Aggregator

随着人工智能应用场景不断推陈出新，各类安全风险呈指数级增长，且已扩展至政治、军事等国家安全领域。鉴于此，亟须立足国家安全视角，在总体国家安全观指导下审慎应对，统筹发展和安全。本文立足总体国家安全观，系统梳理人工智能数据安全风险……

Обычный импорт запускал цепочку, после которой сервер уже не мог принадлежать владельцу.

Flipper Devices, the maker of the Flipper Zero pentesting tool, is asking the community to help build Flipper One, an open Linux platform for connected devices. [...]

AI 漏洞挖掘开始交付"工程化结果" 从音频解码到工业 CAD，从车端 CAN 帧到企业 Java 中间件——这一次，AI 红队没有靠"灵感"。

AI 漏洞挖掘开始交付"工程化结果" 从音频解码到工业 CAD，从车端 CAN 帧到企业 Java 中间件——这一次，AI 红队没有靠"灵感"。

AI 漏洞挖掘开始交付"工程化结果" 从音频解码到工业 CAD，从车端 CAN 帧到企业 Java 中间件——这一次，AI 红队没有靠"灵感"。

Attackers are exploiting two Microsoft Defender vulnerabilities (CVE-2026-41091 and CVE-2026-45498), Microsoft acknowledged and CISA confirmed by adding them to its Known Exploited Vulnerabilities catalog. The vulnerabilities CVE-2026-41091 allows for local privilege elevation (LPE), and is caused by the Microsoft Malware Protection Engine improperly resolving links before accessing files. “An attacker who successfully exploited this vulnerability could gain SYSTEM privileges,” Microsoft noted. CVE-2026-45498 can cause a denial-of-service (DoS) state, i.e., it can be used to prevent … More →

The post Microsoft Defender vulnerabilities exploited in the wild (CVE-2026-41091, CVE-2026-45498) appeared first on Help Net Security.

Microsoft has disclosed that a privilege escalation and a denial-of-service flaw in Defender has come under active exploitation in the wild. The former, tracked as CVE-2026-41091, is rated 7.8 on the CVSS scoring system. Successful exploitation of the flaw could allow an attacker to gain SYSTEM privileges. "Improper link resolution before file access ('link following') in Microsoft Defender

A vulnerability identified as problematic has been detected in PowerDNS Authoritative up to 4.9.14/5.0.4. Affected by this issue is some unknown functionality of the component Catalog Zone Transfer Handler. The manipulation leads to denial of service. This vulnerability is listed as CVE-2026-42396. The attack may be initiated remotely. There is no available exploit. You should upgrade the affected component.

A vulnerability categorized as problematic has been discovered in PowerDNS Authoritative up to 4.9.14/5.0.4. Affected by this vulnerability is an unknown functionality of the component GSS-TSIG Handler. Executing a manipulation can lead to denial of service. This vulnerability is tracked as CVE-2026-42002. The attack can be launched remotely. No exploit exists. It is advisable to upgrade the affected component.

A vulnerability was found in PowerDNS Authoritative up to 4.9.14/5.0.4. It has been rated as problematic. Affected is an unknown function of the component Autoprimary SOA Query Handler. Performing a manipulation results in denial of service. This vulnerability is identified as CVE-2026-42001. The attack can be initiated remotely. There is not any exploit available. Upgrading the affected component is advised.

A vulnerability was found in PowerDNS Authoritative up to 4.9.14/5.0.4. It has been declared as problematic. This impacts an unknown function of the component AXFR Handler. Such manipulation leads to an unknown weakness. This vulnerability is referenced as CVE-2026-42000. It is possible to launch the attack remotely. No exploit is available. It is recommended to upgrade the affected component.

A vulnerability was found in PowerDNS Authoritative up to 5.0.4. It has been classified as problematic. This affects an unknown function of the component Proxy Request Handler. This manipulation causes Remote Code Execution. The identification of this vulnerability is CVE-2026-41999. It is possible to initiate the attack remotely. There is no exploit available. Upgrading the affected component is recommended.

A vulnerability was found in MediaArea MediaInfoLib 26.01 and classified as critical. The impacted element is an unknown function. The manipulation results in use of out-of-range pointer offset. This vulnerability was named CVE-2026-28764. The attack may be performed from remote. There is no available exploit.

A vulnerability has been found in FreeBSD and classified as critical. The affected element is the function setcred of the component System Call Handler. The manipulation leads to stack-based buffer overflow. This vulnerability is uniquely identified as CVE-2026-45250. Local access is required to approach this attack. No exploit exists. Applying a patch is the recommended action to fix this issue.

A vulnerability, which was classified as critical, was found in FreeBSD. Impacted is an unknown function. Executing a manipulation can lead to use after free. This vulnerability is handled as CVE-2026-45251. It is possible to launch the attack on the local host. There is not any exploit available. It is advisable to implement a patch to correct this issue.

A vulnerability, which was classified as critical, has been found in FreeBSD up to p4/p8/p13. This issue affects the function libcasper. Performing a manipulation results in stack-based buffer overflow. This vulnerability is known as CVE-2026-39461. Attacking locally is a requirement. No exploit is available. To fix this issue, it is recommended to deploy a patch.

A vulnerability classified as problematic was found in Honeywell International Control Network Module up to 110.2. This vulnerability affects unknown code. Such manipulation leads to file and directory information exposure. This vulnerability is traded as CVE-2026-5434. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as critical has been found in Mattermost up to 10.11.14/11.4.4/11.5.3/11.6.0/11.6.x. This affects an unknown part. This manipulation causes path traversal. This vulnerability appears as CVE-2026-4858. The attack may be initiated remotely. There is no available exploit. It is recommended to upgrade the affected component.

A vulnerability described as critical has been identified in Tobias CF7 WOW Styler Plugin up to 1.7.6 on WordPress. Affected by this issue is some unknown functionality. The manipulation results in missing authorization. This vulnerability is reported as CVE-2026-27393. The attack can be launched remotely. No exploit exists.