firefox up to 151. This issue affects some unknown processing. The manipulation leads to memory corruption. This vulnerability is traded as CVE-2026-12326. It is possible to initiate the attack remotely. There is no exploit available. It is advisable to upgrade the affected component.

A vulnerability labeled as problematic has been found in Google Chrome on Windows. This vulnerability affects unknown code of the component WebRTC. Such manipulation leads to out-of-bounds read. This vulnerability is listed as CVE-2026-12461. The attack may be performed from remote. There is no available exploit. The affected component should be upgraded.

A vulnerability was found in Google Chrome on Windows. It has been declared as critical. The impacted element is an unknown function of the component Chromoting. Such manipulation leads to use after free. This vulnerability is referenced as CVE-2026-12449. It is possible to launch the attack remotely. No exploit is available. It is recommended to upgrade the affected component.

三个微软在 2011 年颁发的安全启动 (Secure Boot) 证书将于 6 月 24 日过期。安全启动检查系统启动期间加载的所有固件的数字签名，确保其来自可信提供商。安全启动旨在设计阻止会纂改 UEFI 的恶意程序 UEFI bootkits，一旦安装此类恶意程序很难检测到，即使重装系统也没用。安全启动使用加密签名确保启动过程中加载的每个固件都受到计算机制造商的信任，它旨在建立信任链，防止攻击者用恶意固件替换预期的启动固件。但在 2023 年研究人员发现了存在于几乎所有 Windows 和 Linux 系统 UEFI 启动过程中的严重漏洞 LogoFail。该漏洞存在于启动时显示硬件制造商徽标的软件中，攻击者能利用其图像解析 bug 绕过安全启动，用恶意固件感染 UEFI。微软因此移除了三个在 2011 年颁发的旧证书，用 2023 年颁发的新证书取代。Windows 用户可通过 Windows 安全设置 > 设备安全性 > 安全启动 去检查证书是否已经更新。Linux 用户可关注名叫 shim 的程序更新。

CloudSEK maps Operation Escaneo, a campaign hitting Latin American infrastructure via perimeter bugs

让链上风险分析从结果判断走向过程可解释。

A vulnerability was found in OX Software OX App Suite up to 7.10.6. It has been classified as critical. Affected by this issue is some unknown functionality. This manipulation causes server-side request forgery. This vulnerability is registered as CVE-2022-37313. Remote exploitation of the attack is possible. No exploit is available. Upgrading the affected component is recommended.

A vulnerability was found in OX Software OX App Suite up to 7.10.6. It has been declared as problematic. This affects an unknown part. Such manipulation leads to resource consumption. This vulnerability is documented as CVE-2022-37312. The attack can be executed remotely. Additionally, an exploit exists. It is recommended to upgrade the affected component.

A vulnerability was found in OX Software OX App Suite up to 7.10.6. It has been rated as problematic. This vulnerability affects unknown code. Performing a manipulation results in resource consumption. This vulnerability is reported as CVE-2022-37311. The attack is possible to be carried out remotely. Moreover, an exploit is present. Upgrading the affected component is advised.

Отключение управляющего сервера больше не означает завершение атаки.

A vulnerability has been found in joomlacontenteditor Content Editor Extension up to 2.9.99.4 on Joomla and classified as critical. Affected by this issue is some unknown functionality of the component JCE Editor Extension. This manipulation causes improper access controls. This vulnerability is registered as CVE-2026-48907. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

A vulnerability has been found in libssh2 up to 1.11.1 and classified as problematic. Affected by this issue is the function _libssh2_get_string of the file src/packet.c of the component SSH_MSG_EXT_INFO Handler. This manipulation causes infinite loop. The identification of this vulnerability is CVE-2026-55199. It is possible to initiate the attack remotely. There is no exploit available. The affected component should be upgraded.