Aggregator

嗯，用户让我总结一下这篇文章的内容，控制在100字以内，而且不需要用“文章内容总结”之类的开头。首先，我需要仔细阅读用户提供的内容，看看文章主要讲了什么。 看起来这篇文章是关于AI代理的，提到了使用OpenAI助手在Python中构建AI代理的方法。里面还分成了两部分，第一部分是对话式的，第二部分是关于功能调用和工具使用的。另外，作者还提到了如何部署多个AI代理以及使用本地LLM的可能性。这些都是技术性的内容，可能对软件工程师和开发者比较有用。 用户的需求很明确，就是要一个简洁的中文摘要。所以我要抓住关键点：AI代理、OpenAI助手、Python、对话式与工具使用、部署方法。把这些信息浓缩到100字以内，同时保持语句通顺自然。 可能需要注意的是，不要遗漏重要的技术细节，比如“功能调用”和“工具使用”这些关键词。另外，要确保语言简洁明了，避免过于复杂的表达。 最后检查一下字数是否符合要求，并且确保没有使用任何开头的模板语句。这样就能满足用户的需求了。 文章介绍了如何使用OpenAI助手在Python中构建AI代理，并详细讲解了对话式交互与功能调用/工具使用的实现方法。

Ancient vulnerabilities frequently resurface at the most unforeseen junctures. While Microsoft was disseminating its April suite of security

The post Archaeological Malware: Why a 17-Year-Old Excel Bug and a SharePoint Zero-Day Are Topping CISA’s Hit List appeared first on Penetration Testing Tools.

Компания разработала нейросеть для обнаружения вредоносного кода.

A vulnerability labeled as problematic has been found in Apache Kafka and Kafka Clients up to 3.9.1/4.0.0. The impacted element is an unknown function. Such manipulation leads to sensitive information in log files. This vulnerability is documented as CVE-2026-33558. The attack can be executed remotely. There is not any exploit available. The affected component should be upgraded.

A vulnerability identified as critical has been detected in Apache Kafka 4.1.0. The affected element is an unknown function of the component JWT Token Handler. This manipulation causes improper authentication. This vulnerability is registered as CVE-2026-33557. Remote exploitation of the attack is possible. No exploit is available. You should upgrade the affected component.

A vulnerability categorized as problematic has been discovered in Red Hat Ansible Automation Platform 2. Impacted is an unknown function of the component aap-mcp-server. The manipulation results in improper output neutralization for logs. This vulnerability is cataloged as CVE-2026-6494. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in rust-coreutils. It has been rated as problematic. This issue affects the function uu_sort of the component Temporary File Handler. The manipulation leads to information disclosure. This vulnerability is listed as CVE-2026-6434. The attack must be carried out locally. There is no available exploit.

好的，用户让我帮忙总结一篇文章的内容，控制在一百个字以内，而且不需要特定的开头。首先，我需要仔细阅读文章内容，理解主要信息。 文章提到中国市场监管总局对七家电商平台进行了行政处罚，包括暂停新增蛋糕店铺和罚款。罚款总额是35.97亿元，同时对法定代表人和食品安全总监也进行了处罚。处罚的原因是这些平台在审核入网食品经营者许可证时不够严格，与转单平台合作侵害了消费者权益。 接下来，我需要将这些信息浓缩到一百字以内。要抓住关键点：处罚对象、措施、罚款金额、原因以及责任人。同时，语言要简洁明了，直接描述内容。 可能会先列出主要处罚措施：责令改正、暂停新增店铺、罚款金额。然后说明原因：审核不严、与转单平台合作侵害消费者权益。最后提到责任人被处罚。 组合起来就是：市场监管总局对七家电商平台因“幽灵外卖”案作出处罚，包括暂停新增店铺和罚款35.97亿元，并对相关责任人处以罚款。 这样既涵盖了主要内容，又符合字数限制。 市场监管总局对七家电商平台因"幽灵外卖"案作出行政处罚，责令改正违法行为并暂停新增蛋糕店铺3至9个月不等，罚没款共计35.97亿元。平台未严格审核食品经营者资质，明知或应知转单行为侵害消费者权益未采取措施。法定代表人和食品安全总监合计被罚1968.74万元。

A vulnerability was found in JetBrains YouTrack. It has been declared as problematic. This vulnerability affects unknown code. Executing a manipulation can lead to improper neutralization of special elements used in a template engine. This vulnerability is tracked as CVE-2026-33392. The attack can be launched remotely. No exploit exists. It is recommended to upgrade the affected component.

A vulnerability was found in tholstkabelbwde cms-fuer-motorrad-werkstaetten Plugin up to 1.0.0 on WordPress. It has been classified as problematic. This affects the function check_ajax_referer. Performing a manipulation results in cross-site request forgery. This vulnerability is identified as CVE-2026-6451. The attack can be initiated remotely. There is not any exploit available.

A vulnerability was found in ZTE Red Magic 11 Pro up to V1.0.0B14MR1 and classified as critical. Affected by this issue is some unknown functionality of the component Service Interface. Such manipulation leads to improper privilege management. This vulnerability is referenced as CVE-2026-40002. The attack can only be performed from a local environment. No exploit is available.

好的，我现在需要帮用户总结一篇文章的内容，控制在100字以内，而且不需要特定的开头。首先，我得仔细阅读文章，理解其主要内容。 文章讲的是一个关键漏洞CVE-2026-33032，影响Nginx服务器管理界面nginx-ui。这个漏洞允许攻击者绕过认证，接管Nginx服务器。漏洞评分很高，CVSS 9.8，说明非常严重。攻击者利用/mcp_message端点，默认IP白名单为空，导致所有IP都可以访问，从而控制服务器。 此外，还有一个相关的漏洞CVE-2026-27944，让攻击者下载系统备份数据，获取敏感信息如用户凭证和SSL密钥。这些信息进一步帮助攻击者完成会话劫持。 文章还提到已经有2689个nginx-ui实例暴露在互联网上，主要分布在几个国家。修复建议是升级到最新版本，并采取一些临时措施如加强认证和限制IP访问。 现在我要把这些信息浓缩到100字以内。重点包括：漏洞名称、影响范围、评分、攻击方式、暴露实例数量以及修复建议。 可能的结构是：介绍漏洞及其影响、评分、攻击方法、暴露情况和修复措施。 确保语言简洁明了，不使用复杂的术语，同时涵盖所有关键点。 一个高危漏洞CVE-2026-33032（CVSS 9.8）使攻击者可通过nginx-ui接管Nginx服务器。该漏洞源于认证绕过问题，默认配置允许所有IP访问关键端点/mcp_message。已有约2,689个实例暴露于互联网。修复建议包括升级至最新版本及加强安全配置。

A vulnerability has been found in prasathmani TinyFileManager up to 2.6 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /filemanager.php?p= ajax=true&type=upload of the component File Upload Handler. This manipulation of the argument uploadurl causes server-side request forgery. The identification of this vulnerability is CVE-2026-6497. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability, which was classified as critical, was found in prasathmani TinyFileManager up to 2.6. Affected is an unknown function of the file /filemanager.php of the component POST Parameter Handler. The manipulation of the argument file[] results in path traversal. This vulnerability was named CVE-2026-6496. The attack may be performed from remote. In addition, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

嗯，用户让我帮忙总结一下这篇文章的内容，控制在一百个字以内。首先，我需要仔细阅读用户提供的文章内容，找出主要的信息点。 看起来这篇文章是关于Jon Stojan Journalist的一篇介绍，他是一位专业作家，专注于多样化的优质内容。文章还提到了一些关键词，比如web3、区块链、巴黎区块链周、埃菲尔铁塔等。这些关键词可能暗示了文章的主题或相关活动。 接下来，我需要确定文章的主要内容。Jon Stojan Journalist似乎撰写了许多关于web3、区块链和数字资产的文章，并且参加了巴黎区块链周等活动。这些信息点应该被包含在总结中。 用户要求控制在一百个字以内，并且不需要特定的开头，直接写描述即可。因此，我需要简洁明了地概括Jon Stojan的背景和他的写作主题。 可能的结构是：介绍Jon Stojan的身份和地点，然后提到他的写作主题和参与的活动。这样可以在有限的字数内涵盖主要信息。 最后，检查一下是否所有关键点都被涵盖，并且语言流畅自然。 Jon Stojan Journalist是一位位于威斯康星的专业作家，致力于创作多样化且高质量的内容。他的作品涉及Web3、区块链、数字资产等领域，并参与了巴黎区块链周等活动。

Submit #787943 / VDB-358040

Submit #787942 / VDB-358039

OpenAI is rolling out a major update to the Codex desktop app for users signed in with ChatGPT. Personalization features, including context-aware suggestions and memory, will roll out to Enterprise, Edu, and users in the EU and UK soon. Computer use is initially available on macOS and will expand to EU and UK users in the near future. Screenshot of Codex computer use on Mac (Source: OpenAI) The update expands Codex into a more capable … More →

The post Codex can now operate between apps. Where are the boundaries? appeared first on Help Net Security.

在不远的未来，安全部门会不会也有可能被解散和合并？

2026年4月16日，深瞳漏洞实验室监测到一则Nginx UI组件存在绕过认证漏洞的信息，漏洞编号：CVE-2026-33032，漏洞威胁等级：高危。