Aggregator

A vulnerability was found in OpenText Filr up to 25.1.2 and classified as critical. Affected by this issue is some unknown functionality. Executing a manipulation can lead to missing authorization. This vulnerability is handled as CVE-2026-3266. The attack can be executed remotely. There is not any exploit available.

A vulnerability categorized as critical has been discovered in Google Android 14/15/16. This affects the function writeToParcel of the file WindowInfo.cpp. Such manipulation leads to permission issues. This vulnerability is uniquely identified as CVE-2026-0007. Local access is required to approach this attack. No exploit exists. A patch should be applied to remediate this issue.

作者：知道创宇积极防御实验室 完整的 OpenClaw 安全实践 Skill、自动化审计工具已在 GitHub 开源。项目地址：https://github.com/knownsec/openclaw-security 一、背景说明 随着 AI Agent 技术的快速演进，具备自动化决策与自主执行能力的开源框架正逐步进入真实业务场景与生产环境。相较于传统应用系统，这类框架不仅承担数据处理与接...

As cryptocurrency adoption continues to grow, so do the tactics used by cybercriminals to exploit users. One of the emerging threats in the blockchain ecosystem is address poisoning — a subtle yet highly deceptive attack designed to trick users into sending funds to fraudulent wallet addresses. Unlike traditional hacking methods that rely on breaching systems, […]

The post What Is Address Poisoning first appeared on StrongBox IT.

The post What Is Address Poisoning appeared first on Security Boulevard.

日本厚生劳动省以附带条件和限期的方式批准制造和销售使用诱导多能干细胞（iPS 细胞）的再生医疗产品。此次获批的是用于重度心力衰竭的 ReHeart 和用于帕金森病的 Amchepry。此次批准在 iPS 细胞实际应用于再生医疗方面开创了全球先河。ReHeart 预计价格在 1000 万日元（约合人民币 44 万元）以上，Amchepry 价格也不菲。此次批准期限为 7 年，如果能通过治疗确认有效性，就将转为无条件批准。ReHeart 用于血管堵塞导致血液难以到达心脏的“缺血性心肌病”引发的重度心力衰竭。它的原理是将来自他人 iP S细胞的心肌细胞培育成薄膜状并贴在心脏表面，使之生成新的血管。该药由源于大阪大学的初创企业“Cuorips”（东京）研发。Amchepry 的对象是脑内释放神经传导物质多巴胺的神经细胞减少引发身体僵硬及手足颤抖的“帕金森病”。原理是将他人的iPS细胞培育成释放多巴胺的神经前体细胞，并移植到头部。这可能有助于根治。它由住友制药（大阪市）研发。

Cisco has issued a stark admonition regarding sustained cyber offensives wherein malicious actors are actively exploiting vulnerabilities within

The post Network Decapitation: Cisco Warns of Active SD-WAN Zero-Day Exploits and Chained Attacks appeared first on Penetration Testing Tools.

An international law enforcement operation has successfully dismantled Tycoon 2FA, one of the most formidable phishing-as-a-service platforms in

The post The Fall of a Phishing Giant: How International Law Enforcement Crushed the Tycoon 2FA Empire appeared first on Penetration Testing Tools.

Artificial intelligence tools are now a core part of everyday workflows — from browsers that summarize web pages to automated agents that help users make decisions online. As these tools become more capable, attackers are learning how to turn them against the very people they are designed to serve. A method called indirect prompt injection […]

The post Hackers Can Use Indirect Prompt Injection Allows Adversaries to Manipulate AI Agents with Content appeared first on Cyber Security News.

3月16 - 19日，NVIDIA初创加速计划将携手创业生态合作伙伴、优秀会员企业代表及创投联盟资深投资人在GTC 2026上带来全新会议特辑。会议包含3场针对中国创业者的精彩演讲。特辑内容将围绕中国创业生态格局、前沿技术趋势、2025年中国AI市场前景，以及重点行业投资方向等议题展开，全景呈现当前AI创业、前沿技术领域的热门话题。GTC现场还将设置Inception Startup Pavilion创业企业展区、投资人AI Day、创业公司和投资机构路演等环节。

За что взломщики возненавидели администрацию торрент-трекера YggTorrent.

Mozilla Staff Platform Engineer Gabriele Svelto 称十分之一的 Firefox 崩溃是比特翻转导致的。比特翻转（Bitflips）是指储存在电子设备上的个别比特发生翻转的事件，比如从 0 变为 1 或反之亦然。导致比特翻转的自然因素主要包括宇宙射线、功率波动和温度等。Firefox 去年部署了浏览器崩溃后在用户电脑上运行的内存测试工具。上周 Firefox 收到了 47 万份崩溃报告。崩溃报告是用户自愿递交的，因此实际崩溃数量通常会是报告的数倍。47 万份崩溃报告中约 2.5 万份检测到可能是比特翻转导致的。意味着每 20 次崩溃中就有一次可能是由内存不稳定或间歇性出错导致的。由于检测方法非常保守，实际数量至少是两倍，即十分之一。Gabriele Svelto 指出硬件不稳定的用户比硬件稳定的用户更可能遭遇崩溃。他表示今天的笔记本电脑和智能手机的内存通常是焊在设备上，要更换基本上不可能。

In a recent dossier, OX Research delineated how a mundane email dispatched to a corporate address can precipitate

The post The “Phantom” Character: How a Single Email Can Seize Full Control of Your FreeScout Helpdesk appeared first on Penetration Testing Tools.

陌陌安全课堂：AI 代码审计（逻辑漏洞方向）讲解

作者：Nancy Lau1, Louis Sloot2, Jyoutir Raj等 译者：知道创宇404实验室翻译组 原文链接：https://arxiv.org/html/2603.02297v1 摘要 大语言模型（LLMs）正越来越多地作为软件工程智能体部署，自主为代码仓库贡献内容。这类智能体的一大优势是能够发现并修复其负责维护的代码库中的安全漏洞。为评估智能体在该领域的能力，我们提出了...

For several years, the Silver Dragon syndicate has orchestrated a clandestine cyber offensive against state apparatuses and prominent

The post The Google Drive Shadow: Unmasking Silver Dragon’s “GearDoor” Backdoor and the Silent Return of APT41 appeared first on Penetration Testing Tools.

追踪特定的摄像头攻击活动或可成为预判后续实体军事行动的早期指标。

Business email compromise (BEC) and funds transfer fraud combined for 58% of all cyber insurance claims filed in 2025, according to data from Coalition covering more than 100,000 policyholders across the United States, Canada, the United Kingdom, Australia, and Germany. BEC was the single most common claim type at 31%, with frequency rising 15% year over year to 0.47%. Average losses per BEC incident dropped 28% to $27,000, a decline attributed to faster detection and … More →

The post Backup strategies are working, and ransomware gangs are responding with data theft appeared first on Help Net Security.

三菱電機製MELSEC iQ-FシリーズのEtherNet/IPユニットおよびEthernetユニットのEthernet機能には、複数の脆弱性が存在します。

While the majority of the corporate world remains preoccupied with the latest vulnerabilities, a cadre of Chinese threat

The post The Evoxt Labyrinth: Unmasking the New Subterranean Infrastructure of China’s PlugX Syndicates appeared first on Penetration Testing Tools.

A vulnerability identified as critical has been detected in Talishar. This impacts an unknown function of the file ParseGamestate.php. Performing a manipulation of the argument gameName results in path traversal. This vulnerability is identified as CVE-2026-28429. The attack can be initiated remotely. There is not any exploit available. It is suggested to install a patch to address this issue.