Aggregator

伊朗黑客瞄准韩国大型电子制造商

HackerNews
1 month ago
与伊朗有关联的黑客组织 MuddyWater(又名 “种子蠕虫” Seedworm、“静态小猫” Static Kitten )发起了一场大规模的网络间谍活动,目标至少涉及多个行业和国家的 9 家知名机构。   受害者包括韩国一家大型电子制造商、政府机构、中东的一个国际机场、亚洲的工业制造商以及教育机构。   赛门铁克(Syman...
hackernews

CVE-2026-7925 | Google Chrome up to 147.0.7727.138 on Windows Chromoting use after free (ID 501833 / Nessus ID 312822)

Vuldb Updates
1 month ago
A vulnerability marked as critical has been reported in Google Chrome on Windows. This issue affects some unknown processing of the component Chromoting. The manipulation leads to use after free. This vulnerability is listed as CVE-2026-7925. The attack must be carried out locally. There is no available exploit. It is suggested to upgrade the affected component.
vuldb.com

CVE-2026-7922 | Google Chrome up to 147.0.7727.138 ServiceWorker use after free (WID-SEC-2026-1394)

Vuldb Updates
1 month ago
A vulnerability has been found in Google Chrome and classified as critical. The affected element is an unknown function of the component ServiceWorker. This manipulation causes use after free. The identification of this vulnerability is CVE-2026-7922. It is possible to initiate the attack remotely. There is no exploit available. The affected component should be upgraded.
vuldb.com

用 Obsidian Web Clipper,让豆瓣种草更容易

不安全
1 month ago
在上一篇文章中,我把我的豆瓣阅读清单导入到了 Obsidian 中,运用(那时候)新出的 Base 功能管理自己的阅读清单和书籍相关的笔记。朋友们在文章下方也提供了不少新的思路(例如:插件)。但有一个

罕见“联手”:苹果声援谷歌反对欧盟AI新规

不安全
1 month ago
苹果公司正式向欧盟委员会提交意见,公开批评欧盟近期提出的旨在帮助谷歌遵守《数字市场法案》(DMA)的监管措施。苹果警告称,欧盟拟议的强制谷歌向竞争对手开放人工智能服务的举措,将对用户的隐私、安全、设备

New Fragnesia Linux Kernel LPE Grants Root Access via Page Cache Corruption

The Hackers News
1 month ago
Details have emerged about a new variant of the recent Dirty Frag Linux local privilege escalation (LPE) vulnerability that allows local attackers to gain root access, making it the third such bug to be identified in the kernel within a span of two weeks. Codenamed Fragnesia, the security vulnerability is tracked as CVE-2026-46300 (CVSS score: 7.8) and is rooted in the Linux kernel's XFRM
The Hacker News

CVE-2026-7919 | Google Chrome up to 147.0.7727.138 Aura use after free (WID-SEC-2026-1394)

Vuldb Updates
1 month ago
A vulnerability, which was classified as critical, has been found in Google Chrome. This issue affects some unknown processing of the component Aura. The manipulation leads to use after free. This vulnerability is uniquely identified as CVE-2026-7919. The attack is possible to be carried out remotely. No exploit exists. It is advisable to upgrade the affected component.
vuldb.com

CVE-2026-7921 | Google Chrome up to 147.0.7727.138 Passwords use after free (ID 499062 / WID-SEC-2026-1394)

Vuldb Updates
1 month ago
A vulnerability was found in Google Chrome. It has been classified as critical. Affected by this issue is some unknown functionality of the component Passwords. This manipulation causes use after free. This vulnerability is handled as CVE-2026-7921. The attack can be initiated remotely. There is not any exploit available. Upgrading the affected component is recommended.
vuldb.com

CVE-2026-7917 | Google Chrome up to 147.0.7727.138 on Windows Fullscreen use after free (WID-SEC-2026-1394)

Vuldb Updates
1 month ago
A vulnerability classified as critical has been found in Google Chrome on Windows. This affects an unknown part of the component Fullscreen. Performing a manipulation results in use after free. This vulnerability is known as CVE-2026-7917. Remote exploitation of the attack is possible. No exploit is available. It is recommended to upgrade the affected component.
vuldb.com

Meta 员工抗议公司对其鼠标移动和按键的跟踪

Solidot
1 month ago
Meta 最近开始在美国员工电脑上安装追踪软件,捕捉员工鼠标移动、点击和按键数据以用于训练 AI 模型,此举是该公司构建能自动执行工作任务的 AI 智能体的大计划的一部分。被称为 Model Capability Initiative(MCI)的工具将在工作相关应用和网站上运行,会不定时截取屏幕内容的快照。本周二 Meta 员工在多个办公室散发传单抗议公司的跟踪软件。传单出现在办公室会议室、自动售货机和卫生纸架上,鼓励员工签署一份反对跟踪软件的在线请愿书。传单和请愿书援引了法律 U.S. National Labor Relations Act,称当选择组织起来改善工作条件时员工的行为受到法律保护。

Managed ad