Posts of last 24 hours
A vulnerability, which was classified as critical, has been found in pgAdmin 4 up to 9.15. Impacted is an unknown function of the component Database Driver. This manipulation causes sql injection.
The identification of this vulnerability is CVE-2026-12045. It is possible to initiate the attack remotely. There is no exploit available.
It is advisable to upgrade the affected component.
https://vuldb.com/vuln/372290
A vulnerability was found in libssh2 up to 1.11.1 and classified as critical. This affects the function ssh2_transport_read of the component SSH Handler. Such manipulation leads to integer overflow to buffer overflow.
This vulnerability is referenced as CVE-2026-55200. It is possible to launch the attack remotely. No exploit is available.
It is best practice to apply a patch to resolve this issue.
https://vuldb.com/vuln/372111
Threat actors associated with the Anubis ransomware operation have been observed exploiting the Citrix Bleed 2 (CVE-2025-5777) vulnerability to obtain initial access.
"Although tactics differ between affiliates, common patterns emerged in tradecraft through use of legitimate Remote Management and Monitoring (RMM) tooling, credential access, and hands-on-keyboard procedures used for lateral
https://thehackernews.com/2026/07/ransomware-groups-turn-to-citrix-bleed.html
How a coordinated strike against a 2-million-device botnet exposes the hidden economy of residential proxies, and what it means for anyone with a connected device at home.
https://darkwebinformer.com/your-smart-tv-might-be-working-for-cybercriminals-inside-googles-takedown-of-the-netnut-proxy-network/
时间范围:2026-05-12 至 2026-07-02
写作定位:这不是开发日志,也不是提交记录。它是一份面向分享的回忆录:记录一个交易想法如何从两篇 X 文章,变成一套越来越严肃、越来越不敢轻易相信自己的量化系统。
AI 协作说明:这份回忆录由 AI 协助我整理、追问和写作,用来记录我从交易想法出发,逐步构建、怀疑、修正一套量化系统的过程。里面的判断、取舍和反思来自项目推进中的真实证据与对话复盘,AI 主要承担梳理脉络、改写表达和补齐遗漏的工作。
更新原则:这份文档以后会不定期更新,但不会按“今天改了哪个文件”继续堆流水账。
每次更新优先记录四件事:
- 当时我以为什么是对的。
- 后来系统或数据如何证明我想简单了。
- 我做了什么决定,为什么没有选另一条路。
- 这个决定留下了什么结果、教训或新的风险。
具体代码、命令、回测数字仍会保留,但放在章节中的证据段或附录里。正文要尽量像一篇可以给别人看的长文,而不是一份工作汇报。
第一幕:第一条权益曲线太好看了这一幕写的是最早那种危险的兴奋感:两篇 X 文章、一套看起来很合理的交易框架、几条很快能跑起来的命令,以及第一条漂亮到让人愿意相信它的权益曲线。
那时我还没有真正理解,交易系统最会骗人的地方不是它跑不起来,而是它太快给你一个像答案的东西。第一幕的主线,就是从“策略好像有了”走到“数字开始互相打架”。
序章:最开始只是两篇文章这个项目真正的开始,不是一个仓库,也不是一个数据库——而是我一次过于自信的“来都来了”。
https://ares-x.com/2026/06/21/%E4%BB%8E%E4%B8%A4%E7%AF%87-X-%E6%96%87%E7%AB%A0%E5%BC%80%E5%A7%8B-%E6%88%91%E7%AC%AC%E4%B8%80%E6%AC%A1%E6%9E%84%E5%BB%BA%E9%87%8F%E5%8C%96%E7%B3%BB%E7%BB%9F%E7%9A%84%E5%9B%9E%E5%BF%86%E5%BD%95/
The ransomware campaign relies on basic social engineering and stretches across multiple regions, including the US, Europe, Middle East, and elsewhere.
https://www.darkreading.com/cyberattacks-data-breaches/attackers-use-interpol-lure-target-small-businesses
Впервые в истории синтетическая клетка прошла полный жизненный цикл.
https://www.securitylab.ru/news/574393.php
https://cyber.gc.ca/en/alerts-advisories/progress-security-advisory-av26-552
https://cyber.gc.ca/en/alerts-advisories/google-chrome-security-advisory-av26-648
A vulnerability was found in Grokability Snipe-IT up to 8.4.0. It has been declared as critical. This issue affects some unknown processing. Such manipulation leads to preservation of permissions.
This vulnerability is listed as CVE-2026-44832. The attack may be performed from remote. There is no available exploit.
It is recommended to upgrade the affected component.
https://vuldb.com/vuln/365799