Aggregator

用微信发信息是我们熟悉到几乎成为本能反应的日常操作，不过作为国民应用，微信为了保证人人可用的普适性，也一直保持着极为克制的功能更新节奏。直到七年前鸟巢那场颇具争议的「灾难级」发布会上，锤子 TNT 次

近期 Dirty Frag Linux 本地提权（LPE）漏洞的一个新变种细节曝光，该变种可让本地攻击者获取 root 权限，这也是两周内 Linux 内核中发现的第三个此类漏洞。   这个安全漏洞代号为 Fragnesia，编号为 CVE - 2026 - 46300（CVSS 评分：7.8），源于 Linux 内核的 XFRM ESP - in - TCP 子系统，由 V12 安全团...

error code: 1003

Researchers disclosed two new Windows zero-days named YellowKey and GreenPlasma affecting BitLocker and the CTFMON framework. A security researcher known as Chaotic Eclipse, also called Nightmare-Eclipse, disclosed two new Windows zero-day vulnerabilities named YellowKey and GreenPlasma. The flaws affect BitLocker and the Windows Collaborative Translation Framework (CTFMON). YellowKey could allow attackers to bypass BitLocker protections, […]

网络安全研究人员披露了多个影响 NGINX Plus 和 NGINX Open 的安全漏洞，其中包括一个长达 18 年未被发现的严重漏洞。   该漏洞由 depthfirst 发现，是一个影响 ngx_http_rewrite_module 的堆缓冲区溢出问题（CVE - 2026 - 42945，CVSS v4 评分：9.2），攻击者可利用此漏洞通过特制请求实现远程代码执行或造成拒绝服...

error code: 1003

This is a Guest Diary by Gokul Prema Thangavel, an ISC intern as part of the SANS.edu Bachelor Degr

通过开源 Shai-Hulud，TeamPCP 扩展了其访问代理管道，虽千元奖金难吸引顶级黑客，却给开源生态带来了危险的跟风攻击浪潮。

速修复

速修复

5月15日零点，苹果手机突然降价，iPhone 17 Pro迎来史上最低价，正式进入6000元档位。iPhone17更是迎来上市后首次降价，多重补贴以旧换新到手价只要4499元。京东Apple产品自营

This TSUBAME Report Overflow series discuss monitoring trends of overseas TSUBAME sensors and other activities which the Internet Threat Monitoring Quarterly Reports do not include. This article covers the monitoring results for the period October to December 2025. Suspicious Packets...

Microsoft has disclosed a new security vulnerability impacting on-premise versions of Exchange Server that it said has come under active exploitation in the wild. The vulnerability, tracked as CVE-2026-42897 (CVSS score: 8.1), has been described as a spoofing bug stemming from a cross-site scripting flaw. An anonymous researcher has been credited with discovering and reporting the issue. "

A vulnerability was found in Fujitsu Musetheque. It has been classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross-site request forgery. This vulnerability is referenced as CVE-2026-28761. Remote exploitation of the attack is possible. No exploit is available.

A vulnerability was found in mlflow up to 3.9.x and classified as critical. Affected by this vulnerability is the function _find_fastapi_validator of the component Job API. Executing a manipulation can lead to authentication bypass by primary weakness. The identification of this vulnerability is CVE-2026-2652. The attack may be launched remotely. There is no exploit available. It is suggested to upgrade the affected component.

A vulnerability has been found in Fujitsu Musetheque up to 2203.0 and classified as problematic. Affected is an unknown function. Performing a manipulation results in cross site scripting. This vulnerability was named CVE-2026-24662. The attack may be initiated remotely. There is no available exploit.

A vulnerability, which was classified as critical, was found in Linux Kernel up to 6.12.87/6.18.29/7.0.6/7.1-rc2. This impacts the function smb_inherit_dacl of the component ksmbd. Such manipulation leads to buffer overflow. This vulnerability is uniquely identified as CVE-2026-43490. The attack can only be initiated within the local network. No exploit exists. You should upgrade the affected component.