Posts of last 24 hours
本应阻止AI编码智能体运行危险命令的安全检查,可以用一个公开了几十年的Shell技巧直接绕过。
https://mp.weixin.qq.com/s?__biz=MzkxNzA3MTgyNg==&mid=2247543476&idx=1&sn=dadf52119d907f0ea21f5c161ce4ef4c
A vulnerability classified as critical has been found in fahadmahmood Easy Upload Files During Checkout Plugin up to 3.0.1 on WordPress. Affected is the function ufdc_custom_init of the component File Deletion Handler. The manipulation of the argument eufdc-delete leads to missing authorization.
This vulnerability is listed as CVE-2026-6802. The attack may be initiated remotely. There is no available exploit.
https://vuldb.com/vuln/377454
Microsoft has said the volume of Windows security updates is set to grow as it uses AI to find new bugs
https://www.infosecurity-magazine.com/news/microsoft-increase-number-security/
OpenRouter 的数据显示:美国企业每周调用中国 AI 的占比按代表数据处理量的“词元”统计,自 2 月起突破30%,峰值达 46%。相比下 2025 年上半年仅 4% 左右。背景是美国本土 AI 使用成本升高。美国OpenAI 及美国 Anthropic 等高端模型的性能不断提高,可自动处理长时间、高复杂度的任务。但随着企业在内部业务、面向客户服务中广泛使用 AI,词元的消耗量增加,使用成本增加。OpenRouter 平台拥有 800 万用户,以工程师群体为主,每输出 100 万词元(约对应 70 万英文词汇)的收费标准方面,Anthropic 的“Claude Opus 4.7”收费 25 美元,而最热门的 DeepSeek V4 Flash 仅收费 0.18 美元,成本不足前者的 1%。
https://www.solidot.org/story?sid=84799
A vulnerability described as problematic has been identified in arraytics Eventin Plugin up to 4.1.15 on WordPress. This impacts an unknown function of the component FAQ Content Handler. Executing a manipulation of the argument etn_faq_content can lead to cross site scripting.
This vulnerability is tracked as CVE-2026-12924. The attack can be launched remotely. No exploit exists.
https://vuldb.com/vuln/377453
A vulnerability marked as problematic has been reported in looswebstudio Highlighting Code Block Plugin up to 2.2.0 on WordPress. This affects an unknown function of the component Admin Settings Handler. Performing a manipulation results in cross site scripting.
This vulnerability is identified as CVE-2026-12108. The attack can be initiated remotely. There is not any exploit available.
https://vuldb.com/vuln/377452
重构正则底层,解锁 Yakit MITM 匹配性能新上限
https://mp.weixin.qq.com/s?__biz=Mzk0MTM4NzIxMQ==&mid=2247529987&idx=1&sn=da4ed019de1b08cc07b5ad961bdc2295
A vulnerability labeled as problematic has been found in wplegalpages Cookie Banner for GDPR CCPA Plugin up to 4.3.6 on WordPress. The impacted element is an unknown function of the component Cookie Consent Handler. Such manipulation of the argument scan_id leads to sql injection.
This vulnerability is referenced as CVE-2026-14475. It is possible to launch the attack remotely. No exploit is available.
https://vuldb.com/vuln/377451
London, United Kingdom, 10th July 2026, CyberNewswire
https://hackread.com/fastnetmon-launches-netomics-a-self-hosted-routing-intelligence-platform/
尽管各种榜单和报道不断宣称大模型已具备极强的网络攻击能力,但我们的实证研究表明,当前AI仍远未强大到可以让
https://mp.weixin.qq.com/s?__biz=MzU4NzUxOTI0OQ==&mid=2247499183&idx=1&sn=383248d4e2b1d46f5b2b1494c7e52d9a