資安雷達

CVE、Supply Chain、重大資安事件

2026-05-21 — CVE-2026-46333 Linux ptrace 邏輯漏洞、@cap-js/db-service 供應鏈攻擊、rsync 3.4.3 六個 CVE

primary=https://cdn2.qualys.com/advisory/2026/05/20/cve-2026-46333-ptrace.txt primary=https://github.com/advisories/GHSA-pvw4-cvr4-97p8 primary=https://rsync.samba.org/ primary=https://www.openwall.com/lists/oss-security/2026/05/20/

1 min Read →

資安雷達 5 月 20

2026-05-20 — PinTheft Linux LPE、CISA AWS GovCloud 憑證洩漏、nestjs-auth 供應鏈 CVSS 10

primary=https://www.openwall.com/lists/oss-security/2026/05/19/6 primary=https://krebsonsecurity.com/2026/05/cisa-admin-leaked-aws-govcloud-keys-on-github/ primary=https://github.com/advisories/GHSA-6xwp-cp5h-q856

1 min Read →

資安雷達 5 月 19

2026-05-19 — Magick.NET 14.13.1 六漏洞修補、NiceGUI CVE-2026-45554 日誌 DoS

primary=https://github.com/advisories/GHSA-533m-3wf6-c33v primary=https://github.com/advisories/GHSA-7gg8-qqx7-92g5 primary=https://github.com/advisories/GHSA-5r4x-w6p5-222q primary=https://github.com/advisories/GHSA-pq7c-x8g4-rvp6

1 min Read →

資安雷達 5 月 18

2026-05-18 — CVE-2025-54510 Fabricked AMD SEV-SNP 破解、Linux ESP 模組攻擊面

primary=https://xca-attacks.github.io/fabricked/ primary=https://www.openwall.com/lists/oss-security/2026/05/16/3

1 min Read →

資安雷達 5 月 17

2026-05-17 — rkyv GHSA-vfvv-c25p-m7mm panic 安全漏洞、Linux ESP 攻擊面、Meta Labyrinth 1.1

primary=https://github.com/advisories/GHSA-vfvv-c25p-m7mm primary=https://rustsec.org/advisories/RUSTSEC-2026-0122.html primary=https://www.openwall.com/lists/oss-security/2026/05/16/3 primary=https://engineering.fb.com/2026/05/11/security/labyrinth-1-1-end-to-end-encrypted-e2ee-backups-more-reliable/

1 min Read →

資安雷達 5 月 16

2026-05-16 — CVE-2026-46333 SSH 私鑰竊取、Pixel 10 零點擊鏈、Mullvad 出口 IP 指紋

primary=https://github.com/0xdeadbeefnetwork/ssh-keysign-pwn/ primary=https://projectzero.google/2026/05/pixel-10-exploit.html primary=https://tmctmt.com/posts/mullvad-exit-ips-as-a-fingerprinting-vector/

1 min Read →

資安雷達 5 月 15

2026-05-15 — Apple M5 核心 MIE 繞過、PostgreSQL 11 CVE、vm2 CVSS 9.8 沙盒逃逸

primary=https://blog.calif.io/p/first-public-kernel-memory-corruption primary=https://www.postgresql.org/about/news/postgresql-184-1710-1614-1518-and-1423-released-3297/ primary=https://github.com/advisories/GHSA-248r-7h7q-cr24

1 min Read →

資安雷達 5 月 14

2026-05-14 — Fragnesia Linux LPE、NIST NVD 縮減、Strapi CVE-2026-22599

primary=https://lwn.net/Articles/1072647/ primary=https://www.docker.com/blog/nist-narrows-the-nvd-what-container-security-programs-should-reassess/ primary=https://github.com/advisories/GHSA-3xcq-8mjw-h6mx

1 min Read →

資安雷達 5 月 13

2026-05-13 — CVE-2026-45185 Exim RCE、dnsmasq 六個 CVE、SillyTavern 路徑穿越 CVSS 9.1

primary=https://xbow.com/blog/dead-letter-cve-2026-45185-xbow-found-rce-exim primary=https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2026q2/018471.html primary=https://github.com/advisories/GHSA-886q-f44j-h6wh

1 min Read →

資安雷達 5 月 12

2026-05-12 — TanStack NPM 供應鏈攻擊：OIDC Token 劫持植入憑證竊取器

primary=https://socket.dev/blog/tanstack-npm-packages-compromised-mini-shai-hulud-supply-chain-attack

1 min Read →