Aggregator

A vulnerability described as critical has been identified in Apache Airflow up to 3.1.x. Affected by this issue is some unknown functionality of the component UI/API. The manipulation results in permission issues. This vulnerability is reported as CVE-2026-32228. The attack can be launched remotely. No exploit exists. Upgrading the affected component is recommended.

A vulnerability marked as problematic has been reported in Apache Airflow up to 3.1.x. Affected by this vulnerability is an unknown functionality. The manipulation leads to information exposure through error message. This vulnerability is documented as CVE-2026-30912. The attack can be initiated remotely. There is not any exploit available. It is suggested to upgrade the affected component.

A vulnerability labeled as critical has been found in Apache Airflow up to 3.1.x. Affected is an unknown function of the file dag_run.conf of the component BashOperator. Executing a manipulation can lead to injection. This vulnerability is registered as CVE-2026-30898. It is possible to launch the attack remotely. No exploit is available. The affected component should be upgraded.

A vulnerability identified as critical has been detected in Apache Airflow 3.1.5. This impacts an unknown function of the component API. Performing a manipulation results in deserialization. This vulnerability is cataloged as CVE-2026-25917. It is possible to initiate the attack remotely. There is no exploit available. You should upgrade the affected component.

Одна ошибка в маршрутизации обнулила безопасность чипов.

好的，我现在需要帮用户总结这篇文章的内容，控制在100个字以内。首先，我得通读全文，抓住主要信息。 文章讲的是Anthropic公司开发了一个强大的AI模型Claude Mythos Preview，能够发现和利用软件漏洞。由于担心其危险性，他们限制了访问权限，只给了大约50个关键基础设施组织。同时，文章也提到了这个模型的成功案例和潜在的问题，比如误报率和对特定软件的依赖。 接下来，我需要将这些信息浓缩成一句话。重点包括：AI模型的强大能力、限制访问的原因、潜在的安全问题以及对全球基础设施的影响。 现在开始组织语言：“Anthropic开发的Claude Mythos Preview AI模型能高效发现和利用软件漏洞，因安全风险被限制仅向关键组织开放访问。” 这样既涵盖了模型的能力、安全担忧以及访问限制，又符合字数要求。 Anthropic开发的Claude Mythos Preview AI模型能高效发现和利用软件漏洞，因安全风险被限制仅向关键组织开放访问。

议题PPT可在先知社区官网查看～

Researchers at Darktrace have identified ZionSiphon, a new malware targeting Israeli water treatment plants. Learn how this OT-focused…

嗯，用户让我总结这篇文章的内容，控制在一百个字以内，而且不需要特定的开头。首先，我需要快速浏览文章，抓住主要信息。 文章讲的是Google的量子AI团队发布了一个零知识证明，优化了量子电路，声称第一代量子计算机可以在9分钟内破解椭圆曲线加密。然后Trail of Bits团队改进了这个证明，并发现了Google代码中的漏洞。他们利用内存安全和逻辑漏洞伪造了证明，但Google已经修复了问题。 总结时要包括：Google的优化、Trail of Bits的改进、利用漏洞、以及修复情况。同时要简洁明了，不超过100字。 可能的结构是：Google优化量子电路... Trail of Bits改进并发现漏洞... Google修复... 这样就能涵盖主要点，并且符合用户的要求。 Google优化量子电路以9分钟破解椭圆曲线加密，Trail of Bits团队通过发现并利用其Rust代码中的内存安全和逻辑漏洞改进了该证明，并伪造了一个看似更优的零知识证明。Google已修复漏洞，但事件凸显零知识证明系统的独特攻击面。

嗯，用户让我帮忙总结一篇文章，控制在100字以内，而且不需要特定的开头。我得先仔细阅读文章内容，抓住主要信息。 文章讲的是欧洲、美国和其他国家的执法机构打击DDoS-for-hire生态系统，逮捕了4人，扣押了53个域名，还警告了75,000名用户。DDoS攻击被用来进行网络攻击，甚至用于国际冲突中。执法部门通过Operation PowerOFF行动来打击这些平台。 我需要把这些要点浓缩到100字以内。首先说明执法机构的行动，然后是具体的结果，比如逮捕、扣押域名和警告用户。接着提到DDoS攻击的应用场景和国际冲突中的使用情况。最后点出这是Operation PowerOFF的一部分。 确保语言简洁明了，不使用复杂的术语，同时涵盖所有关键信息。这样用户就能快速了解文章的核心内容了。 欧洲、美国等多国执法机构联合打击DDoS-for-hire生态系统，逮捕4人，扣押53个域名，并警告75,000名疑似用户。DDoS攻击被用于网络攻击甚至国际冲突中。此次行动为“Operation PowerOFF”的一部分，旨在打击非法网络攻击服务。

Google claims that its security teams work around the clock using its Gemini AI models to detect and stop harmful ads. “Bad actors are using generative AI to create deceptive ads at scale, and Gemini helps us detect and block them in real time” Keerat Sharma, VP and GM, Ads Privacy and Safety, Google, said. “Our models analyze hundreds of billions of signals — including account age, behavioral cues and campaign patterns — to stop … More →

The post Google wipes out 602 million scam ads with Gemini on duty appeared first on Help Net Security.

A vulnerability categorized as critical has been discovered in rust-coreutils. This affects an unknown function of the component File Permission Handler. Such manipulation leads to permission issues. This vulnerability is listed as CVE-2026-6435. The attack must be carried out from within the local network. There is no available exploit.

A vulnerability was found in rust-coreutils. It has been rated as problematic. This issue affects the function uu_sort of the component Temporary File Handler. The manipulation leads to information disclosure. This vulnerability is listed as CVE-2026-6434. The attack must be carried out locally. There is no available exploit.

A vulnerability was found in Apache Doris MCP Server up to 0.6.0. It has been rated as critical. The impacted element is an unknown function. This manipulation causes sql injection. This vulnerability is tracked as CVE-2025-66335. The attack is possible to be carried out remotely. No exploit exists. Upgrading the affected component is advised.

Google this week announced a new set of Play policy updates to strengthen user privacy and protect businesses against fraud, even as it revealed it blocked or removed over 8.3 billion ads globally and suspended 24.9 million accounts in 2025. The new policy updates relate to contact and location permissions in Android, allowing third-party apps to access the contact lists and a user's location in

嗯，用户让我帮忙总结一篇文章，控制在100字以内，而且不需要特定的开头。首先，我需要通读整篇文章，抓住主要信息。 文章主要讲的是Google在2025年更新了Play政策，加强用户隐私和防范欺诈。具体措施包括调整Android的联系人和位置权限，引入新的Contact Picker和简化的位置按钮。此外，Google还通过AI模型打击恶意广告，拦截了大量违规内容。 接下来，我需要把这些要点浓缩到100字以内。要注意关键词：隐私、反欺诈、Contact Picker、位置权限、AI打击广告。 然后组织语言，确保流畅自然。可能的结构是：Google更新政策，加强隐私和反欺诈；引入新功能；通过AI打击广告。 最后检查字数是否符合要求，并确保信息准确无误。 Google更新Play政策以加强用户隐私并防范欺诈，包括改进Android的联系人和位置权限管理，并通过AI技术拦截恶意广告。

A relatively unknown ransomware group called Payouts King has emerged as a serious cybersecurity threat, carrying the torch of the now-defunct BlackBasta operation. Since its appearance in April 2025, the group has quietly carried out targeted attacks while remaining largely under the radar, combining aggressive data theft with selective file encryption. BlackBasta was one of […]

The post Payouts King Rises as New Ransomware Threat Linked to Former BlackBasta Affiliates appeared first on Cyber Security News.

好的，我现在需要帮用户总结一篇文章，控制在100字以内。首先，我得仔细阅读文章内容，抓住主要观点。 文章主要讨论了《联邦窃听法》如何被用于起诉网站功能，特别是跟踪技术。原告将用户与网站的互动视为电子通信，认为跟踪像素和脚本属于非法窃听。法院对此理论越来越接受，导致全国范围内的诉讼浪潮。 接下来，我需要总结技术工作原理：当用户访问网页时，浏览器执行来自多个来源的代码，跟踪像素发送数据到第三方服务器，用于分析和广告。法院认为这些行为可能构成内容拦截。 然后是法院接受这些案件的原因：扩大“内容”定义、限制“当事人”辩护、质疑技术中立性。同时，并非所有案件都成功，敏感数据和目的影响结果。 最后是给公司的建议：数据最小化、了解供应商、有意义的同意、上下文特定跟踪、治理框架整合等。 现在我要把这些要点浓缩到100字以内，确保涵盖核心内容：法律被重新解释用于网络跟踪，法院扩大定义导致诉讼增加，技术工作原理和法院态度变化。 文章探讨了《联邦窃听法》如何被重新解释为针对网站功能的工具。原告将用户与网站的互动视为电子通信，并认为跟踪像素和脚本属于非法拦截。法院逐渐接受这一理论，导致全国范围内的诉讼浪潮。文章还分析了技术工作原理以及法院为何倾向于支持这些案件，并为公司提供了风险管理建议。

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning regarding a critical security defect in Apache ActiveMQ. On April 16, 2026, the agency officially added the vulnerability, tracked as CVE-2026-34197, to its Known Exploited Vulnerabilities (KEV) catalog. Federal agencies and private security teams are now under tight deadlines to patch their systems […]

The post CISA Warns of Apache ActiveMQ Input Validation Vulnerability Exploited in Attacks appeared first on Cyber Security News.

对创业者来说，「命」这个东西由天也由己。而所有的胜利，最终都是世界观的胜利。