Aggregator

国剧之光《主角》目前正在热播，这是第一部我们看到了传承的电视剧。电视剧《主角》中的传承，技艺传承、文化传承、文明传承！

很多人现在已经默认：本地Agent + 中转站也是属于日常玩法了。发现这里其实有个被很多人忽略的风险：AI Agent 已经不是“聊天机器人--编码助手”了。

Drupal 警告用户，针对本周修复的高危漏洞 CVE-2026-9082，已经出现了利用尝试。该漏洞影响一个旨在确保数据库查询经过清理以防止 SQL 注入 的 API。Drupal 解释道：“该 API 中的漏洞允许攻击者发送特制请求，导致使用 PostgreSQL 数据库的网站遭受任意 SQL 注入。”未经身份验证的攻击...

威胁行为者正在利用共享内容分发网络（CDN）基础设施中的漏洞，以隐藏与恶意域名的连接。 该漏洞被称为 Underminr，是域名前置（domain fronting）攻击的一种变体。域名前置是一种现已得到缓解的攻击类型，攻击者曾通过在 HTTPS 请求的 SNI 和 TLS 证书验证字段中放置允许的域名，同时在 TLS 隧道的加密 HTTP Host 头中嵌入不同的目标域名来实施攻击。 ...

A fully autonomous bug-bounty framework called Pentest Agent Suite has been open-sourced, delivering 50 specialized security agents, 26 slash commands, 19 CLI tools, and a cross-IDE installer across seven major AI coding platforms — Claude Code, OpenAI Codex, Google Gemini, Cursor, Windsurf, VS Code Copilot, and OpenClaw. The project, published on GitHub by researcher H-mmer, […]

The post Pentest Agent Suite – Bug Bounty Framework for Claude Code and 6 AI Coding Tools appeared first on Cyber Security News.

The Wireshark Foundation has released Wireshark 4.6.6, addressing a critical security vulnerability in the ROHC (Robust Header Compression) protocol dissector that could allow an attacker to crash the application by injecting a specially crafted, malformed packet. The update also resolves over a dozen stability and compatibility bugs affecting Windows users. The primary security fix targets […]

The post Wireshark 4.6.6 Released With Fix for Dissector Crash via Malformed Packet Injection appeared first on Cyber Security News.

针对 Laravel Lang 本地化软件包的供应链攻击使开发人员暴露于复杂的凭证窃取恶意软件活动中。攻击者滥用了 GitHub 版本标签功能，通过 Composer 软件包分发恶意代码。安全公司 StepSecurity、Aikido Security 和 Socket 于周五发出警告，指出攻击者重写了 Laravel Lang 组织维护的四个存储库中的 GitHub 标签，而不是发布全新的恶意...

执行摘要随着AI的持续快速发展，问题在于围绕它构建的系统能否跟上。追踪AI影响所需的治理框架、评估方法、教育

A hacker is selling a 340M OnlyFans user database allegedly built by matching old breach data and public profiles to real OnlyFans accounts.

New TrapDoor supply chain campaign, an active attack deploying 34 malicious packages and over 384 related versions across npm, PyPI, and Crates.io to steal developer credentials and cryptocurrency wallets. The operation explicitly targets developers in the crypto, DeFi, Solana, and AI communities by disguising malware as generic developer tools and security scanners. The campaign’s earliest […]

The post Hackers Compromised 34 Packages in npm, PyPI, and Crates in New Supply Chain Attack appeared first on Cyber Security News.

Yak Project 全产线福利，限时免费一周

CAPEv2是目前最主流的开源恶意软件动态分析沙箱

· 企业强推 AI 提效遇反效果

持续深耕AI新基建与AI安全。

LongCat-Video-Avatar 1.5是一款从开源 SOTA 迈向商业级应用的数字人视频模型。在唇形同步、物理合理性、长视频稳定性、多人互动和高效推理上实现了全面跃升。LongCat-Video-Avatar 1.5 即便在复杂商业场景里，也能稳定、自然地输出高质量内容，让数字人视频生成从彩排室的完美演练，走向千人千面的真实舞台。