Aggregator

A vulnerability has been found in Netgear R6700v3 1.0.4.120_10.0.91 and classified as very critical. Impacted is an unknown function of the component NetUSB Module. Performing a manipulation results in integer overflow. This vulnerability was named CVE-2022-27641. The attack needs to be approached within the local network. There is no available exploit.

美国政府官方已批准约十家中国企业采购英伟达公司旗舰级AI芯片 H200。不过截至目前，获批订单尚未完成任何实际芯片交付，相关合作仍处于停滞状态。据悉，此次获得美国采购许可的中企名单包含阿里巴巴、字节跳

За фасадом громких взломов обнаружилась рутина, которую никто из участников не хотел показывать.

与伊朗有关联的黑客组织 MuddyWater（又名 “种子蠕虫” Seedworm、“静态小猫” Static Kitten ）发起了一场大规模的网络间谍活动，目标至少涉及多个行业和国家的 9 家知名机构。   受害者包括韩国一家大型电子制造商、政府机构、中东的一个国际机场、亚洲的工业制造商以及教育机构。   赛门铁克（Syman...

error code: 1003

A vulnerability marked as critical has been reported in Google Chrome on Windows. This issue affects some unknown processing of the component Chromoting. The manipulation leads to use after free. This vulnerability is listed as CVE-2026-7925. The attack must be carried out locally. There is no available exploit. It is suggested to upgrade the affected component.

A vulnerability has been found in Google Chrome and classified as critical. The affected element is an unknown function of the component ServiceWorker. This manipulation causes use after free. The identification of this vulnerability is CVE-2026-7922. It is possible to initiate the attack remotely. There is no exploit available. The affected component should be upgraded.

在上一篇文章中，我把我的豆瓣阅读清单导入到了 Obsidian 中，运用（那时候）新出的 Base 功能管理自己的阅读清单和书籍相关的笔记。朋友们在文章下方也提供了不少新的思路（例如：插件）。但有一个

苹果公司正式向欧盟委员会提交意见，公开批评欧盟近期提出的旨在帮助谷歌遵守《数字市场法案》（DMA）的监管措施。苹果警告称，欧盟拟议的强制谷歌向竞争对手开放人工智能服务的举措，将对用户的隐私、安全、设备

Details have emerged about a new variant of the recent Dirty Frag Linux local privilege escalation (LPE) vulnerability that allows local attackers to gain root access, making it the third such bug to be identified in the kernel within a span of two weeks. Codenamed Fragnesia, the security vulnerability is tracked as CVE-2026-46300 (CVSS score: 7.8) and is rooted in the Linux kernel's XFRM

Details have emerged about a new variant of the recent Dirty Frag Linux local privilege escalation

2026年5月初，一条不起眼的消息从以色列安全圈子里流出来：两名以色列空军人员被捕，指控是替伊朗从事间谍活动

在很多外行想象里，现代情报机关像一间巨大的作战大厅：卫星在天上看，监听站在远处听，线人在街角报，AI在后台算，

A vulnerability marked as critical has been reported in Google Chrome. Affected by this vulnerability is an unknown functionality of the component Skia. This manipulation causes use after free. This vulnerability appears as CVE-2026-7920. The attack may be initiated remotely. There is no available exploit. It is suggested to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Google Chrome. This issue affects some unknown processing of the component Aura. The manipulation leads to use after free. This vulnerability is uniquely identified as CVE-2026-7919. The attack is possible to be carried out remotely. No exploit exists. It is advisable to upgrade the affected component.

A vulnerability was found in Google Chrome. It has been classified as critical. Affected by this issue is some unknown functionality of the component Passwords. This manipulation causes use after free. This vulnerability is handled as CVE-2026-7921. The attack can be initiated remotely. There is not any exploit available. Upgrading the affected component is recommended.

A vulnerability described as critical has been identified in Google Chrome. Affected by this issue is some unknown functionality of the component GPU. Such manipulation leads to use after free. This vulnerability is traded as CVE-2026-7918. The attack may be launched remotely. There is no exploit available. Upgrading the affected component is recommended.

A vulnerability classified as critical has been found in Google Chrome on Windows. This affects an unknown part of the component Fullscreen. Performing a manipulation results in use after free. This vulnerability is known as CVE-2026-7917. Remote exploitation of the attack is possible. No exploit is available. It is recommended to upgrade the affected component.

Meta 最近开始在美国员工电脑上安装追踪软件，捕捉员工鼠标移动、点击和按键数据以用于训练 AI 模型，此举是该公司构建能自动执行工作任务的 AI 智能体的大计划的一部分。被称为 Model Capability Initiative(MCI)的工具将在工作相关应用和网站上运行，会不定时截取屏幕内容的快照。本周二 Meta 员工在多个办公室散发传单抗议公司的跟踪软件。传单出现在办公室会议室、自动售货机和卫生纸架上，鼓励员工签署一份反对跟踪软件的在线请愿书。传单和请愿书援引了法律 U.S. National Labor Relations Act，称当选择组织起来改善工作条件时员工的行为受到法律保护。