2026-06-05 — stata-mcp 命令注入 GHSA-4p62-hqp5-g644、@cap-js/openapi 供應鏈入侵
primary=https://github.com/advisories/GHSA-4p62-hqp5-g644 primary=https://github.com/advisories/GHSA-jpvj-wpmj-h7rv
1 min Read →
Category
資安雷達
CVE、Supply Chain、重大資安事件
2026-06-04 — Let’s Encrypt 後量子移轉、Sound Blaster BadUSB、VSCode Token 竊取
primary=https://letsencrypt.org/2026/06/03/pq-certs.html primary=https://blog.nns.ee/2026/06/03/katana-badusb/ primary=https://blog.ammaraskar.com/github-token-stealing/
2 min Read →
2026-06-03 — PAN-OS CVE-2026-0257 積極利用、Exchange OWA CVE-2026-42897 零日
primary=https://security.paloaltonetworks.com/CVE-2026-0257 primary=https://www.rapid7.com/blog/post/etr-rapid7-observed-exploitation-of-pan-os-globalprotect-authentication-bypass-vulnerability-cve-2026-0257/ primary=https://msrc.microsoft.com/blog/
1 min Read →
2026-06-02 — Red Hat Cloud Services 30 個 npm 套件遭入侵、Instagram 零驗證密碼重設漏洞
primary=https://github.com/RedHatInsights/javascript-clients/issues/492 primary=https://www.0xsid.com/blog/meta-account-takeover-fiasco
1 min Read →
2026-06-01 — Cloudflare Turnstile WebGL 指紋、FROST SSD 時序攻擊、ChatGPT Sheets 外洩
primary=https://hacktivis.me/articles/cloudflare-turnstile-webgl-fingerprinting primary=https://arstechnica.com/security/2026/05/websites-have-a-new-way-to-spy-on-visitors-analyzing-their-ssd-activity/ primary=https://hannesweissteiner.com/pdfs/frost.pdf primary=https://www.promptarmor.com/resources/gpt-for-google-sheets-data-exfiltration
1 min Read →
2026-05-31 — CVE-2026-48710 BADHOST Starlette、TanStack 供應鏈蠕蟲、iOS MTE 深度解析
primary=https://marcelotryle.com/blog/2026/05/28/cve-2026-48710-a-maintainers-perspective/ primary=https://nvd.nist.gov/vuln/detail/CVE-2026-48710 primary=https://tanstack.com/blog/npm-supply-chain-compromise-postmortem primary=https://orca.security/resources/blog/tanstack-npm-supply-chain-worm/ primary=https://fuzzinglabs.com/mte-ios-memory-protection/
2 min Read →
2026-05-30 — PraisonAI 15+ CVE:硬編碼 JWT、沙箱逃逸、任意 RCE
primary=https://github.com/advisories/GHSA-3qg8-5g3r-79v5 primary=https://github.com/advisories/GHSA-4mr5-g6f9-cfrh primary=https://github.com/advisories/GHSA-vg22-4gmj-prxw primary=https://github.com/advisories/GHSA-hvhp-v2gc-268q primary=https://github.com/advisories/GHSA-9cr9-25q5-8prj primary=https://github.com/advisories/GHSA-8444-4fhq-fxpq primary=https://github.com/advisories/GHSA-86qc-r5v2-v6x6
1 min Read →
2026-05-29 — Dulwich merge driver 命令注入、OpenBao 跨命名空間 ACL 繞過、compliance-trestle SSTI RCE
primary=https://github.com/advisories/GHSA-9277-mp7x-85jf primary=https://github.com/advisories/GHSA-v8v8-cm84-m686 primary=https://github.com/advisories/GHSA-gg2g-p7xc-qqmm
1 min Read →
2026-05-28 — Kata Containers guest escape CVE-2026-47243、yamcs-core 雙 RCE、Erlang atom exhaustion
primary=https://github.com/advisories/GHSA-2gv2-cffp-j227 primary=https://github.com/advisories/GHSA-2g95-6x5q-xjwj primary=https://github.com/advisories/GHSA-vmwp-vh32-rj75 primary=https://erlef.org/blog/security/atom-exhaustion
2 min Read →
2026-05-27 — XWiki Critical CVE-2026-33137、Nezha CVSS 9.9 跨租戶 RCE、GTK PDF 命令注入
primary=https://github.com/advisories/GHSA-qrvh-r3f2-9h4r primary=https://github.com/advisories/GHSA-xq3r-2qv5-vqqm primary=https://github.com/advisories/GHSA-99gv-2m7h-3hh9 primary=https://lwn.net/Articles/1073944/
1 min Read →