程琳:以科技安全保障国家安全和人民安全
国家安全是头等大事,做好新时代国家安全工作,必须坚持总体国家安全观。其中,保障科技安全特别是人工智能安全是提高我国现代化生产效率水平和质量,提高人民工作、学习、生活现代化水平和质量,建设网络强国的必然选择。
Aggregator
终结AI能力碎片化,长亭百智云一站式AI服务平台来了
17 hours 23 minutes ago
百智云一站式AI服务平台,开箱即用
Weekly Threat Landscape Digest – Week 22
17 hours 27 minutes ago
CVE-2026-46062 ntfs3: fix integer overflow in run_unpack() volume boundary check Overview Addresses an integer overflow vulnerability in the ntfs3 driver’s […]
The post Weekly Threat Landscape Digest – Week 22 appeared first on HawkEye.
Ben O
AiLock
17 hours 34 minutes ago
You must login to view this content
cohenido
Verizon发布新报告 漏洞依然是网络攻击者入侵企业的头号途径
17 hours 36 minutes ago
Verizon DBIR显示,漏洞利用占入侵起因31%,凭证滥用仅13%。高危漏洞修补率降至26%,中位修补时间升至43天。
AgentGuard:给智能体工具调用行为带上“紧箍咒”
17 hours 39 minutes ago
我们提出了一套面向工具调用型智能体的轻量级访问控制框架,AgentGuard。该框架能够无缝集成到现有智能体系统中,并在工具调用前后对潜在安全风险进行识别、审计与拦截,并完整记录执行轨迹,从而支持事后审计与安全溯源
Отсрочка и деньги в придачу. Минцифры готовит новые льготы за замену иностранного софта
17 hours 46 minutes ago
Правительство разрешит бизнесу повременить с отказом от зарубежных программ.
CVE-2026-26980
17 hours 49 minutes ago
Currently trending CVE - Hype Score: 1 - Ghost is a Node.js content management system. Versions 3.24.0 through 6.19.0 allow unauthenticated attackers to perform arbitrary reads from the database. This issue has been fixed in version 6.19.1.
Malicious Sicoob NuGet Steals Banking Credentials as npm Packages Target Cloud Secrets
17 hours 54 minutes ago
Cybersecurity researchers have discovered a malicious NuGet package that masquerades as a C# software development kit for Sicoob, one of Brazil's largest cooperative financial systems, to siphon client IDs and PFX certificates.
According to Socket, versions 2.0.0 through 2.0.4 of "Sicoob.Sdk" contain functionality to exfiltrate sensitive information, including PFX certificates that are used to
The Hacker News
终结AI能力碎片化,长亭百智云一站式AI服务平台来了
17 hours 59 minutes ago
百智云一站式AI服务平台,开箱即用
Chinese Hackers Exploit Iran War to Target Maritime and Energy Companies
18 hours 6 minutes ago
ESET’s 2026 APT Activity Report suggests China-backed APTs are using instability in the region to target victims, as well as continuing activity against organizations around the globe
Chrome 静默下载 4GB Gemini Nano 模型引发争议:手把手教你如何永久禁止
18 hours 9 minutes ago
引言:不打招呼就占 4G 空间,现在的 Chrome 这么流氓了? 如果这两天你觉得电脑 C 盘或者 Mac […]
root
MicrosoftSystem64 Malware Uses HuggingFace Datasets for Stealthy Data Exfiltration
18 hours 11 minutes ago
A newly discovered malware called MicrosoftSystem64 has been quietly stealing data from infected computers by routing stolen files through HuggingFace, the popular AI platform used by researchers and developers worldwide. The malware disguises itself as a legitimate Microsoft process, making it significantly harder for security tools to flag it as a threat. Its ability to […]
The post MicrosoftSystem64 Malware Uses HuggingFace Datasets for Stealthy Data Exfiltration appeared first on Cyber Security News.
Tushar Subhra Dutta
ASPA и утечки маршрутов: как новый стандарт проверяет путь трафика
18 hours 13 minutes ago
Механизм не чинит весь BGP и не проверяет реальный путь пакетов, но закрывает один из самых болезненных классов ошибок в междоменной маршрутизации.
CVE-2026-10070 | macrozheng mall up to 1.0.3 Super Admin Password /admin/update/ improper authorization (Issue 970)
18 hours 22 minutes ago
A vulnerability was found in macrozheng mall up to 1.0.3. It has been classified as critical. This affects an unknown function of the file /admin/update/ of the component Super Admin Password Handler. Performing a manipulation results in improper authorization.
This vulnerability is known as CVE-2026-10070. Remote exploitation of the attack is possible. No exploit is available.
The vendor deleted the GitHub issue for this vulnerability without any explanation. Afterwards the vendor was contacted early about this disclosure via email but did not respond in any way.
vuldb.com
Submit #818384: mall 1.0.3 Improper Access Controls [Accepted]
18 hours 26 minutes ago
Submit #818384 / VDB-367156
AliceS614
CVE-2026-10069 | Shibby Tomato 1.28 usr/sbin/miniupnpd resource consumption
18 hours 28 minutes ago
A vulnerability was found in Shibby Tomato 1.28 and classified as critical. The impacted element is an unknown function of the file usr/sbin/miniupnpd. Such manipulation leads to resource consumption. This vulnerability only affects products that are no longer supported by the maintainer.
This vulnerability is traded as CVE-2026-10069. The attack may be launched remotely. There is no exploit available.
This project is superseded by FreshTomato.
vuldb.com
Включили бесплатный прокси и успокоились? Криптографы доказали, что Telegram все равно выдает ваше устройство
18 hours 28 minutes ago
Эксперты нашли способ следить за пользователями Telegram через скрытую метку.
CVE-2026-10068 | Shibby Tomato 1.28 SUBSCRIBE Call usr/sbin/miniupnpd send server-side request forgery
18 hours 28 minutes ago
A vulnerability has been found in Shibby Tomato 1.28 and classified as critical. The affected element is the function send of the file usr/sbin/miniupnpd of the component SUBSCRIBE Call Handler. This manipulation causes server-side request forgery. This vulnerability only affects products that are no longer supported by the maintainer.
This vulnerability appears as CVE-2026-10068. The attack may be initiated remotely. There is no available exploit.
This project is superseded by FreshTomato.
vuldb.com
CVE-2026-10067 | Shibby Tomato 1.28 multimon.cgi sub_90F0 stack-based overflow
18 hours 28 minutes ago
A vulnerability, which was classified as critical, was found in Shibby Tomato 1.28. Impacted is the function sub_90F0 of the file multimon.cgi. The manipulation results in stack-based buffer overflow. This vulnerability only affects products that are no longer supported by the maintainer.
This vulnerability is reported as CVE-2026-10067. The attack can be launched remotely. No exploit exists.
This project is superseded by FreshTomato.
vuldb.com