Aggregator

HumanBug15 年实战经验，手把手教落地

彻底沦陷！百万级前端组件集体遭遇恶意投毒

看雪论坛作者ID：XCicada

人类中的大多数是右撇子，左撇子占约十分之一。为什么会出现这一倾向？研究人员分析了 41 种灵长类动物，共计 2025 只猴子与猿类的数据，逐一分析了工具使用、食性、栖息环境、体型、社会结构、脑容量、行动方式等各类影响因素。人类的用手倾向与其他灵长类动物存在明显差异。当研究人员将两个关键特征纳入模型中，情况就发生了变化。这两个特征分别是大脑大小及臂长与腿长的比例，这一比例常作为衡量两足行走能力的指标。纳入上述因素后，人类不再被视为特殊的进化产物。研究结果表明，直立行走与脑容量增大的共同作用，或是人类形成强烈右手使用偏好的核心原因。研究人员认为，惯用右手的进化分为两个阶段。首先，直立行走使双手从运动中解放出来，偏爱更专业和不对称的手部使用；其次，随着人类大脑变得更大且更为复杂，对右手的偏好变得愈发强烈且更为普遍。

一份来自360漏洞研究院的AI Agent生态安全体检报告

Mozilla 释出了 Firefox 151。主要新特性包括：更新内置 VPN 支持，改进隐私浏览，Firefox PDF 查看器支持直接合并多个 PDF 文件，Linux 和 macOS 本地配置文件备份支持跨平台恢复，文档画中画 API——提供了比目前的视频画中画 API 更多功能体验，等等。JPEG-XL 原生图像解密器推迟到了下个版本。

Внутренние чаты показали, как устроена экономика вымогательства без глянца и пафоса.

Critical security vulnerabilities have been disclosed in SEPPMail Secure E-Mail Gateway, an enterprise-grade email security solution, that could be exploited to achieve remote code execution and enable an attacker to read arbitrary mails from the virtual appliance. "These vulnerabilities could have been exploited to read all mail traffic or as an entry vector into the internal network,"

Open source tool maker Grafana says hackers stole codebase via GitHub breach

A vulnerability has been found in gotenberg 8.1.0/8.31.0 and classified as critical. Affected is the function downloadFrom/webhook. Performing a manipulation results in server-side request forgery. This vulnerability was named CVE-2026-42596. The attack may be initiated remotely. There is no available exploit. The affected component should be upgraded.

A vulnerability marked as critical has been reported in Strapi Upload Plugin. Impacted is an unknown function of the component Content API. Performing a manipulation results in unrestricted upload. This vulnerability is known as CVE-2026-22707. Remote exploitation of the attack is possible. No exploit is available. It is suggested to upgrade the affected component.

A vulnerability identified as problematic has been detected in datahub-project datahub up to 1.5.0.3. This issue affects some unknown processing of the component OIDC Call Handler. Performing a manipulation of the argument REDIRECT_URL results in deserialization. This vulnerability is cataloged as CVE-2026-44501. It is possible to initiate the attack remotely. There is no exploit available. You should upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Strapi up to 5.36.x. This affects an unknown part. The manipulation leads to path traversal. This vulnerability is traded as CVE-2026-27886. It is possible to initiate the attack remotely. There is no exploit available. It is advisable to upgrade the affected component.

A vulnerability has been found in Strapi up to 4.26.0/5.33.1 and classified as critical. This issue affects the function db.connection.raw of the component Database Utility. This manipulation causes sql injection. This vulnerability is handled as CVE-2026-22599. The attack can be initiated remotely. There is not any exploit available. The affected component should be upgraded.

A vulnerability was found in fleetdm fleet up to 4.80.x. It has been classified as problematic. The affected element is an unknown function of the component Windows MDM Management Endpoint. Performing a manipulation results in improper certificate validation. This vulnerability was named CVE-2026-23998. The attack may be initiated remotely. There is no available exploit. Upgrading the affected component is recommended.

A vulnerability was found in Strapi up to 5.33.2. It has been declared as problematic. The impacted element is an unknown function. Executing a manipulation can lead to session expiration. The identification of this vulnerability is CVE-2026-22706. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Microsoft Authenticator on Android/iOS and classified as problematic. This impacts an unknown function. Performing a manipulation results in information disclosure. This vulnerability was named CVE-2026-41615. The attack may be initiated remotely. There is no available exploit. The affected component should be upgraded.

A vulnerability described as problematic has been identified in etcd-io etcd up to 3.4.43/3.5.29/3.6.10. The impacted element is an unknown function of the component Attachments Handler. The manipulation results in incorrect authorization. This vulnerability is reported as CVE-2026-44283. The attack can be launched remotely. No exploit exists. Upgrading the affected component is recommended.

A vulnerability identified as problematic has been detected in Strapi up to 5.44.x. Affected is an unknown function of the file /auth/local. This manipulation causes improper restriction of excessive authentication attempts. This vulnerability is tracked as CVE-2025-64526. The attack is possible to be carried out remotely. No exploit exists. You should upgrade the affected component.