Aggregator

时间范围：2026-05-12 至 2026-06-23
写作定位：这不是开发日志，也不是提交记录。它是一份面向分享的回忆录：记录一个交易想法如何从两篇 X 文章，变成一套越来越严肃、越来越不敢轻易相信自己的量化系统。
AI 协作说明：这份回忆录由 AI 协助我整理、追问和写作，用来记录我从交易想法出发，逐步构建、怀疑、修正一套量化系统的过程。里面的判断、取舍和反思来自项目推进中的真实证据与对话复盘，AI 主要承担梳理脉络、改写表达和补齐遗漏的工作。

更新原则：这份文档以后会不定期更新，但不会按“今天改了哪个文件”继续堆流水账。

每次更新优先记录四件事：

• 当时我以为什么是对的。
• 后来系统或数据如何证明我想简单了。
• 我做了什么决定，为什么没有选另一条路。
• 这个决定留下了什么结果、教训或新的风险。

具体代码、命令、回测数字仍会保留，但放在章节中的证据段或附录里。正文要尽量像一篇可以给别人看的长文，而不是一份工作汇报。

序章：最开始只是两篇文章

这个项目真正的开始，不是一个仓库，也不是一个数据库——而是我一次过于自信的“来都来了”。

如果严格按时间说，在这之前我已经碰过一条旁支：只读券商账户、持仓和市场简报。那条线当时还不是量化策略系统，却提前教了我一个后来反复出现的原则：先学会安全地看见现实，再谈让系统替我行动。所以这份回忆录把它放在主线边缘，而不是当成第一章；真正把交易想法推成策略系统的，是后面那两篇 X 文章。

它开始于 2026 年 5 月 15 日，我把两篇 X 文章丢给 Codex：

https://x.com/kovainvest/status/2055026277149741399
https://x.com/MMMusol/status/2054789628016931253
请你读一下这两篇文章，然后形成计划计划构建一套可执行的交易策略实现稳健盈利

For the latest discoveries in cyber research for the week of 22nd June, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES Texas Parks and Wildlife Department has been affected by a third-party data breach involving its license system vendor. The incident exposed driver’s license information, passport numbers, emails, phone numbers, and residential addresses for […]

The post 22nd June – Threat Intelligence Report appeared first on Check Point Research.

A vulnerability, which was classified as critical, was found in BerriAI litellm up to 1.59.8. Affected is the function UserAPIKeyAuth of the file litellm/proxy/_experimental/mcp_server/auth/user_api_key_auth_mcp.py of the component MCP Proxy. Executing a manipulation can lead to improper authentication. The identification of this vulnerability is CVE-2026-12773. The attack may be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure.

A vulnerability was found in AOMEI Partition Assistant up to 10.10.1. It has been declared as critical. This vulnerability affects unknown code in the library ampa10.sys of the component Kernel Driver. Such manipulation leads to improper access controls. This vulnerability is listed as CVE-2026-12778. The attack must be carried out locally. In addition, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in Crawl4AI up to 0.8.6. It has been classified as critical. This issue affects some unknown processing of the component Docker API. The manipulation leads to hard-coded credentials. This vulnerability is traded as CVE-2026-56265. It is possible to initiate the attack remotely. There is no exploit available. Upgrading the affected component is recommended.

A Heartbleed-style heap buffer overread lurking in Squid Proxy since 1997 can silently leak HTTP headers, including passwords and API keys, from other users on the same proxy. Security researchers at Calif.io have disclosed a critical memory disclosure vulnerability in Squid Proxy, dubbed Squidbleed, discovered with the assistance of Anthropic’s Claude Mythos Preview AI model. […]

The post 29-Year-Old ‘Squidbleed’ Vulnerability Discovered With the Aid of Claude Mythos Preview appeared first on Cyber Security News.

The joint warning from Five Eyes countries mirrors what many cybersecurity and AI experts have been saying for the past year. 

The post Intel agencies: Frontier AI models will reshape cybersecurity faster than expected appeared first on CyberScoop.

Around 3 million Texas licence holders face a data breach after hackers targeted a third-party vendor, exposing driver's licences and passport numbers.

A vulnerability was found in websockets ws up to 5.2.4/6.2.3/7.5.10/8.20.x. It has been rated as problematic. This vulnerability affects unknown code of the component Network Traffic Handler. This manipulation causes resource consumption. The identification of this vulnerability is CVE-2026-48779. It is possible to initiate the attack remotely. There is no exploit available. Upgrading the affected component is advised.

A vulnerability, which was classified as problematic, has been found in nilfs-dev nilfs-utils up to 2.3.0. Affected is the function nilfs_sb_is_valid. Performing a manipulation results in improper validation of specified quantity in input. This vulnerability is identified as CVE-2026-55392. The attack is only possible with local access. There is not any exploit available. Applying a patch is the recommended action to fix this issue.

A vulnerability marked as problematic has been reported in HAProxy up to 3.4.0. This vulnerability affects unknown code of the component FCGI Framing Parser. Performing a manipulation of the argument drl results in integer overflow. This vulnerability was named CVE-2026-55203. The attack may be initiated remotely. There is no available exploit. To fix this issue, it is recommended to deploy a patch.

A vulnerability identified as critical has been detected in Linux Kernel up to 7.1-rc1. The affected element is the function vlan_features_check of the component ibmveth. This manipulation causes stack-based buffer overflow. The identification of this vulnerability is CVE-2026-46273. The attack needs to be done within the local network. There is no exploit available. You should upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.19.3 and classified as critical. The affected element is the function do_task_stat of the file /proc/[pid]/stat of the component procfs. Executing a manipulation of the argument real_parent can lead to use after free. This vulnerability is handled as CVE-2026-46259. The attack can only be done within the local network. There is not any exploit available. It is suggested to upgrade the affected component.

ESET details GentleKiller, the EDR-killer framework the Gentlemen ransomware gang gives affiliates

A vulnerability was found in AOMEI Dynamic Disk Manager up to 10.10.1. It has been rated as critical. This issue affects some unknown processing in the library ddmdrv.sys of the component Kernel Driver. Performing a manipulation results in improper access controls. This vulnerability is cataloged as CVE-2026-12779. The attack must be initiated from a local position. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability categorized as critical has been discovered in Craft CMS up to 4.17.6/5.9.12. Affected is an unknown function of the component SVG File Handler. Executing a manipulation can lead to path traversal. This vulnerability is handled as CVE-2026-56394. The attack can be executed remotely. There is not any exploit available. It is advisable to upgrade the affected component.