Cloudflare 针对 Mythos 模型发布了评测报告,提出了他们自己的一些使用大模型进行安全审查的 Harness 思考,可以空闲的时候当阅读材料看一看:
https://blog.cloudflare.com/cyber-frontier-models/
https://blog.cloudflare.com/cyber-frontier-models/
The Cloudflare Blog
Project Glasswing: what Mythos showed us
In recent weeks, we pointed Mythos and other security-focused LLMs at live code across critical parts of our infrastructure. We share what we observed, the models’ strengths and weaknesses, and what the work around them needs to look like before any of it…
TIL: 知名 MAGIC_STRING
ref: https://platform.claude.com/docs/en/test-and-evaluate/strengthen-guardrails/handle-streaming-refusals#implementation-guide
ANTHROPIC_MAGIC_STRING_* 在官方文档和 API 中被弃用。ref: https://platform.claude.com/docs/en/test-and-evaluate/strengthen-guardrails/handle-streaming-refusals#implementation-guide
PL Nerd 迎来惊天大变,Vibe Coder 喜提 AI 原生
https://zhuanlan.zhihu.com/p/2039725076204016063
可能有订户觉得咱是 mbt 黑子(咱不否认),但是咱看完这篇文章之后只想给 mbt 郑重道歉。
我要洗眼睛!!!!
https://zhuanlan.zhihu.com/p/2039725076204016063
可能有订户觉得咱是 mbt 黑子(咱不否认),但是咱看完这篇文章之后只想给 mbt 郑重道歉。
我要洗眼睛!!!!
中国地震台网自动测定:05月18日21时44分在广西柳州市柳南区附近(北纬24.37度,东经109.26度)发生5.2级左右地震,最终结果以正式速报为准。
https://weibo.com/1904228041/R016t3Cqb
(你没看错,又来了一轮)
https://weibo.com/1904228041/R016t3Cqb
(你没看错,又来了一轮)
#优质博文 #CSS #前端 #新动态
Gap decorations: Now available in Chromium | Chrome for Developers:CSS 终于原生支持给 Flex/Grid 间隙加分割线了,再也不用手写各种伪元素和 Border Hack 啦!Chrome 149 正式引入 CSS Gap Decorations。
Gap decorations: Now available in Chromium | Chrome for Developers:CSS 终于原生支持给 Flex/Grid 间隙加分割线了,再也不用手写各种伪元素和 Border Hack 啦!Chrome 149 正式引入 CSS Gap Decorations。
AI 摘要:Chrome 149 正式引入 CSS Gap Decorations,新增 row-rule 和 column-rule 属性。开发者现在可以像使用 column-rule 处理多列布局一样,直接为网格(Grid)和弹性盒(Flex)布局的间距添加分割线。该功能支持复杂的样式重复(repeat())、动画效果以及交叉点断开控制(rule-break),极大简化了 UI 分割线的实现逻辑。
Chrome for Developers
Gap decorations: Now available in Chromium | Blog | Chrome for Developers
A new way to style gaps in CSS from Chrome and Edge 149.
中国地震台网正式测定:05月18日00时21分在广西柳州市柳南区(北纬24.38度,东经109.26度)发生5.2级地震,震源深度8千米。
https://weibo.com/2817059020/QFQcops28
https://weibo.com/2817059020/QFQcops28
https://app.mokahr.com/m/social-recruitment/high-flyer/140576#/job/54f386a9-913b-4626-9bf4-e1709b62fcda
以 5.99 美刀为例,Steam 按三种方式的转换价格分别为¥ 42.00、¥ 22.00、¥ 26.00 .
https://partner.steamgames.com/pricing/explorer
https://steamcommunity.com/groups/steamworks/announcements/detail/501722749836722406
fragnesia-5db89c99566fc
This is a variant of our Fragnesia bug (CVE-2026-46300) that bypasses the merged fix (commit f84eca581739) by exploiting a separate path that remains unpatched in both mainline and the netdev net tree as of 2026-05-15 18:00 UTC.
The bug is in skb_segment() in net/core/skbuff.c. When building GSO segments from an skb that has a frag_list, the function propagates SKBFL_SHARED_FRAG only from the head skb. If a frag_list member carries page-cache-backed frags with the flag set but the head does not, the resulting segment skbs lose the marker. This lets them pass the skip_cow guard in esp_input() and get decrypted in place over page-cache pages, same primitive as the original Dirty Frag and Fragnesia exploits.
Triggering it requires three network namespaces connected by veth pairs. The sender does a normal send() followed by splice() on the same TCP connection. GRO on the forwarding hop coalesces the two into a single skb where the send() segment becomes the head (no flag) and the splice() segment goes into the frag_list (flag set). The forwarder has GSO disabled on its egress veth, so skb_segment() fires and strips the flag. The segments then reach an espintcp receiver that decrypts in place. The GRO coalescing step requires both segments to arrive in the same NAPI poll cycle, which is reliable with back-to-back sends but not fully deterministic, so the exploit retries on failure. The rest of the exploitation is identical to Fragnesia: AES-GCM keystream control gives a deterministic one-byte page-cache write per trigger, and the exploit iterates over a small ELF payload to overwrite a SUID binary.
We have reported this to the relevant parties. There is a pending patch (not currently accepted or merged) on the netdev list that would incidentally help prevent this by propagating the flag earlier in the GRO path, though it was not written to address this bug specifically, and no patch currently proposed fixes the root cause in skb_segment() itself.
https://github.com/v12-security/pocs/tree/main/fragnesia-5db89c99566fc
This is a variant of our Fragnesia bug (CVE-2026-46300) that bypasses the merged fix (commit f84eca581739) by exploiting a separate path that remains unpatched in both mainline and the netdev net tree as of 2026-05-15 18:00 UTC.
The bug is in skb_segment() in net/core/skbuff.c. When building GSO segments from an skb that has a frag_list, the function propagates SKBFL_SHARED_FRAG only from the head skb. If a frag_list member carries page-cache-backed frags with the flag set but the head does not, the resulting segment skbs lose the marker. This lets them pass the skip_cow guard in esp_input() and get decrypted in place over page-cache pages, same primitive as the original Dirty Frag and Fragnesia exploits.
Triggering it requires three network namespaces connected by veth pairs. The sender does a normal send() followed by splice() on the same TCP connection. GRO on the forwarding hop coalesces the two into a single skb where the send() segment becomes the head (no flag) and the splice() segment goes into the frag_list (flag set). The forwarder has GSO disabled on its egress veth, so skb_segment() fires and strips the flag. The segments then reach an espintcp receiver that decrypts in place. The GRO coalescing step requires both segments to arrive in the same NAPI poll cycle, which is reliable with back-to-back sends but not fully deterministic, so the exploit retries on failure. The rest of the exploitation is identical to Fragnesia: AES-GCM keystream control gives a deterministic one-byte page-cache write per trigger, and the exploit iterates over a small ELF payload to overwrite a SUID binary.
We have reported this to the relevant parties. There is a pending patch (not currently accepted or merged) on the netdev list that would incidentally help prevent this by propagating the flag earlier in the GRO path, though it was not written to address this bug specifically, and no patch currently proposed fixes the root cause in skb_segment() itself.
https://github.com/v12-security/pocs/tree/main/fragnesia-5db89c99566fc
GitHub
pocs/fragnesia-5db89c99566fc at main · v12-security/pocs
poc it like it's hot. Contribute to v12-security/pocs development by creating an account on GitHub.
Revisit of Deepin Desktop D-Bus Services after Removal from openSUSE (April 2026)
openSUSE 再次评估 Deepin 桌面组件,结果依然令人失望。虽然官方声称已修复,但审计发现 Backlight Helper 缺少 Polkit 认证,Accounts Service 更是漏洞百出:CreateGuestUser 存在竞态条件,SetHomeDir 可将家目录移至 /root,SetPassword 甚至泄露明文密码并存在 root 提权风险。openSUSE 表示 Deepin 安全文化堪忧,修复效率极低,建议用户谨慎使用,并已降低其审核优先级。
https://security.opensuse.org/2026/04/20/winter-spotlight.html#section-deepin
#aigc
openSUSE 再次评估 Deepin 桌面组件,结果依然令人失望。虽然官方声称已修复,但审计发现 Backlight Helper 缺少 Polkit 认证,Accounts Service 更是漏洞百出:CreateGuestUser 存在竞态条件,SetHomeDir 可将家目录移至 /root,SetPassword 甚至泄露明文密码并存在 root 提权风险。openSUSE 表示 Deepin 安全文化堪忧,修复效率极低,建议用户谨慎使用,并已降低其审核优先级。
https://security.opensuse.org/2026/04/20/winter-spotlight.html#section-deepin
#aigc
内核的
选用 drop privilege 前会打开受限文件,且至析构时不关闭之的 victim,利用依赖
__ptrace_may_access() 通过任务的 mm 结构体内容判定一个进程是否有权限 ptrace 另一个进程, 但 exit_mm() 析构一个进程时会将 task.mm 置为 NULL, 此时 __ptrace_may_access() 会跳过该检查,但仍然会检查 uid/gid 一致性选用 drop privilege 前会打开受限文件,且至析构时不关闭之的 victim,利用依赖
__ptrace_may_access() 进行权限检查的 pidfd_getfd() race 进程退出时 mm 置为空而 fd 尚未清空的时机,成功时即可得到敏感文件的 fd。ssh-keysign-pwn: Steal SSH host private keys and /etc/shadow via the ptrace_may_access mm-NULL bypass + pidfd_getfd. Pre-31e62c2ebbfd kernels.
With ssh-keysign-pwn, unprivileged users are able to read root-owned files. That affects all Linux kernel releases up through today's latest Linux Git state as of earlier today.
__ptrace_may_access() skips the dumpable check when task->mm == NULL. do_exit() runs exit_mm() before exit_files() — no mm, fds still there. pidfd_getfd(2) succeeds in that window when the caller's uid matches the target's.
Reported by Qualys and fixed by the mainline Linux kernel earlier today. This patch to adjust the kernel's ptrace behavior is what fixes the issue.
Jann Horn flagged the FD-theft shape in October 2020.
More details on ssh-keysign-pwn can be found via this GitHub repository.
https://www.phoronix.com/news/Linux-ssh-keysign-pwn
With ssh-keysign-pwn, unprivileged users are able to read root-owned files. That affects all Linux kernel releases up through today's latest Linux Git state as of earlier today.
__ptrace_may_access() skips the dumpable check when task->mm == NULL. do_exit() runs exit_mm() before exit_files() — no mm, fds still there. pidfd_getfd(2) succeeds in that window when the caller's uid matches the target's.
Reported by Qualys and fixed by the mainline Linux kernel earlier today. This patch to adjust the kernel's ptrace behavior is what fixes the issue.
Jann Horn flagged the FD-theft shape in October 2020.
More details on ssh-keysign-pwn can be found via this GitHub repository.
https://www.phoronix.com/news/Linux-ssh-keysign-pwn
GitHub
GitHub - 0xdeadbeefnetwork/ssh-keysign-pwn: Steal SSH host private keys and /etc/shadow via the ptrace_may_access mm-NULL bypass…
Steal SSH host private keys and /etc/shadow via the ptrace_may_access mm-NULL bypass + pidfd_getfd. Pre-31e62c2ebbfd kernels. - 0xdeadbeefnetwork/ssh-keysign-pwn
