Aggregator

来自复旦大学吴嘉原同学的软件工程课程实践思考

Последствия «карманной революции» оказались куда серьёзнее, чем предполагалось.

Your pentest report looks clean. That might be the problem. Run automated pentesting long enough, and the new findings start to dry up. By the third or fourth run, fewer issues appear. The report looks stable. Leadership reads "stable" as "secure." It usually isn't. The work slows down. The risk does not. That gap is what a The Hacker News webinar with Picus Security sets out to close. Autumn

如有意见或建议，请于2026年6月24日前反馈至有关部门。

近期，国家互联网应急中心（CNCERT）综合研判发现，部分智能体技能包（Skills）以“大模型越狱”、“挖矿赚钱”等名义公开传播，诱导用户突破大模型安全限制或占用设备资源进行非法挖矿。

为贯彻落实工信部《工业互联网和人工智能融合赋能行动方案》，破解技术融合重构传统安全边界所带来的新型安全挑战，中国移动通信集团有限公司正式发布《人工智能+新型工业化融合应用安全解决方案》。

近日，市场监管总局、国家发展改革委联合印发《人工智能计量体系和能力建设指引（2026版）》，系统布局人工智能计量能力建设。

近日，国家信息安全漏洞库（CNNVD）收到关于Google Chrome安全漏洞（CNNVD-202606-1877、CVE-2026-11645）情况的报送。成功利用漏洞的攻击者可实现远程代码执行，进而控制目标设备。Google Chrome多个版本均受此漏洞影响。

随着“人工智能+”行动全面实施，智能体正式纳入国家级发展布局，政务领域也相继出台专项规范与应用指引，明晰政务人工智能应用标准与创新发展方向。2026年的《政府工作报告》进一步提出加快推广智能体。

A vulnerability was found in hs-web hsweb-framework up to 5.0.1. It has been rated as critical. The affected element is the function denied of the file hsweb-system/hsweb-system-file/src/main/java/org/hswebframework/web/file/FileUploadProperties.java of the component File Upload. The manipulation of the argument filename leads to path traversal. This vulnerability is traded as CVE-2026-11470. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is suggested to install a patch to address this issue.

A vulnerability categorized as critical has been discovered in SourceCodester Class and Exam Timetabling System 1.0. The impacted element is an unknown function of the file /index2.php. The manipulation of the argument Password results in sql injection. This vulnerability is known as CVE-2026-11471. It is possible to launch the attack remotely. Furthermore, an exploit is available.

A vulnerability was found in Google Chrome on Windows. It has been declared as critical. This impacts an unknown function of the component Aura. The manipulation results in use after free. This vulnerability is reported as CVE-2026-11631. The attack can be launched remotely. No exploit exists. It is recommended to upgrade the affected component.

Nearly 26% of identity crime victims faced multiple incidents in the past year, as ITRC warns of a growing "multi-layered crisis"

В польском центре НАТО отработали три сценария кризиса с акцентом на информационные операции противника.

产教融合新标杆：360与重庆青年职业技术学院揭牌产业学院，破解AI人才供需困局

从OpenClaw到Flowise，360正在为AI生态做“防御性体检”

场景连接力、工程驾驭力、模型驱动力这三大能力共同构成了企业级 Agent 落地的完整闭环。

近日，Anthropic 正式发布了 Claude Fable 5 —— 这是其全新 “神话级”（Mythos

看雪论坛作者ID：PanzerT