Aggregator

A vulnerability was found in PHPGurukul Company Visitor Management System 2.0. It has been classified as problematic. This impacts an unknown function of the file /bwdates-reports-details.php. The manipulation of the argument fromdate leads to cross site scripting. This vulnerability is uniquely identified as CVE-2026-6162. The attack is possible to be carried out remotely. Moreover, an exploit is present.

Rockstar Games, the developer behind titles such as Grand Theft Auto and Red Dead Redemption, has confirmed a cyberattack claimed by hacking group ShinyHunters, which says it accessed the company’s Snowflake environment and obtained data. The attackers exploited Anodot, a third-party SaaS platform used for cloud cost monitoring and analytics, as the entry point and are reported to have extracted authentication tokens, enabling access to a connected Snowflake account without exploiting vulnerabilities in Snowflake itself. … More →

The post Rockstar Games receives “pay or leak” warning after cyberattack appeared first on Help Net Security.

Anthropic restricted its Mythos Preview model last week after it autonomously found and exploited zero-day vulnerabilities in every major operating system and browser. Palo Alto Networks' Wendi Whitmore warned that similar capabilities are weeks or months from proliferation. CrowdStrike's 2026 Global Threat Report puts average eCrime breakout time at 29 minutes. Mandiant's M-Trends

Google Play 下架了《心跳文学部（Doki Doki Literature Club）》，理由是游戏内容违反了与敏感主题相关的服务条款。作者 Dan Salvato 在一份声明中表示在致力于让游戏在 Google Play 重新上架。《心跳文学部》描述了一位男高中生加入学校的文学部与四位女性成员交流的故事，看起来是一个简单的恋爱视觉小说，但在完成一个结局之后故事会变得非常古怪，游戏会通过删除文件和存档的方式打破第四面墙。《心跳文学部》的免费版本积累了逾千万下载量，是 Steam 平台排名第一的心理恐怖游戏。关于敏感主题《心跳文学部》会在启动之后发出多次警告。《心跳文学部》有 iOS、Nintendo Switch、PlayStation 等各种版本。

An FBI case in Texas shows Signal messages can still be recovered from iPhones even after app uninstall, via system artifacts, challenging privacy assumptions. The recent revelations about FBI forensic access to Signal messages on an iPhone have reignited a long-standing misunderstanding about mobile privacy: the belief that disappearing messages and encrypted apps guarantee that […]

期待在香港与您相见，共同推动 AI & Web3 安全前行！

A vulnerability classified as problematic was found in LibreNMS up to 26.2.x. Affected by this vulnerability is an unknown functionality of the component showconfig Page. The manipulation results in cross site scripting. This vulnerability is identified as CVE-2026-2728. The attack can be executed remotely. There is not any exploit available. Upgrading the affected component is advised.

A vulnerability classified as critical has been found in LibreNMS up to 26.2.x. Affected is an unknown function of the component Netcommand Feature. The manipulation leads to os command injection. This vulnerability is referenced as CVE-2026-6204. Remote exploitation of the attack is possible. No exploit is available. It is recommended to upgrade the affected component.

Версия 7.0 укрепляет безопасность, файловые системы и признает новую роль Rust и генеративных помощников.

Ghost APIs are deprecated endpoints left active, exposing systems to attack. Learn how they differ from shadow APIs and why they create hidden security risks

Google is working to improve the security of Pixel phones by focusing on the cellular baseband modem, a part of the device that handles communication with mobile networks and processes external data. In the Pixel 9, the company introduced measures to reduce memory-related vulnerabilities. With the Pixel 10, the approach goes further by integrating a DNS parser written in the Rust programming language into the modem firmware. The DNS protocol is known for helping browsers … More →

The post Google makes it harder to exploit Pixel 10 modem firmware appeared first on Help Net Security.

关键词漏洞漏洞利用时间现已降至负七天，自主AI代理加速威胁，数据不再支持渐进式改进。防御架构必须改变。

关键词加密货币英国国家犯罪局（NCA）主导的国际执法行动已识别加拿大、英国和美国超过2万名加密货币诈骗受害者。

关键词黑客一名威胁行为体在高度复杂的网络攻击中入侵九家墨西哥政府机构，窃取数亿公民记录。

随着游戏日益图像密集，显存占用愈来愈成为一大问题。提升视觉保真度需要将越来越多的游戏素材储存在显卡的显存内。但显存的容量有限，不是人人桌面上都有 128 GB 大显存的数据中心级 GPU。Valve 工程师 Natalie Vock 开发了新的内核补丁和两个专门的工具去解决容量在 8GB 以内的显卡显存占用问题。她的补丁主要针对 AMD GPU，英特尔的 Xe 显卡也支持，但使用私有驱动的英伟达显卡不支持——原因是英伟达私有内核模块不支持 dmem cgroups。她的方法主要是确保前台运行的游戏对显存有优先使用权，如果显存开始占满，后台任务占用的显存将优先转移到系统内存。在有 8GB 显存的显卡上运行《赛博朋克 2077》，有 1.37GB 的显存溢出到 GTT（Graphics Translation Table），游戏实际上只用了 6GB 显存，应用补丁之后游戏占用的显存提高到 7.4GB，GTT 减少到 650MB。

Citizen Lab reported that law enforcement used the surveillance tool Webloc to track up to 500M devices via ad data globally. A report by Citizen Lab revealed that law enforcement agencies in the U.S., Hungary, and El Salvador used a surveillance tool called Webloc to track devices via advertising data, potentially affecting up to 500 […]

Спецслужбы США обвинили Иран в массовых атаках на американские системы водоснабжения.

速修复

速修复