Aggregator

Спецслужбы ищут взломщиков, а люди – работающие автоматы с билетами.

本届大赛以“网络智能防护，开启数字安全新时代”为主题，不仅彰显了我国在实战型网络安全人才培养方面的坚定决心，更标志着我国网络安全人才培养和产学研用生态发展迈入了“数智融合”的新阶段。

RSAC 2026在旧金山拉开帷幕，AI全面渗透所有议题。微软发布Agent 365抢占代理安全制高点，行业热议AI SOC落地与社区协作。

A vulnerability was found in Red Hat Keycloak. It has been rated as critical. This issue affects some unknown processing of the component resource_set Endpoint. The manipulation leads to improper access controls. This vulnerability is traded as CVE-2026-4628. It is possible to initiate the attack remotely. There is no exploit available.

倪海厦老师讲2026丙午年：财神爷只认"土" ——从经济变局到身体养命的全方位生存指南”

OpenClaw 的强大之处在于其插件 Skills 生态，而这恰恰也是其最脆弱的攻击面。本文深入复盘 "ClawHavoc" 等供应链攻击事件，将恶意插件的攻击手法归纳为凭据窃取、远程控制、上下文持久化注入、环境投毒与社会工程学五大类，并逐一剖析其实现原理与防御策略。

3月28日，北京不见不散~

CISA ordered U.S. government agencies to patch three iOS vulnerabilities targeted in cryptocurrency theft and cyberespionage attacks using the DarkSword exploit kit. [...]

A vulnerability was found in itsourcecode Online Enrollment System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /sms/user/index.php?view=add of the component Parameter Handler. Executing a manipulation of the argument Name can lead to sql injection. This vulnerability appears as CVE-2026-4632. The attack may be performed from remote. In addition, an exploit is available.

活动时间：3.23 17:00～4.3   23:59 参与活动需填写问卷报名！

Минцифры решило, кому в России можно законно гуглить «запрещенку».

作者：Nasim Soltani, Shayan Nejadshamsi等 译者：知道创宇404实验室翻译组 原文链接：https://arxiv.org/html/2603.10413v1 摘要 对抗样本会对机器学习（ML）算法构成严重威胁。若被用于操控基于机器学习的网络入侵检测系统（NIDS）行为，将危及网络安全。本研究旨在通过提升网络入侵检测系统对抗对抗攻击的鲁棒性来降低此类风险。为此...

Cybersecurity researchers have uncovered malicious artifacts distributed via Docker Hub following the Trivy supply chain attack, highlighting the widening blast radius across developer environments. The last known clean release of Trivy on Docker Hub is 0.69.3. The malicious versions 0.69.4, 0.69.5, and 0.69.6 have since been removed from the container image library. "New image tags 0.69.5 and

Submit #775856 / VDB-352499

A vulnerability was found in WAGO Lean Managed Switch 852-1812, Lean Managed Switch 852-1813, Lean Managed Switch 852-1813-000-001, Lean Managed Switch 852-1816, Industrial Managed Switch 852-303, Industrial Managed Switch 852-1305, Industrial Managed Switch 852-1305-000-001, Industrial Managed Switch 852-1505-000-001, Industrial Managed Switch 852-1505, Industrial Managed Switch 852-602, Industrial Managed Switch 852-603, Industrial Managed Switch 852-1605, Lean Managed Switch 852-1812-010-000, Lean Managed Switch 852-1813-010-000 and Lean Managed Switch 852-1816-010-000 010-001. It has been classified as critical. This affects an unknown part of the component Restricted Interface. Performing a manipulation results in backdoor. This vulnerability is reported as CVE-2026-3587. The attack is possible to be carried out remotely. No exploit exists. Upgrading the affected component is recommended.

A vulnerability was found in shaonsina Sina Extension for Elementor Plugin up to 3.7.0 on WordPress and classified as problematic. Affected by this issue is some unknown functionality. Such manipulation leads to cross site scripting. This vulnerability is documented as CVE-2025-6229. The attack can be executed remotely. There is not any exploit available. It is suggested to upgrade the affected component.

A vulnerability has been found in kingaddons King Addons for Elementor Plugin up to 51.1.49 on WordPress and classified as problematic. Affected by this vulnerability is the function render_full_form. This manipulation causes information disclosure. This vulnerability is registered as CVE-2025-13997. Remote exploitation of the attack is possible. No exploit is available. The affected component should be upgraded.

Operation Alice: Police dismantle a massive dark web network with 373,000 fake sites luring users seeking child sexual abuse material. An international law enforcement operation, code named Operation Alice, shut down one of the largest dark web scams, uncovering over 373,000 fake sites tricking users seeking child sexual abuse content. The operation, first investigated in […]

Currently trending CVE - Hype Score: 1 - A memory corruption issue was addressed with improved memory handling. This issue is fixed in watchOS 26.1, iOS 18.7.2 and iPadOS 18.7.2, macOS Tahoe 26.1, visionOS 26.1, tvOS 26.1, macOS Sonoma 14.8.2, macOS Sequoia 15.7.2, iOS 26.1 and iPadOS 26.1. A malicious application may ...

Кто и как смог вынести 10 петабайт информации из-под носа у Пекина.