Aggregator

记得以前做渗透，信息收集要开一堆工具，漏洞利用要自己找 POC，报告写完一天没了。 最近写了一个 CLI 工具 VulnClaw，把这个流程串起来了： 自然语言输入 → AI 理解意图 → MCP 工具链 → 全自动渗透 → 自动出报告。 GitHub 开源，MIT 协议，欢迎试用。

A vulnerability has been found in JS8Call-improved up to 2.3.1 and classified as critical. The affected element is the function grid2deg of the file APRSISClient.cpp. Performing a manipulation results in stack-based buffer overflow. This vulnerability is identified as CVE-2026-42996. The attack can be initiated remotely. There is not any exploit available. The affected component should be upgraded.

A vulnerability, which was classified as critical, was found in Zurich Instruments LabOne Q up to 26.1.1/26.4.0b5. Impacted is an unknown function of the component File Handler. Such manipulation leads to deserialization. This vulnerability is referenced as CVE-2026-7584. It is possible to launch the attack remotely. No exploit is available. You should upgrade the affected component.

New StorybyBlockchain WirebyBlockchain Wire@blockchainwireThe #1 Press Release Wire Service for Blo

Two former employees of cybersecurity incident response companies Sygnia and DigitalMint were sentenced to four years in prison each for targeting U.S. companies in BlackCat (ALPHV) ransomware attacks. [...]

清华大学李佳《AI Agent安全：内外兼修》，5月9日下午3点

Vim Tabpanel Modeline 远程命令执行漏洞分析（CVE-2026-34714）

malware-check Static and dynamic analysis tool for detecting malicious code, suspicious binaries, and privacy violations. Analyzes source code,

The post Binary to Behavior: Decode Threats with the Unified “Malware-Check” Analysis Engine appeared first on Penetration Testing Tools.

AI For Security：AI在云产品安全建设中能做什么？

China may be trying to stem the tide of scams coming out of Southeast Asia, but it seems the cou

Browser extensions are collecting and reselling user data—perfectly legally—and opening up a sle

New StorybyChainwirebyChainwire@chainwireThe world's leading crypto & blockchain press release dist

A vulnerability, which was classified as problematic, has been found in Open5GS up to 2.7.7. This issue affects the function bsf_sess_find_by_ipv6prefix of the file /src/bsf/context.c of the component BSF. This manipulation of the argument ipv6Prefix causes denial of service. The identification of this vulnerability is CVE-2026-7583. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. The project was informed of the problem early through an issue report but has not responded yet.

A vulnerability classified as critical was found in AcademySoftwareFoundation OpenImageIO up to 3.2.0.1-dev. This vulnerability affects unknown code of the file src/dds.imageio/ddsinput.cpp of the component DDS Image Handler. The manipulation results in out-of-bounds write. This vulnerability was named CVE-2026-7582. The attack needs to be approached locally. In addition, an exploit is available. Applying a patch is advised to resolve this issue.