Aggregator

环境异常 当前环境异常，完成验证后即可继续访问。 去验证

全面拆解智能体各类风险。

清理大而丑 app 的存储空间，偶然发现一张来自 2021 年九月的截图。当时著名程序员 Fabrice Bellard 在他的主页上线了 TextSynth——一个可以调用文本模型的网页工具。我就用 GPTJ-6B 围绕安全主题续写（瞎编）了一段文字。 可以看到刚开始还编得像那么回事，第二段就开始不太对劲了。好在初代的文本模型没有遍地的 emoji。 注意此 GPT 并不是 ChatGPT，而是本意 Generative Pre-trained Transformer。GPT-J-6B 是由开源研究团队 EleutherAI 在 2021 年推出的一款开源大语言模型。 短短数年，恍如隔世。 虽然 AI 幻觉依然无法消灭，在模型能力强化和各种工程化实践之后，都能找到很复杂的漏洞了。反过来看，在 2026 年的当下，如果还有谁不加验证复制粘贴 AI 生成的幻觉报告来浪费时间，那是真的很难评了。

The future of cybersecurity is germinating, as nation states vie for dominance in the embodied AI market and its supply chain.

A likely Russian threat cluster tracked as GreyVibe has been targeting Ukrainian entities with AI-generated lures and a rich set of custom malware tools. [...]

An Android remote access trojan named BTMOB is offered to cybercriminals with a builder interface for generating malware payloads tailored to phishing lures. [...]

This daily article is intended to make it easier for those who want to stay updated with my regular Dark Web Informer and X/Twitter posts.

A vulnerability was found in Linux Kernel up to 6.1.147/6.6.101/6.12.41/6.15.9/6.16.0. It has been declared as critical. This vulnerability affects the function ieee80211_tdls_oper of the component wifi. Executing a manipulation can lead to uninitialized pointer. This vulnerability is tracked as CVE-2025-38644. The attack is only possible within the local network. No exploit exists. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.15.9/6.16.0. It has been rated as critical. This issue affects the function cfg80211_check_and_end_cac of the file net/wireless/chan.c of the component wifi. The manipulation leads to state issue. This vulnerability is listed as CVE-2025-38643. The attack must be carried out from within the local network. There is no available exploit. Upgrading the affected component is advised.

A vulnerability identified as problematic has been detected in Linux Kernel up to 6.15.9/6.16.0. This impacts an unknown function. Performing a manipulation results in reachable assertion. This vulnerability is cataloged as CVE-2025-38642. The attack must originate from the local network. There is no exploit available. You should upgrade the affected component.

A vulnerability classified as critical was found in Linux Kernel up to 6.6.101/6.12.41/6.15.9/6.16.0. Affected by this vulnerability is the function nf_hook_run_bpf in the library /include/linux/filter.h. The manipulation results in reachable assertion. This vulnerability is known as CVE-2025-38640. Access to the local network is required for this attack. No exploit is available. Upgrading the affected component is advised.

A vulnerability was found in Linux Kernel up to 6.16.0. It has been classified as critical. Impacted is an unknown function of the component Bluetooth. The manipulation leads to null pointer dereference. This vulnerability is referenced as CVE-2025-38641. The attack needs to be initiated within the local network. No exploit is available. Upgrading the affected component is recommended.

A vulnerability categorized as critical has been discovered in Linux Kernel up to 6.1.147/6.6.101/6.12.41/6.15.9/6.16.0. This affects the function nfnl_acct_find_get in the library lib/vsprintf.c of the component netfilter. Such manipulation leads to out-of-bounds read. This vulnerability is listed as CVE-2025-38639. The attack must be carried out from within the local network. There is no available exploit. It is advisable to upgrade the affected component.

A vulnerability marked as critical has been reported in GNU libredwg up to 0.13.4.8160. This issue affects the function bit_read_RC of the file bits.c of the component Dwgbmp Utility. This manipulation causes heap-based buffer overflow. This vulnerability is tracked as CVE-2026-9605. The attack is possible to be carried out remotely. Moreover, an exploit is present. Applying a patch is the recommended action to fix this issue.