Aggregator

A vulnerability, which was classified as problematic, has been found in mlc-ai xgrammar up to 0.1.31. This affects an unknown function. Performing a manipulation results in uncontrolled recursion. This vulnerability was named CVE-2026-25048. The attack may be initiated remotely. There is no available exploit. It is advisable to upgrade the affected component.

A vulnerability classified as problematic was found in rustdesk-client RustDesk Client up to 1.4.5. The impacted element is an unknown function of the file src/hbbs_http/sync.Rs. Such manipulation leads to cleartext transmission of sensitive information. This vulnerability is uniquely identified as CVE-2026-30795. The attack can be launched remotely. No exploit exists.

A vulnerability classified as critical has been found in rustdesk-client RustDesk Client up to 1.4.5. The affected element is an unknown function of the file src/hbbs_http/http_client.Rs. This manipulation causes improper certificate validation. This vulnerability is handled as CVE-2026-30794. The attack can be initiated remotely. There is not any exploit available.

A vulnerability described as critical has been identified in rustdesk-client RustDesk Client up to 1.4.5. Impacted is the function Config::set_options of the file src/hbbs_http/sync.Rs of the component API Message Handler. The manipulation results in violation of secure design principles. This vulnerability is known as CVE-2026-30792. It is possible to launch the attack remotely. No exploit is available.

A vulnerability marked as problematic has been reported in rustdesk-client RustDesk Client up to 1.4.5. This issue affects the function parseRustdeskUri/importConfig in the library flutter/lib/common.Dart of the file hbb_common/src/config.Rs. The manipulation leads to risky cryptographic algorithm. This vulnerability is traded as CVE-2026-30791. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability labeled as problematic has been found in rustdesk-server-pro RustDesk Server Pro up to 1.7.5. This vulnerability affects unknown code of the component Address Book Sync API Module. Executing a manipulation can lead to cleartext transmission of sensitive information. This vulnerability appears as CVE-2026-30796. The attack may be performed from remote. There is no available exploit.

结合自己发现和公开的案例来讲解这十大风险

A vulnerability identified as problematic has been detected in Python-Markdown up to 3.8/3.8.1. This affects the function html.parser.HTMLParser. Performing a manipulation results in denial of service. This vulnerability is reported as CVE-2025-69534. The attack is possible to be carried out remotely. No exploit exists. You should upgrade the affected component.

Привычка загружать файлы без проверки стала слишком рискованной.

Organizations can borrow secure-by-design processes to manage non-technical challenges like governance or the inevitable human error.

A coordinated malware campaign is targeting cryptocurrency and Web3 professionals through a carefully built chain of social engineering, fake venture capital identities, and spoofed video conferencing links. First tracked in early 2026, the operation uses a technique called ClickFix to manipulate victims into running malicious commands on their own machines — making them the unwitting […]

The post ClickFix Campaign Uses Fake VCs on LinkedIn to Deliver Malware to Crypto and Web3 Professionals appeared first on Cyber Security News.

Как эксплойт Coruna превратился в главную загадку кибербезопасности.

Malicious insiders are using misusing AI for nefarious gain, while employees cutting corners also creates risk, warns Mimecast

恶意LLM对话式AI诱使用户泄露个人信息 by 花菜

更多最新文章，请访问SecWiki

在太阳系中，木星是无可争议的行星之王，但在银河系的其它角落，存在着体型比木星还更大的超级木星。发表在《自然天文学》期刊的一项研究利用韦伯太空望远镜观测了距离地球约 130 光年外的 HR 8799 星系。该星系有四颗质量高达木星 5-10 倍的巨型气态行星，它们与母恒星的距离远达 15-70 个天文单位，这在传统行星形成理论中几乎是难以解释的地带。天文学界对于巨大天体的诞生通常有两套剧本：一种是如同木星般由岩石核心缓慢吸积尘埃与气体的「由下而上」模式；另一种则是像恒星一样，由气体云直接因引力坍缩而成的「由上而下」模式。由于 HR 8799 的行星位于物质稀薄的星盘边缘，过去许多专家认为，这些远在天边的巨兽应该是透过引力塌缩直接形成的，因为在那个距离下，传统的核心吸积速度太慢，根本来不及在气体盘消散前拼凑出如此庞大的行星。研究团队利用韦伯望远镜的近红外线光谱仪寻找大气中的「硫」。在行星形成的初期，硫通常被锁在固体的岩石或冰粒中，因此如果在行星大气中发现大量的硫，就代表这颗行星在成长过程中曾经吞噬过大量的固体物质，这强烈暗示它走的是核心吸积路线。研究结果令人惊讶，团队在内侧三颗行星中都发现了硫化氢的踪迹，证实这些质量高达木星 10 倍的巨型行星，其形成方式与木星非常相似，也就是由下而上的核心吸积法。这项发挑战了现有的行星演化模型。

天文学家去年报告发现了已知第三颗星际天体，前两颗分别是 'Oumuamua、彗星 2I/Borisov，第三颗 3I/ATLAS 也属于星际彗星。3I/ATLAS 目前正在太阳系内飞行，根据发表在《The Astronomical Journal》期刊上的一项研究，中科院上海天文台等研究团队模拟分析了彗星 3I/ATLAS 与太阳系内天体碰撞的概率。3I/ATLAS 的轨道倾角约为175°，这意味着其运行方向与太阳系内大部分天体近乎相反。它的近日点距离仅约 1.36 天文单位，相当于其将“逆流而行”穿越内太阳系天体密集区域。这一独特的轨道特征引发了它与数以万计的小行星相遇时发生碰撞的可能性有多大的疑问。研究团队的结论是：在它“逆行穿越”内太阳系期间，共有 31 颗近地小行星和 736 颗主带小行星，会与其物理距离缩小至 0.03 个天文单位（约 450 万公里）以内。其中彗星 3I/ATLAS 核心与小行星 2020 BG107 的发生撞击的概率约为 0.025%，小行星进入彗发范围内的概率则高达 2.7%。