Aggregator

CVE-2026-23474 | Linux Kernel up to 7.0-rc4 mtd __builtin_dynamic_object_size buffer overflow (Nessus ID 304968)

Vuldb Updates
4 hours 42 minutes ago
A vulnerability marked as critical has been reported in Linux Kernel up to 7.0-rc4. This affects the function __builtin_dynamic_object_size of the component mtd. The manipulation leads to buffer overflow. This vulnerability is documented as CVE-2026-23474. The attack requires being on the local network. There is not any exploit available. It is suggested to upgrade the affected component.
vuldb.com

CVE-2026-23445 | Linux Kernel up to 6.12.77/6.18.19/6.19.9/7.0-rc4 IRQ igc_ptp_tx_tstamp_event memory corruption (Nessus ID 304970)

Vuldb Updates
4 hours 42 minutes ago
A vulnerability classified as critical was found in Linux Kernel up to 6.12.77/6.18.19/6.19.9/7.0-rc4. The affected element is the function igc_ptp_tx_tstamp_event of the component IRQ Handler. The manipulation results in memory corruption. This vulnerability is reported as CVE-2026-23445. The attacker must have access to the local network to execute the attack. No exploit exists. Upgrading the affected component is advised.
vuldb.com

CVE-2026-34980 | OpenPrinting CUPS up to 2.4.16 on Linux /usr/bin/vim page-border input validation (EUVD-2026-18887 / Nessus ID 304971)

Vuldb Updates
4 hours 42 minutes ago
A vulnerability was found in OpenPrinting CUPS up to 2.4.16 on Linux and classified as critical. Affected by this vulnerability is an unknown functionality of the file /usr/bin/vim. The manipulation of the argument page-border results in improper input validation. This vulnerability is reported as CVE-2026-34980. The attacker must have access to the local network to execute the attack. No exploit exists.
vuldb.com

CVE-2026-4878 | libcap up to 2.77 cap_set_file allocation of resources (Nessus ID 305106)

Vuldb Updates
4 hours 42 minutes ago
A vulnerability identified as critical has been detected in libcap up to 2.77. Affected by this vulnerability is the function cap_set_file. The manipulation leads to allocation of resources. This vulnerability is referenced as CVE-2026-4878. The attack can only be performed from a local environment. No exploit is available. It is recommended to apply a patch to fix this issue.
vuldb.com

FBI Disrupts Russian Router Hijacking Operation Compromised Thousands of Users

Cyber Security News
4 hours 54 minutes ago

The U.S. Justice Department and the FBI have successfully dismantled a massive cyberespionage network in a court-authorized takedown dubbed “Operation Masquerade.” Announced on April 7, 2026, the technical operation neutralized thousands of compromised small office/home office (SOHO) routers that were hijacked by Russian military intelligence to spy on global targets. The disruption targeted a hacking […]

The post FBI Disrupts Russian Router Hijacking Operation Compromised Thousands of Users appeared first on Cyber Security News.

Abinaya

高校邮件安全怎么抓?北工大这份“可复制范本”值得一看

嘶吼
5 hours 8 minutes ago

“近年来,钓鱼邮件的威胁愈发严峻,教育行业首当其冲。校园邮箱用户多、人员流动性强、钓鱼手段层出不穷——高校已成为黑客的重点攻击目标。” 在近期的邮件安全管理员直播分享中,北京工业大学的霍老师一语道破当下高校邮件安全的严峻现状。

作为北京市属重点、国家“211工程”和“双一流”建设高校,北京工业大学(以下简称:北工大)的邮件系统承载着教学科研、校内办公等核心业务,自然也直面着这一教育行业的共性安全困境。2025年《中国企业邮箱安全研究报告》显示,教育领域钓鱼邮件占比高达14.1%,位列行业第二。奖学金通知、学术会议邀请、论文审稿……这些师生们习以为常的邮件,正成为钓鱼攻击最危险的伪装。

一、三大安全痛点:直击高校邮件安全“共性难题”

在北工大,邮件系统几乎与每位师生的学习、工作紧密相连,在带来便利的同时,也让邮件系统成为安全风险的高发区。回顾部署专业邮件安全网关之前的日子,学校曾面临三道棘手的“关卡”:

第一关:国产化合规成为“必答题”

随着教育部门对安全合规和国产化替代的要求不断提升,学校必须部署国产化独立邮件安全网关。国产化合规不再是“选择题”而是“必答题”。

第二关:新型钓鱼邮件防不胜防

此前的学校防护体系主要依赖本地特征库加CAC(内容分析通道)进行过滤,但新型钓鱼邮件早已进化——不再将恶意内容直接放入正文文本,而是藏进图片、附件或二维码中,传统方式根本无从查起。此外,一旦校内账号被盗,利用校内信任关系发送的钓鱼邮件极易在师生中快速扩散,稍不留意就中招。

第三关:运维管理成为“老大难”

原有邮件系统的投递日志单次最多仅能查询 7 天的记录,当需要追溯邮件投递轨迹、排查安全问题时,数据支撑不足,常常陷入“想查查不到”的困境。

这些并非北工大独有的难题,而是许多高校在邮件安全管理中共同面对的“硬骨头”。要真正破局,靠小修小补显然不够。

二、破解校园安全痛点:CACTER做对了什么?

针对以上难题,CACTER为北工大部署了国产化独立CACTER邮件安全网关,从四个维度实现了有效突破:

1.合规落地,为信创改造铺平道路。网关采用国产化独立部署模式,支持海光、鲲鹏、飞腾等国产芯片,适配电科金仓等国产数据库,可实现全栈信创、自主可控。学校不用再为“能不能过审”担心,信创改造的路也走得更踏实。

2. 精准防护,让钓鱼邮件无处遁形。奖学金通知、学术会议邀请……这些师生每天都可能收到的邮件,曾经是最危险的“伪装者”。现在,网关具备图片OCR识别、二维码解析、附件深度检测等能力,针对新型钓鱼邮件整体拦截率更是高达99.8%,误判率低于0.02%。

·学校高危邮件直接隔离,不进入师生收件箱

·普通垃圾分类存放,不影响日常使用体验

·异常外发智能阻断,快速遏制风险扩散

3. 稳定运行,保障校园邮路畅通。高校邮件系统一旦中断,教学通知、科研沟通、办公流程都会受影响。CACTER采用双机高可用部署模式,主备节点实时同步,即使单点发生故障,系统也能自动无缝切换,师生完全感知不到。同时,每日定时备份配置,即便设备出现问题也能快速恢复,把数据丢失风险降到最低。这套“双保险”,即使意外发生,邮件收发依然稳稳当当。

4. 便捷运维,让管理从“救火”走向“掌控”。网关支持长时间跨度的日志检索,邮件投递、拦截记录等随时可查,问题排查精准高效。再加上死信处理、邮件召回、多维统计等功能,运维团队不再被动“救火”,而是做到更精细化管控,大幅减轻运维负担。

三、北工大安全实践:从“解决一个问题”到“提供一套范本”

霍老师对这套方案的效果给出了直观的评价:“部署CACTER网关后,直观地看到大量钓鱼邮件已被拦截,避免进入用户邮箱被误点中招。自此,邮件安全已不再是‘有无防护’的问题,而是未来‘防护是否精准、响应是否及时’的能力较量。CACTER网关很好地满足了在精准防护和高效运维两方面的核心需求。”

从北工大的实践来看,一套真正适配高校场景的邮件安全方案,绝非止步于基础的垃圾邮件拦截,更要同时满足三大核心要求:对信创合规的完整契合、对钓鱼邮件的精准识别、对运维管理的便捷支持

CACTER网关在这几个维度的落地效果,为众多正面临邮件安全困扰的高校,提供了一个经过验证的参考路径。

随着教育数字化加速,高校邮件安全将迎来新挑战。CACTER已服务超过150所院校,包括北大、同济等高校,积淀了丰富的高校邮件安全实战经验。未来,CACTER将持续深耕高校场景,以更适配的安全产品,守护高等教育的信息传递通道,为高等教育高质量发展筑牢邮件安全屏障。

CACTER邮件安全

Frida魔改反检测初探

先知技术社区
5 hours 16 minutes ago
本次项目依托AI来辅助学习,顺利完成Frida源码编译与简单魔改,并逐一排雷解决了环境配置、Patch冲突、编译缓存等实操过程中的典型坑点

CVE-2024-54512 | Apple iOS/iPadOS Flag information disclosure

Vuldb Updates
5 hours 17 minutes ago
A vulnerability categorized as problematic has been discovered in Apple iOS and iPadOS. The impacted element is an unknown function of the component Flag Handler. Such manipulation leads to information disclosure. This vulnerability is referenced as CVE-2024-54512. The attack can only be performed from a local environment. No exploit is available. It is advisable to upgrade the affected component.
vuldb.com

CVE-2024-54499 | Apple tvOS up to 18.1 Image use after free (WID-SEC-2024-3692)

Vuldb Updates
5 hours 17 minutes ago
A vulnerability categorized as critical has been discovered in Apple tvOS up to 18.1. Affected is an unknown function of the component Image Handler. Executing a manipulation can lead to use after free. The identification of this vulnerability is CVE-2024-54499. The attack may be launched remotely. There is no exploit available. It is advisable to upgrade the affected component.
vuldb.com

CVE-2024-54499 | Apple visionOS up to 18.1 Image use after free (WID-SEC-2024-3692)

Vuldb Updates
5 hours 17 minutes ago
A vulnerability identified as critical has been detected in Apple visionOS up to 18.1. Affected by this vulnerability is an unknown functionality of the component Image Handler. The manipulation leads to use after free. This vulnerability is referenced as CVE-2024-54499. Remote exploitation of the attack is possible. No exploit is available. You should upgrade the affected component.
vuldb.com

CVE-2024-54499 | Apple macOS up to 18.1 Image use after free (WID-SEC-2024-3692)

Vuldb Updates
5 hours 17 minutes ago
A vulnerability labeled as critical has been found in Apple macOS up to 18.1. Affected by this issue is some unknown functionality of the component Image Handler. The manipulation results in use after free. This vulnerability is identified as CVE-2024-54499. The attack can be executed remotely. There is not any exploit available. The affected component should be upgraded.
vuldb.com

Managed ad