Aggregator

看雪论坛作者ID：plight

稳定版内核维护者 Greg Kroah-Hartman 正在使用名为 gkh_clanker_t1000 的 AI 工具发现内核 Bug。他在 Mastodon 上分享了 gkh_clanker_t1000 的硬件图片。gkh_clanker_t1000 运行在搭载 AMD Ryzen AI Max+“Strix Halo”APU 的 Framework Desktop 之上，Ryzen AI Max+ 提供了最高 128GB 的统一内存，可分配 96GB 内存给 GPU 使用，其性能足以运行本地大模型以及其它基于开源软件栈的 AI 工具。Greg K-H 尚未透露 gkh_clanker_t1000 软件方面的信息。

A vulnerability marked as critical has been reported in aligungr UERANSIM up to 3.2.7. The affected element is the function rls::DecodeRlsMessage in the library src/lib/rls/rls_pdu.cpp of the component Radio Link Simulation Layer. The manipulation of the argument pduLength leads to uncaught exception. This vulnerability is listed as CVE-2026-7183. The attack may be initiated remotely. In addition, an exploit is available. It is suggested to upgrade the affected component. This behavior is related to CVE-2024-37877. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.

Submit #800026 / VDB-359784

2026年05月10日09:00—05月11日09:00，ACTF 2026上线！！

A vulnerability labeled as problematic has been found in WPDeveloper Templately Plugin up to 3.6.1 on WordPress. Impacted is an unknown function. Executing a manipulation can lead to insertion of sensitive information into sent data. This vulnerability is tracked as CVE-2026-42379. The attack can be launched remotely. No exploit exists.

A vulnerability identified as critical has been detected in Apache MINA up to 2.0.27/2.1.10/2.2.5. This issue affects the function AbstractIoBuffer.resolveClass of the component acceptMatchers Filter. Performing a manipulation results in deserialization. This vulnerability is identified as CVE-2026-41635. The attack can be initiated remotely. There is not any exploit available. You should upgrade the affected component.

4月28日，让我们共同见证总决赛的荣耀时刻。

安全玻璃盒将加大在AI大模型、安全智能体、原生安全等前沿技术的研发投入，推动软件供应链安全从被动防御向主动免疫演进。

零信任理念本身无误，但许多企业的实施过于静态僵化，无法适应身份与数据持续动态变化的现实，需升级至实时决策。

Notepad++ CVE-2026-3008字符串注入|Moxa CVE-2026-3867/3868工业漏洞|CrowdStrike LogScale路径遍历

多家企业在 AI 上的支出已经超过了员工薪资，IT 预算严重超支。Uber CTO 的 2026 年 AI 预算因 token 费用超支。根据 Gartner 预测，2026 年全球 IT 支出预计将达到 6.31 万亿美元，比 2025 年增长 13.5%。这一增长是由 AI 基础设施、软件和云服务的“持续发展势头”推动的。即使是 IT 预算最充足的公司也需要证明 AI 投入的长期回报。当 AI 实验室提高价格时，对 AI 的大量投入可能会从一种炫耀的资本变成一种负担。

Эксперты изучили 246 проектов по анализу защищенности организаций из 18 отраслей экономики.

The “fast16” malware may have been used to target Iran’s nuclear program prior to Stuxnet

国家财政受到影响

百度SRC联合30+SRC共同发布《AI生成漏洞报告提交规范》，请白帽师傅们提交报告时请恪守规范，确保信息完整

Фан-зона в Мюнхене за 10 тысяч рублей — это не удача, а скам.

Fast16 is a pre-Stuxnet malware that tampered with precision software and spread itself. Evidence suggests links to U.S. operations during early cyber tensions. SentinelOne uncovered Fast16, a sabotage malware used in 2005, years before Stuxnet. The malicious code is written in Lua and targeted high-precision calculation software, altering results and spreading across systems. The malware […]