Aggregator

A vulnerability was found in eShop Plugin 6.3.14 on WordPress. It has been classified as critical. Affected by this vulnerability is an unknown functionality of the file eshop-orders.php. This manipulation of the argument view/mark/change causes sql injection. This vulnerability is handled as CVE-2016-0769. The attack can be initiated remotely. There is not any exploit available.

A vulnerability was found in TrueCrypt up to 7.1a/7.2. It has been declared as problematic. Affected by this issue is some unknown functionality in the library USP10.dll of the component Installer. Such manipulation leads to untrusted search path (Path). This vulnerability is uniquely identified as CVE-2016-1281. Local access is required to approach this attack. No exploit exists. It is recommended to upgrade the affected component.

На Красносельском шоссе обнаружили подпольный узел связи для обзвонов.

2026年初，安全研究组织depthfirst通过其自动化代码审计系统对NGINX源代码进行深度扫描，识别出五个安全缺陷，其中四个已获得NGINX官方确认并分配CVE编号。这一发现揭示了NGINX核心组件中存在的严重内存损坏问题，攻击者可利用这些漏洞实现远程代码执行

吃蔬菜有益健康，但哄孩子吃蔬菜对父母们而言是一大难题。一项研究发现，新生儿父母可以未雨绸缪，在出生前就让他们熟悉蔬菜的气味，那么出生之后他们不会再排斥蔬菜。在实验中，研究人员让部分孕妇服用羽衣甘蓝粉（kale powder）胶囊，部分孕妇服用胡萝卜粉胶囊，然后观察胎儿或婴儿对羽衣甘蓝和胡萝卜的面部反应。对胎儿的观察是借助超声波，之后是出生后三周以及三岁。研究人员说，孕妇不愿意为了科学而服用大量羽衣甘蓝汁或胡萝卜汁，所以他们选择了胶囊。结果基本一致：接触过胡萝卜粉的孩子对胡萝卜不排斥，接触过羽衣甘蓝的也喜欢羽衣甘蓝。研究人员推测，孕晚期接触特定口味可能会给孩子留下持久的味觉或嗅觉记忆，有可能影响他们出生多年后的饮食偏好。研究人员表示这项研究规模较小，如果资金充足将展开更大规模的研究。

在上一篇文章 《罗福莉访谈之后：Vibe Coding → Vibe Working → Vibe Forking》https://mp.weixin.qq.com/s/D4bAcI3TN4b_cEhk-aftNQ 提到的另外一个“ah moment”其实就是指漏洞挖掘的模型分水岭出现了～ 今天看到两篇文章 介绍微软用他们的智能体 MDASH（multi-model agentic scanning harness），编排 100+ specialized AI agents，并称其在公开 CyberGym benchmark 上拿到 88.45% 并且在他们内部发现了多个tcpip.sys的RCE： https://www.geekwire.com/2026/microsofts-multi-agent-ai-system-tops-anthropics-mythos-on-cybersecurity-benchmark/ https://www.microsoft.com/en-us/security/blog/2026/05/12/defense-at-ai-speed-microsofts-new-multi-model-agentic-security-system-tops-leading-industry-benchmark/

分享一篇文章。

2026年5月13日（北京时间），微软发布了2026年5月安全更新，共发布了138个CVE的补丁程序，比上月减少了109个。

5月30日，我们北京见，欢迎报名！

看雪论坛作者ID：the_hs

NGINX高危漏洞，无认证可远程执行代码

The Microsoft Copilot Studio April 2026 updates improve visibility and governance for admins and expand workflow capabilities for managing agents. Copilot surfaces agent status in the authoring experience, giving admins insight into each agent’s security and protection posture. Customers can identify issues such as authentication gaps or policy impacts and investigate them at the source. Analytics Viewer role Insights can be shared through the generally available Analytics Viewer role, which grants access to the Analytics … More →

The post Microsoft turns Copilot Studio into an AI agent control center appeared first on Help Net Security.

Dell confirmed that its SupportAssist software is causing blue-screen crashes on some Windows systems following a wave of user reports about random reboots affecting Dell devices since Friday. [...]

这篇论文的价值在于它聚焦了LLM集成应用中非常现实的安全问题，即间接提示注入攻击。

Троянец Buhtrap атакует российские компании втрое активнее — бухгалтерии под ударом.

A vulnerability classified as critical has been found in Node.js up to 1.0.x. This affects an unknown part of the component Validator. The manipulation leads to cross site scripting (XSS). This vulnerability is documented as CVE-2013-7452. The attack can be initiated remotely. There is not any exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Node.js up to 1.0.x. This vulnerability affects unknown code of the component Validator. The manipulation results in cross site scripting (XSS). This vulnerability is reported as CVE-2013-7453. The attack can be launched remotely. No exploit exists. Upgrading the affected component is advised.

A vulnerability, which was classified as critical, has been found in Node.js up to 1.0.x. This issue affects some unknown processing of the component Validator. This manipulation causes cross site scripting (XSS). This vulnerability appears as CVE-2013-7454. The attack may be initiated remotely. There is no available exploit. It is advisable to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Vivint Sky Control Panel 1.1.1.9926. Impacted is an unknown function of the component Web Interface. Such manipulation leads to improper access controls. This vulnerability is traded as CVE-2014-8362. The attack may be launched remotely. There is no exploit available.