Aggregator

A vulnerability, which was classified as problematic, was found in OpenClaw up to 2026.3.21. This issue affects some unknown processing of the component Configuration Handler. The manipulation results in incorrectly-resolved name. This vulnerability was named CVE-2026-35635. The attack may be performed from remote. There is no available exploit. You should upgrade the affected component.

A vulnerability, which was classified as critical, was found in OpenClaw up to 2026.3.22. The impacted element is the function authorizeCanvasRequest. Such manipulation leads to authentication bypass using alternate channel. This vulnerability is uniquely identified as CVE-2026-35634. Local access is required to approach this attack. No exploit exists. You should upgrade the affected component.

A vulnerability classified as critical has been found in OpenClaw up to 2026.3.21. The affected element is an unknown function of the component DM Handler. The manipulation leads to incorrect behavior order. This vulnerability is uniquely identified as CVE-2026-35627. The attack is possible to be carried out remotely. No exploit exists. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in OpenClaw up to 2026.3.21. This impacts an unknown function. Such manipulation leads to missing authorization. This vulnerability is referenced as CVE-2026-35631. It is possible to launch the attack remotely. No exploit is available. You should upgrade the affected component.

A vulnerability described as critical has been identified in OpenClaw up to 2026.3.21. Impacted is an unknown function. Executing a manipulation can lead to authentication bypass by spoofing. This vulnerability is handled as CVE-2026-35622. The attack can be executed remotely. There is not any exploit available. Upgrading the affected component is recommended.

A vulnerability, which was classified as problematic, was found in OpenClaw up to 2026.3.21. Affected by this issue is some unknown functionality of the component Voice Call Handler. Executing a manipulation can lead to asymmetric resource consumption. The identification of this vulnerability is CVE-2026-35626. The attack may be launched remotely. There is no exploit available. You should upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in OpenClaw up to 2026.3.21. This vulnerability affects unknown code. The manipulation leads to reliance on untrusted inputs in a security decision. This vulnerability is uniquely identified as CVE-2026-35624. The attack is possible to be carried out remotely. No exploit exists. It is advisable to upgrade the affected component.

A vulnerability classified as critical was found in OpenClaw up to 2026.3.22. This affects an unknown part of the component Signature Verification. Executing a manipulation can lead to authentication bypass by capture-replay. This vulnerability is handled as CVE-2026-35618. The attack can be executed remotely. There is not any exploit available. Upgrading the affected component is advised.

A vulnerability was found in OpenClaw up to 2026.3.21. It has been rated as problematic. This affects an unknown part of the component Path Validation Handler. This manipulation causes improper resolution of path equivalence. This vulnerability is tracked as CVE-2026-34510. The attack is possible to be carried out remotely. No exploit exists. Upgrading the affected component is advised.

OpenAI revealed a GitHub Actions workflow used to sign its macOS apps led to the download of the malicious Axios library on March 31, but noted that no user data or internal system was compromised. "Out of an abundance of caution, we are taking steps to protect the process that certifies our macOS applications are legitimate OpenAI apps," OpenAI said in a post last week. "We found no

A vulnerability described as problematic has been identified in Unidocs ezPDF DRM Reader and ezPDF Reader 2.0/3.0.0.4. This affects an unknown part in the library SHFOLDER.dll. Such manipulation leads to uncontrolled search path. This vulnerability is documented as CVE-2026-2516. The attack needs to be performed locally. Additionally, an exploit exists. Upgrading the affected component is recommended. The vendor explains: "[W]e have already addressed similar DLL search path vulnerability patterns through prior security updates. (...) Users are advised to use the latest version provided by the vendor."

币安创始人赵长鹏自费出版了自己的中英文自传《Freedom of Money: A Memoir of Protecting Users, Resilience, and the Founding of Binance》。赵长鹏在书中讲述了币安与美国监管机构的长期对抗，币安因助长洗钱活动而支付创纪录的 43 亿美元和解金，他在加州服刑四个月期间开始撰写本书，以及去年底获得特朗普总统的赦免——他此前被永久禁止涉足加密货币银行业务，赦免意味着他可以继续从事这项业务。他创办的币安是全球最大的加密货币交易所，与特朗普家族的加密货币业务 World Liberty Financial 有深度合作。本书最有意思的可能是他的监狱生活。赵长鹏写道，他一度担心在狱中会被人勒索，因为媒体报道他是美国监狱关押的最富有的人，结果是根本没人认识他，因为监狱关押的人没人会去看华尔街日报或彭博社。他与一名因杀害两人而被判 30 年监禁的男性关住一间牢房，他发现狱友最致命的不是他杀过人而是他雷鸣般的鼾声。他还在书中提到了 FTX 创始人 Sam Bankman-Fried，币安曾持有 FTX 五分之一的股份，以及 5.8 亿美元的 FTT 代币。2022 年 FTX 濒临破产之际 Bankman-Fried 曾打电话给他索取数十亿美元，他的语气漫不经心，仿佛是要一份三明治。

Исследователи описали технику sockpuppeting, которая помогает обходить ограничения 11 крупных языковых моделей через подставное «согласие» ассистента.

彭鑫老师观点文章：驾驭AI的能力决定了我们能走多快，敬畏复杂性的智慧决定了我们能走多远

Почему зайти в систему - еще не значит получить право на все данные.

In this Help Net Security interview, Art Manion, Deputy Director at Tharros, examines why vulnerability data across repositories stays inconsistent and hard to trust. The problem starts with systems not designed to collect or manage that data well. They introduce the idea of Minimum Viable Vulnerability Enumeration (MVVE), a minimum set of assertions needed to confirm two systems describe the same vulnerability, and find no true minimum exists. Assertions vary by case and change over … More →

The post Fixing vulnerability data quality requires fixing the architecture first appeared first on Help Net Security.

把 AI 工具链标准化成可重复执行的环境基础设施

A vulnerability was found in oik Plugin up to 4.10.0 on WordPress. It has been rated as problematic. This impacts an unknown function of the component Shortcode Handler. This manipulation causes cross site scripting. This vulnerability is tracked as CVE-2024-2256. The attack is possible to be carried out remotely. No exploit exists.

A vulnerability identified as critical has been detected in Husky Plugin up to 1.3.5.2 on WordPress. The affected element is an unknown function. This manipulation causes sql injection. This vulnerability is tracked as CVE-2024-1795. The attack is possible to be carried out remotely. No exploit exists.