【安全圈】微软 SharePoint Server 0Day漏洞遭在野利用
关键词漏洞微软在2026年4月的月度安全更新中确认,SharePoint Server存在一个关键的0Day欺
Aggregator
【安全圈】Adobe 修复 PDF 阅读器零日漏洞,已被黑客利用至少四个月
1 week 3 days ago
关键词漏洞4 月 15 日消息,Adobe 已为其旗舰文档阅读应用程序 Acrobat DC、Reader D
360数字安全集团携手统信软件,共筑智能国产操作系统创新生态
1 week 3 days ago
共筑成熟智能国产创新生态
ИИ врывается в математику — и лучшие умы планеты не знают, радоваться или бояться
1 week 3 days ago
40 лет ученые не могли доказать теорему. Алгоритм закрыл её за несколько дней — и это только начало.
TripSphere:面向Agentic AI与复杂业务融合的开源基准系统
1 week 3 days ago
复旦大学CodeWisdom团队学发布TripSphere基准系统。TripSphere是一个全栈的、分布式的、持续演进的AI原生应用,旨在为智能化软件系统的研究者提供一个开放的“试验场”。
Agentic LLM Browsers Expose New Attack Surface for Prompt Injection and Data Theft
1 week 3 days ago
Artificial intelligence is changing how people browse the internet. AI-powered browsers no longer just show web pages — they read content, take actions, and complete tasks for the user. These tools, called agentic LLM browsers, let users give simple commands like “book a meeting” or “summarize my emails,” and the browser handles the rest. While […]
The post Agentic LLM Browsers Expose New Attack Surface for Prompt Injection and Data Theft appeared first on Cyber Security News.
Tushar Subhra Dutta
CVE-2026-40688 | Fortinet FortiWeb up to 7.4.11/7.6.6/8.0.3 out-of-bounds write (FG-IR-26-127 / WID-SEC-2026-1122)
1 week 3 days ago
A vulnerability was found in Fortinet FortiWeb up to 7.4.11/7.6.6/8.0.3. It has been declared as critical. The impacted element is an unknown function. Such manipulation leads to out-of-bounds write.
This vulnerability is referenced as CVE-2026-40688. It is possible to launch the attack remotely. No exploit is available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2026-39865 | Axios up to 1.13.1 lib/adapters/http.js Http2Sessions.getSession resource consumption (Nessus ID 305611 / WID-SEC-2026-1127)
1 week 3 days ago
A vulnerability was found in Axios up to 1.13.1 and classified as problematic. This affects the function Http2Sessions.getSession in the library lib/adapters/http.js. Executing a manipulation can lead to resource consumption.
This vulnerability appears as CVE-2026-39865. The attack may be performed from remote. There is no available exploit.
It is suggested to upgrade the affected component.
vuldb.com
CVE-2025-54550 | Apache Airflow up to 3.1.x example_xcom code injection (WID-SEC-2026-1123)
1 week 3 days ago
A vulnerability, which was classified as critical, was found in Apache Airflow up to 3.1.x. This vulnerability affects the function example_xcom. Executing a manipulation can lead to code injection.
This vulnerability is handled as CVE-2025-54550. The attack can be executed remotely. There is not any exploit available.
You should upgrade the affected component.
vuldb.com
真正的 Skill 商店,为什么变成了微信公众号和小红书?
1 week 3 days ago
我们正处在一个 Skills 大爆发,但面对海量选择,却无从下手的时代。
DragonForce
1 week 3 days ago
You must login to view this content
cohenido
DragonForce
1 week 3 days ago
You must login to view this content
cohenido
DragonForce
1 week 3 days ago
You must login to view this content
cohenido
Взлом года за пару часов. ИИ заставил McKinsey выдать все секреты
1 week 3 days ago
Как простая программа вскрыла одну из самых закрытых компаний планеты.
安娜的档案被勒令向 Spotify 等赔偿 3.22 亿美元
1 week 3 days ago
纽约南区法官 Jed Rakoff 作出缺席判决,勒令影子图书馆安娜的档案(Anna's Archive)向 Spotify 以及唱片公司环球音乐、索尼音乐和华纳唱片赔偿 3.22 亿美元,其中 Spotify 获得 3 亿美元赔偿。安娜的档案的运营者没有现身法庭为其辩护,也不太可能支付赔偿金。这起诉讼源自去年安娜的档案宣布抓取了 Spotify 的音乐文件,它随后发布了 Spotify 的元数据,但并没有公开音乐文件,尽管如此 Spotify 和唱片公司对安娜的档案提起了诉讼,导致这家影子图书馆主域名被扣押。Spotify 等原告的主要目的也不是赔偿金,而是要在全球封杀安娜的档案。法官 Rakoff 也宣布了永久禁令,涉及 10 个域名 annas-archive.org、.li、.se、.in、.pm、.gl、.ch、.pk、.gd 和.vg。
AI Companies to Play Bigger Role in CVE Program, Says CISA
1 week 3 days ago
At VulnCon, Lindsey Cerkovnik, head of vulnerability management at CISA, said AI companies should play a bigger role in vulnerability disclosures in the future
OpenAI也搞“Mythos”?网络安全版GPT-5.4-Cyber对外亮相
1 week 3 days ago
目前只对少数用户限量开放。
实测:Anthropic新模型可执行复杂渗透测试,自主攻陷基础防护系统
1 week 3 days ago
企业管理者应及早规划借助AI技术来提升防御能力
Microsoft fixes bug behind Windows Server 2025 automatic upgrades
1 week 3 days ago
Microsoft has finally fixed a known issue that was causing systems running Windows Server 2019 and 2022 to "unexpectedly" upgrade to Windows Server 2025. [...]
Sergiu Gatlan
微软4月补丁星期二值得关注的漏洞
1 week 3 days ago
速修复