Aggregator

Currently trending CVE - Hype Score: 3

Currently trending CVE - Hype Score: 5 - Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.

Currently trending CVE - Hype Score: 3 - A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code ...

​百川百小医背后，是一次「造医生」的实践。

GoDaddy researchers found WordPress malware using Steam Community profile comments to hide encoded command and control data, with nearly 1,980 sites affected.

Miami Beach, FL, USA, 2nd June 2026, CyberNewswire

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.

• CVE-2022-0492 Linux Kernel Improper Authentication Vulnerability
• CVE-2025-48595 Android Framework Integer Overflow Vulnerability

These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of KEV Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

Twenty years after Dark Reading launched, we're looking ahead at what's next for enterprise security. Spoiler: It's hyper-segmented, AI-orchestrated, and way more sophisticated than your dad's firewall.

Google has released the June 2026 Android security patches to address 124 vulnerabilities, including one zero-day flaw exploited in targeted attacks. [...]

20 万元奖金池等你来拿！

A threat actor used AI coding tools to build and test EDR evasion malware, Sophos finds

AI 漏洞挖掘开始交付"工程化结果" 从音频解码到工业 CAD，从车端 CAN 帧到企业 Java 中间件——这一次，AI 红队没有靠"灵感"。

AI 漏洞挖掘开始交付"工程化结果" 从音频解码到工业 CAD，从车端 CAN 帧到企业 Java 中间件——这一次，AI 红队没有靠"灵感"。

AI 漏洞挖掘开始交付"工程化结果" 从音频解码到工业 CAD，从车端 CAN 帧到企业 Java 中间件——这一次，AI 红队没有靠"灵感"。

近日，中央网信办部署推进短视频内容标注规范化工作，要求网站平台完善标注体系，明确六类必选标签，将内容标注设为短视频发布的必经环节，并对存量短视频开展回溯和补充标注。

当前，我国未成年网民规模已达1.96亿，互联网普及率高达97.3%，网络已成为未成年人不可或缺的成长空间。

中美两国元首就人工智能问题进行了建设性交流，同意开展人工智能政府间对话。当前，中美关系总体保持稳定，确定了“中美建设性战略稳定关系”的新定位。作为两个人工智能大国，中美双方携手促进人工智能发展和治理，这既是落实两国元首共识的具体体现……

近日，全国网络安全标准化技术委员会组织制定的技术文件《人工智能应用伦理安全指引1.0》正式发布。作为回应人工智能技术应用新阶段相关伦理安全挑战的重要文件，《指引》旨在统筹发展与安全，为人工智能应用相关方提供明确的行动指南……

“十五五”规划纲要将“以新安全格局保障新发展格局”作为经济社会发展必须牢牢把握的重大原则，并在第十四篇“国家安全篇”开宗明义提出要“加快构建新安全格局”，系统部署了构建新安全格局的目标任务。

根据国家信息安全漏洞库统计，近期共采集重要人工智能漏洞114个。本周人工智能类漏洞主要涵盖了MLflow、Nous Research（Hermes Agent）、LangChain等多个厂商（项目）。CNNVD对其危害等级进行了评价，其中超危漏洞12个，高危漏洞37个，中危漏洞65个。