Aggregator

A vulnerability labeled as critical has been found in Google Chrome. This vulnerability affects unknown code of the component WebRTC. The manipulation results in use after free. This vulnerability is identified as CVE-2026-4446. The attack can be executed remotely. There is not any exploit available. The affected component should be upgraded.

A vulnerability was found in Google Chrome. It has been classified as critical. This impacts an unknown function of the component V8. This manipulation causes sandbox issue. This vulnerability is handled as CVE-2026-4447. The attack can be initiated remotely. There is not any exploit available. Upgrading the affected component is recommended.

A vulnerability has been found in Google Chrome and classified as critical. This affects an unknown part of the component ANGLE. Performing a manipulation results in heap-based buffer overflow. This vulnerability is reported as CVE-2026-4448. The attack is possible to be carried out remotely. No exploit exists. The affected component should be upgraded.

A vulnerability was found in Google Chrome and classified as critical. This vulnerability affects unknown code of the component V8. Executing a manipulation can lead to out-of-bounds write. This vulnerability appears as CVE-2026-4450. The attack may be performed from remote. There is no available exploit. It is suggested to upgrade the affected component.

A vulnerability was found in Google Chrome. It has been classified as critical. This issue affects some unknown processing of the component Blink. The manipulation leads to use after free. This vulnerability is traded as CVE-2026-4449. It is possible to initiate the attack remotely. There is no exploit available. Upgrading the affected component is recommended.

A vulnerability was found in Google Chrome. It has been declared as critical. Impacted is an unknown function of the component Navigation. The manipulation results in sandbox issue. This vulnerability is known as CVE-2026-4451. It is possible to launch the attack remotely. No exploit is available. It is recommended to upgrade the affected component.

A vulnerability was found in Google Chrome on Windows. It has been rated as critical. The affected element is an unknown function of the component ANGLE. This manipulation causes external control of assumed-immutable web parameter. This vulnerability is handled as CVE-2026-4452. The attack can be initiated remotely. There is not any exploit available. Upgrading the affected component is advised.

Hackers compromised Trivy, Checkmarx, and LiteLLM in a supply chain attack, stealing cloud credentials, tokens, and crypto wallet data from developers.

Тот случай, когда техподдержка нужна самой техподдержке.

《香港国安法》第四十三条实施细则赋权警员可要求指明人士提供电子设备所需的密码或解密方法，不遵从或可处罚款 10 万元及监禁 1 年。保安局长邓炳强回应称，警员须基于国安原因到法院申请手令，才可搜证。假如拒绝提供设备密码，情况有如警方以搜查令搜屋时，屋内的人“顶着道门”不让警察进入，“所以有罚则，也是非常合理的”。被问到忘记密码是否等同拒绝提供解密方法，邓炳强表示不能一概而论，要视警员观察指明人士的言行判断，他举例若指明人士当天曾数度使用手提电话，无理由突然忘记密码，但若有纪录显示，指明人士近一年或三年前接触该受查电子设备，忘记密码可能合理。

DDoS attacks are no longer only an infrastructure problem. They can quickly turn into a business issue, affecting uptime, customer experience, and operational stability. Kamasers is a strong example of this new reality, with broad attack capabilities and resilient command-and-control mechanisms that allow it to remain active under pressure. Let’s explore the Kamasers botnet through […]

The post Kamasers Analysis: A Multi-Vector DDoS Botnet Targeting Organizations Worldwide  appeared first on ANY.RUN's Cybersecurity Blog.

OpenClaw等智能体问题这么多，企业想用又不敢用，咋办？

来自国内某顶尖的安全攻防团队。

人在环上，而非人在环中

下一个永恒之蓝？

今年早些时候释出的 Wine 11 引入了一个全新的 NTSYNC 内核驱动去实现 Windows NT 同步原语。Windows NT 同步原语以前是通过一个用户空间 RPC 实现的，其开销日益成为性能瓶颈，NTSYNC 在内核中实现了同步原语，因此显著提升了 Windows 游戏在 Linux 上的性能。开发者的测试显示，《Dirt 3》的帧率从 110.6 FPS 提升至 860.7 FPS，提升幅度高达 678%；《Resident Evil 2》从 26 FPS 提升至 77 FPS；《Call of Juarez》从 99.8 FPS 提升至 224.1 FPS，《Tiny Tina's Wonderlands》从 130 FPS 提升至 360 FPS，《Call of Duty: Black Ops I》在 Linux 上也能流畅运行了。NTSYNC 的最主要受益者是需要大量多线程运算、同步开销成为瓶颈的游戏。

近年来，手机租赁行业发展迅速，“以租代买”的消费模式受到部分消费者关注。但根据全国消协组织受理投诉情况及舆情监测，手机租赁领域乱象频发，部分经营者利用信息不对称，设置重重消费陷阱，严重侵害消费者合法权益。

近期，奥地利AI智能体OpenClaw（“龙虾”）在国内引发热议，程序员、企业行政人员等各类职场人群纷纷排队安装，相关代安装服务也火爆异常，报价从几十元至千元不等。

3月20日，由中国电子信息产业发展研究院、中国信息通信研究院、国家工业信息安全发展研究中心、中国软件评测中心（工业和信息化部软件与集成电路促进中心）联合主办的第三届“数信杯”数据安全大赛在江苏省南京市圆满落幕。

党的二十届三中全会指出，要“健全促进实体经济和数字经济深度融合制度”，这为我国进一步推动数字经济发展指明了方向。“十四五”收官之年，我国数字经济发展已迈向全面扩展期。