Aggregator

一颗还没飞起来的卫星，藏着整盘棋。2026年5月的第一个周末，日本首相高市早苗抵达河内，这是她就任以来的首次

这两年，OSINT 圈有个明显变化：Twitter、Facebook 还在用，但很多一线线索，其实已经悄悄转移

环境异常 当前环境异常，完成验证后即可继续访问。 去验证

环境异常 当前环境异常，完成验证后即可继续访问。 去验证

环境异常 当前环境异常，完成验证后即可继续访问。 去验证

A vulnerability, which was classified as problematic, has been found in opensourcepos Open Source Point of Sale up to 3.4.2. Impacted is the function Login of the file app/Models/Employee.php of the component Employee Login. This manipulation causes use of weak hash. This vulnerability is registered as CVE-2026-8803. Remote exploitation of the attack is possible. No exploit is available. The actual existence of this vulnerability is currently in question. The vendor explains: "[T]he code is still there to allow the upgrade path to work. The default password is initially seeded with the old hash function, but then migrated to a newer one after login. [T]he hash version check might be cleaned up in the future. Currently it's not actively in use as any password change will use a newer hash function."

A vulnerability classified as critical was found in opensourcepos Open Source Point of Sale up to 3.4.2. This issue affects the function getPicThumb of the file app/Controllers/Items.php. The manipulation of the argument pic_filename results in path traversal. This vulnerability is cataloged as CVE-2026-8802. The attack may be launched remotely. There is no exploit available. A patch should be applied to remediate this issue. The vendor was contacted early about this disclosure.

Хакеры эксплуатируют уязвимость для кражи ключей доступа к AWS, OpenAI и Anthropic.

Submit #802561 / VDB-364436

Submit #802559 / VDB-364435

尼得科将在纯电动汽车驱动装置‘E-Axle’领域解除与中国企业的合资。E-Axle 属于创始人永守重信大力推动的业务，是过去该公司扩张路线的象征。将大幅缩减该业务，明确旨在实施结构改革的战略转型。尼得

McAfee + ChatGPT integration brings real-time scam detection in conversations and gives users an easier way to verify suspicious content before clicking or responding. It is available to anyone, without requiring a McAfee or ChatGPT subscription. It combines conversational AI with McAfee’s cybersecurity intelligence to help users evaluate potentially dangerous content such as messages, emails, links, screenshots, and social media posts for signs of scams or phishing. How McAfee + ChatGPT helps identify phishing attempts … More →

The post Product showcase: McAfee + ChatGPT integration turns doubt into a scam check appeared first on Help Net Security.

速修复

DEVCORE 团队获得50.5的积分和50.5万美元的赏金，以绝对优势获得本届大赛的“破解之王 (Master of Pwn)”称 号，

环境异常 当前环境异常，完成验证后即可继续访问。 去验证

环境异常 当前环境异常，完成验证后即可继续访问。 去验证

​扩散模型杀进了文本生成的地盘，而巨头们为了抢它，已经打起来了。

环境异常 当前环境异常，完成验证后即可继续访问。 去验证

A critical vulnerability in a widely used WordPress plugin has exposed over 200,000 websites to full account takeover, raising urgent concerns across the security community. Discovered on May 8, 2026, by Wordfence’s AI-powered PRISM threat intelligence platform, the flaw affects the Burst Statistics plugin, a privacy-focused analytics tool. Tracked as CVE-2026-8181 with a CVSS score […]

The post Critical WordPress Plugin Vulnerability Exposes Websites to Authentication Bypass Attacks appeared first on Cyber Security News.