Aggregator

A vulnerability was found in NetBT e-Fatura up to 1.2.14. It has been classified as problematic. This affects an unknown function. This manipulation causes unquoted search path. This vulnerability is handled as CVE-2025-14018. It is possible to launch the attack on the local host. Additionally, an exploit exists. Upgrading the affected component is recommended.

Microsoft представила ИИ-агента, который постоянно работает в фоне.

A vulnerability was found in Apple iOS up to 15.x. It has been classified as critical. This issue affects some unknown processing of the component Kernel. The manipulation leads to memory corruption. This vulnerability is uniquely identified as CVE-2022-32865. Local access is required to approach this attack. No exploit exists. Upgrading the affected component is recommended.

A vulnerability categorized as critical has been discovered in Apple macOS. The affected element is an unknown function of the component DriverKit. Such manipulation leads to memory corruption. This vulnerability is listed as CVE-2022-32865. The attack must be carried out locally. There is no available exploit. It is advisable to upgrade the affected component.

A vulnerability was found in Apple macOS. It has been declared as problematic. The impacted element is an unknown function of the component Kernel. Such manipulation leads to memory corruption. This vulnerability is referenced as CVE-2022-32864. The attack can only be performed from a local environment. No exploit is available. It is recommended to upgrade the affected component.

悬镜原创智能体疫苗技术：把安全深度植入智能体内核，让AI自带免疫力。

Sophos X-Ops 分析师本周发布了一项研究，指出一名身份不明的威胁行为者利用人工智能技术，通过该公司所称的“红队”后渗透框架，开发端点检测和响应 (EDR) 规避策略。

亚马逊面向消费者上线AI生成商品图功能日前，亚马逊公司宣布将在旗下的购物应用内上线新功能 —— 基于用户搜索查询展示AI生成的商品图片。该功能针对用户不清楚商品准确专业描述词的场景设计。用户输入搜索词

Новая атака работает даже при включённом Защитнике

德国巴伐利亚州数字事务部正式宣布取消与微软的合同，该合同将在五年内支出近 10 亿欧元。巴伐利亚州将转向采用开源软件。州财政部长 Albert Füracker 主张在现有合同基础上寻求折扣，而数字部长 Fabian Mehring 则力主采用开源软件。Mehring 表示，转向开源软件将确保在危机时期服务的持续使用，保护巴伐利亚州免受价格上涨的影响，并优先保障数据安全。巴伐利亚州转向开源软件是欧洲更广泛趋势的一部分，欧洲各地的地方和联邦政府都在逐步摆脱对微软和其它美国技术的依赖。

A vulnerability identified as critical has been detected in Acer Connect M6E 5G Portable WiFi Router up to M6E_AI_1.00.000019. The impacted element is an unknown function of the component APK Resource File Handler. Performing a manipulation results in information disclosure. This vulnerability is known as CVE-2026-49187. Remote exploitation of the attack is possible. No exploit is available.

A vulnerability labeled as critical has been found in Acer Connect M6E 5G Portable WiFi Router up to M6E_AI_1.00.000019. This affects the function popen of the component ai_cmd Utility. Executing a manipulation can lead to active debug code. This vulnerability is handled as CVE-2026-49188. The attack can only be done within the local network. There is not any exploit available.

A vulnerability categorized as critical has been discovered in Red Hat Multicluster Engine for Kubernetes, Enterprise Linux, JBoss Enterprise Application Platform Expansion Pack and OpenShift Container Platform. The affected element is an unknown function of the component NetworkManager. Such manipulation leads to os command injection. This vulnerability is traded as CVE-2026-10805. An attack has to be approached locally. There is no exploit available.

A vulnerability marked as critical has been reported in Acer Connect M6E 5G Portable WiFi Router up to M6E_AI_1.00.000019. This impacts an unknown function of the component Core Broadcast Receiver. The manipulation leads to improper privilege management. This vulnerability is uniquely identified as CVE-2026-49189. Local access is required to approach this attack. No exploit exists.

A vulnerability identified as problematic has been detected in crypto-x509 up to 1.25.10/1.26.3 on Go. This vulnerability affects the function VerifyHostname. This manipulation causes inefficient algorithmic complexity. This vulnerability is handled as CVE-2026-27145. The attack can be initiated remotely. There is not any exploit available. You should upgrade the affected component.

A vulnerability was found in mime up to 1.25.10/1.26.3 on Go and classified as problematic. Affected by this issue is some unknown functionality of the component Header Handler. Executing a manipulation can lead to inefficient algorithmic complexity. This vulnerability is registered as CVE-2026-42504. It is possible to launch the attack remotely. No exploit is available. It is suggested to upgrade the affected component.

欧盟周三公布了 European Technological Sovereignty Package，旨在加强科技主权减少依赖美国科技公司。微软遵守美国总统特朗普的命令关闭国际刑事法院首席检察官账号给整个欧洲敲响了警钟。最新计划旨在扶持欧洲本土企业，要求高度敏感领域的公共服务不能使用外国科技公司的服务。欧盟委员会要求各成员国对其依赖的每一项数字服务进行“主权风险评估”，评估内容包括外国控制、敏感数据的潜在访问权限以及运营中断的风险。欧盟委员会主席 Ursula von der Leyen 表示，“我们不能依赖他人的技术维持医院运转、电网稳定运行和服务安全。这关乎保护我们的公民、捍卫我们的利益以及做出我们自己的选择。”

Forescout VP of security intelligence, Rik Ferguson, warns that Q-day is fast approaching

A vulnerability was found in Acer Connect M6E 5G Portable WiFi Router up to M6E_AI_1.00.000019. It has been rated as critical. This affects an unknown function of the component Config Handler. Performing a manipulation results in os command injection. This vulnerability is reported as CVE-2026-50206. The attacker must have access to the local network to execute the attack. No exploit exists.