Aggregator

CVE-2026-5732 | Mozilla Firefox up to 149.0.1 Text integer overflow (Nessus ID 306064 / WID-SEC-2026-0997)

Vuldb Updates
1 week 2 days ago
A vulnerability has been found in Mozilla Firefox up to 149.0.1 and classified as critical. This vulnerability affects unknown code of the component Text Component. Performing a manipulation results in integer overflow. This vulnerability was named CVE-2026-5732. The attack may be initiated remotely. There is no available exploit. The affected component should be upgraded.
vuldb.com

CVE-2026-33892 | Siemens Industrial Edge Management Pro V1 up to 2.7.x authentication bypass (ssa-609469 / EUVD-2026-22242)

Vuldb Updates
1 week 2 days ago
A vulnerability was found in Siemens Industrial Edge Management Pro V1, Industrial Edge Management Pro V2 and Industrial Edge Management Virtual up to 2.7.x. It has been rated as critical. Affected is an unknown function. This manipulation causes authentication bypass by primary weakness. This vulnerability is handled as CVE-2026-33892. The attack can be initiated remotely. There is not any exploit available. Upgrading the affected component is advised.
vuldb.com

Testing reveals Claude Mythos’s offensive capabilities and limits

Help Net Security
1 week 2 days ago

Could Claude Mythos Preview, Anthropic’s latest large language model, be leveraged for fully automated cyber attacks? The UK government’s AI Security Institute (AISI) tested its capability to successfully engage in capture-the-flag (CTF) challenges and multi-step attack scenarios, and found that that while its cybersecurity capabilities exceed those of previously available models, it can’t reliably execute autonomous attacks on hardened networks. What is Claude Mythos Preview? Anthropic introduced Claude Mythos Preview to the public earlier this … More →

The post Testing reveals Claude Mythos’s offensive capabilities and limits appeared first on Help Net Security.

Zeljka Zorz

Servo 发布首个 crates.io 版本

Solidot
1 week 2 days ago
Rust 语言开发的浏览器渲染引擎项目 Servo 释出了 servo crate v0.1.0,这是它发布的首个 crates.io 版本,允许 Servo 作为一个库供其他项目使用。Servo 源自 Mozilla,2020 年 8 月 Mozilla 在裁员时砍掉了 Servo 引擎团队的大部分成员。Servo 项目之后脱离 Mozilla 成为一个独立项目,由 Linux 基金会托管,旨在为其它项目提供一个嵌入的高性能的、安全的渲染引擎。Servo 项目于 2025 年 10 月释出了 v0.0.1 版本,之后以每月发布一个新版本的频率发布。开发者表示他们计划以每半年更新一次的频率提供长期支持版本(LTS),因为嵌入开发者可能无法及时更新到最新 Servo 版本,他们更适合使用 LTS 版本。LTS 版本预计将提供九个月的安全更新。

Google Adds Rust-Based DNS Parser into Pixel 10 Modem to Enhance Security

The Hackers News
1 week 2 days ago
Google has announced the integration of a Rust-based Domain Name System (DNS) parser into the modem firmware as part of its ongoing efforts to beef up the security of Pixel devices and push memory-safe code at a more foundational level. "The new Rust-based DNS parser significantly reduces our security risk by mitigating an entire class of vulnerabilities in a risky area, while also laying
The Hacker News

CVE-2026-28466:OpenClaw节点调用批准绕过的RCE精解

先知技术社区
1 week 2 days ago
漏洞描述2026.2.14 之前的 OpenClaw 版本在网关中存在一个漏洞,无法净化 node.invoke 参数中的内部批准字段,使得经过认证的客户端绕过执行审核对 system.run 命令的批准门禁。拥有有效网关凭证的攻击者可以注入批准控制字段,在连接的节点主机上执行任意命令,可能攻破开发者工作站和配置执行器漏洞影响评分:9.9影响:<2026.2.14漏洞复现在项目根目录下安装依

HackMyVM-Gitdwn 靶机WP

先知技术社区
1 week 2 days ago
Gitdwn靶机贴近真实生产环境,融合了多种常见的安全漏洞与配置隐患,涵盖前端加密逻辑、XML外部实体(XXE)、内网服务暴露、Git版本控制信息泄露等多个核心考点,既考验渗透测试人员的基础操作能力(如端口扫描、目录枚举、密码爆破),也要求具备一定的代码逆向、漏洞组合利用与细节挖掘思维。

斯坦福的 AI 报告认为中美差距微乎其微

Solidot
1 week 2 days ago
斯坦福大学研究院 Institute for Human-Centered Artificial Intelligence(HAI)发布了年度报告 AI Index,报告认为中国顶级 AI 与美国 AI 相差无几。2024 年 1 月美国顶级 AI 的得分比中国顶级 AI 高 10% 左右,到 2026 年 3 月美国 Anthropic 和字节跳动的 AI 得分差距仅为 2.7%。在衡量语言、数学和编程领域难题正确率的基准测试中,差距也在缩小,中美之间的性能差距已基本消除。在开发和运营数据中心数量方面,美国有 5427 个遥遥领先于其他国家,2025 年民间投资额美国也以 2859 亿美元遥遥领先其他国家。中国的民间投资仅为 124 亿美元,但政府投资较大,实际投资额尚不明确。在被引用最多的前 100 篇论文中,中国的论文在 2024 年达到 41 篇,比上年增加 7 篇,缩小了与排名第一的美国(46 篇)的差距。

Managed ad