Aggregator

近段时间以来，OpenClaw应用下载与使用情况火爆，其强大的自主决策功能吸引了不少用户安装体验。阿里、腾讯等互联网企业相继跟进部署服务，在社交平台上甚至出现了上门收费代装OpenClaw的服务，一场“养虾”热潮迅速升温。

近年来，网络信息服务业态不断革新，人工智能技术快速迭代，数字虚拟人应用场景持续拓展。从虚拟偶像、数字主播到金融客服、医疗导诊，数字虚拟人已深度融入生产生活。与此同时，“撞脸”名人、深度伪造诈骗、任意“复活”逝者等，引发社会广泛关切。

产业链供应链安全事关国家经济安全和高质量发展全局。近年来，境外间谍情报机关针对我国产业链供应链的渗透、破坏与窃密行为日益隐蔽化、专业化、体系化，对我国经济安全、科技安全与数据安全构成严重威胁。

近日，360首次公开披露其漏洞挖掘智能体能力成果。该智能体已实现通过代码自动扫描、批量检测发现近千个漏洞。这也是我国首次公开披露智能体自动化、规模化挖掘漏洞的能力成果，标志着国内网络安全行业在智能化漏洞挖掘方向迈出了关键一步。

A previously undocumented state-backed threat actor named GopherWhisper is using a Go-based custom toolkit and legitimate services like Microsoft 365 Outlook, Slack, and Discord in attacks against government entities. [...]

A vulnerability labeled as problematic has been found in Rescue Themes Rescue Shortcodes Plugin up to 3.3 on WordPress. Affected is an unknown function. Such manipulation leads to cross site scripting. This vulnerability is listed as CVE-2025-62110. The attack may be performed from remote. There is no available exploit.

A vulnerability identified as problematic has been detected in Magepeople Taxi Booking Manager for WooCommerce Plugin up to 2.0.0 on WordPress. This impacts an unknown function. This manipulation causes cross site scripting. This vulnerability is tracked as CVE-2026-28040. The attack is possible to be carried out remotely. No exploit exists.

A vulnerability categorized as critical has been discovered in Navneil Naicker ACF Galerie 4 Plugin up to 1.4.2 on WordPress. This affects an unknown function. The manipulation results in missing authorization. This vulnerability is identified as CVE-2025-62104. The attack can be executed remotely. There is not any exploit available.

A vulnerability was found in BorG SPM 2007. It has been rated as critical. The impacted element is an unknown function. The manipulation leads to sql injection. This vulnerability is referenced as CVE-2026-6887. Remote exploitation of the attack is possible. No exploit is available.

A vulnerability was found in BorG SPM 2007. It has been declared as very critical. The affected element is an unknown function. Executing a manipulation can lead to weak authentication. The identification of this vulnerability is CVE-2026-6886. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in BorG SPM 2007. It has been classified as critical. Impacted is an unknown function. Performing a manipulation results in unrestricted upload. This vulnerability was named CVE-2026-6885. The attack may be initiated remotely. There is no available exploit.

Imagine a world where hackers don't sleep, don't take breaks, and find weak spots in your systems instantly. Well, that world is already here. Thanks to AI, attackers are now launching automated, large-scale exploits faster than ever before. The time you have to fix a vulnerability before it gets attacked is shrinking to zero. We call this the Collapsing Exploit Window, and it means your

A nation-state-linked hacking group has found a clever way to hide its malicious activity inside Microsoft Outlook mailboxes, making its attacks much harder to detect by standard security tools. The Harvester APT group, believed to be a nation-state-backed threat actor active since at least 2021, has developed a new Linux version of its GoGra backdoor. […]

The post Hackers Use Outlook Mailboxes to Hide Linux GoGra Backdoor Communications appeared first on Cyber Security News.

A vulnerability was found in Google Cloud BigQuery up to 0.x/28 and classified as problematic. This issue affects some unknown processing. Such manipulation leads to information exposure through error message. This vulnerability is uniquely identified as CVE-2026-3259. The attack can be launched remotely. No exploit exists. It is suggested to upgrade the affected component.

A vulnerability has been found in smub ExactMetrics Plugin up to 9.1.2 on WordPress and classified as problematic. This vulnerability affects the function onboarding_key of the file /wp-json/exactmetrics/v1/onboarding/connect-url of the component Google Analytics Dashboard. This manipulation of the argument File causes missing authorization. This vulnerability is handled as CVE-2026-5464. The attack can be initiated remotely. There is not any exploit available. The affected component should be upgraded.

A vulnerability, which was classified as critical, was found in Linux Kernel up to 6.12.82/6.18.23/6.19.13/7.0.0. This affects the function raw_rcv. The manipulation results in use after free. This vulnerability is known as CVE-2026-31532. Access to the local network is required for this attack. No exploit is available. You should upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Zurich Instruments LabOne. Affected by this issue is some unknown functionality of the component User Interface. The manipulation leads to path traversal. This vulnerability is traded as CVE-2026-6903. It is possible to initiate the attack remotely. There is no exploit available. It is advisable to upgrade the affected component.

A vulnerability classified as critical was found in Linux Kernel up to 6.12.82/6.18.23/6.19.13. Affected by this vulnerability is the function rtm_get_nexthop of the file net/ipv4/nexthop.c of the component ipv4. Executing a manipulation can lead to allocation of resources. This vulnerability appears as CVE-2026-31531. The attacker needs to be present on the local network. There is no available exploit. Upgrading the affected component is advised.

A vulnerability classified as critical has been found in h2oai h2o-3 up to 3.46.0.9/3.46.0.10. Affected is the function jdbc:postgresql of the file /99/ImportSQLTable of the component REST API Endpoint. Performing a manipulation results in code injection. This vulnerability is reported as CVE-2026-3960. The attack is possible to be carried out remotely. No exploit exists. It is recommended to upgrade the affected component.

Рассказываем, как методы из 90-х адаптировались к текущей цифровой реальности.