最终修改只是 libcuda.so 中的一个字节,等有空让大模型给我写篇博客,讲一讲如何对付刀法。
更新:博客初稿已完成 https://harrychen.xyz/2026/05/20/enable-gpudirect-rdma-on-rtx-5090/
Today we also contacted the [email protected], but since exploits are already public we were told to send this to [email protected] instead, hence this post. We are not publishing our advisory yet, to give distributions and users a chance to patch.
只能说现在基于 Agent 审 patch 的抢人头行为确实实实在在地影响了负责任披露流程。
https://www.openwall.com/lists/oss-security/2026/05/15/2
v12 这家公司给人一种为了卖AI天天发PoC的感觉
以漏洞之名搞营销
漏洞禁运期呢?
https://x.com/i/status/2056736461672849860
https://x.com/i/status/2056418504547746301
而且issue区还禁评了,捂嘴了
https://github.com/v12-security/pocs/issues
#security
Pintheft LPE
Linux RDS(Reliable Datagram Sockets) 模块存在重复释放问题导致攻击者可以利用 io_uring 模块去覆写具有 suid 的 Page cache 从而实现LPE。
缓解办法:拉黑
https://github.com/v12-security/pocs/tree/main/pintheft
Pintheft LPE
Linux RDS(Reliable Datagram Sockets) 模块存在重复释放问题导致攻击者可以利用 io_uring 模块去覆写具有 suid 的 Page cache 从而实现LPE。
缓解办法:拉黑
rds_tcp rds 模块# rmmod rds_tcp rds
# printf 'install rds /bin/false\ninstall rds_tcp /bin/false\n' > /etc/modprobe.d/pintheft.confhttps://github.com/v12-security/pocs/tree/main/pintheft
#前端 #供应链攻击 #npm #安全 #新动态
想必大家都看麻了x
早用 pnpm 早超生,俩周以内的依赖更新不装((
Active Supply Chain Attack Compromises @antv Packages on npm:npm 上的 AntV 可视化库包被植入恶意代码,构成活跃的供应链攻击。
[以下是方便搜索索引的大纲(AI 生成),请读原文]
想必大家都看麻了x
早用 pnpm 早超生,俩周以内的依赖更新不装((
Active Supply Chain Attack Compromises @antv Packages on npm:npm 上的 AntV 可视化库包被植入恶意代码,构成活跃的供应链攻击。
AI 摘要:2026 年 5 月,Socket Research Team 发现 @antv 系列 npm 包遭到供应链攻击,攻击者发布恶意版本,通过 postinstall 脚本窃取环境变量和 npm token,影响 @antv/g6、@antv/util 等多个核心包,建议用户立即版本锁定并轮换密钥。
[以下是方便搜索索引的大纲(AI 生成),请读原文]
1. 攻击事件概览
• 2026 年 5 月 11–19 日期间,大量 @antv 子包集中发布恶意版本,时间戳显示攻击窗口集中。
• Socket 安全团队通过实时包监控(package monitoring)发现异常发布行为并发出警报。
2. 攻击手法与技术细节
• 恶意代码嵌入 postinstall 钩子,安装时自动执行,窃取系统环境变量、npm token 及敏感配置。
• 攻击者利用泄露的维护者凭据或通过社会工程学获取 npm 发布权限。
3. 受影响包范围
• 涉及 @antv/scale、@antv/attr、@antv/component、@antv/g6 等数十个包的多个版本。
• 所有在 2026-05-11 至 2026-05-19 时间窗口内发布的版本均为恶意版本。
4. 紧急缓解措施
• 锁定依赖版本,避免使用上述时间窗口内的版本。
• 运行 npm audit 或使用 Socket 工具扫描项目并移除受影响包。
• 立即轮换所有可能泄露的 npm token、环境变量及 API 密钥。
• 关注 AntV 官方后续安全公告,升级到修复后的版本。
Socket
Active Supply Chain Attack Compromises @antv Packages on npm...
Active npm supply chain attack compromises @antv packages in a fast-moving malicious publish wave tied to Mini Shai-Hulud.
Cloudflare 针对 Mythos 模型发布了评测报告,提出了他们自己的一些使用大模型进行安全审查的 Harness 思考,可以空闲的时候当阅读材料看一看:
https://blog.cloudflare.com/cyber-frontier-models/
https://blog.cloudflare.com/cyber-frontier-models/
The Cloudflare Blog
Project Glasswing: what Mythos showed us
In recent weeks, we pointed Mythos and other security-focused LLMs at live code across critical parts of our infrastructure. We share what we observed, the models’ strengths and weaknesses, and what the work around them needs to look like before any of it…
TIL: 知名 MAGIC_STRING
ref: https://platform.claude.com/docs/en/test-and-evaluate/strengthen-guardrails/handle-streaming-refusals#implementation-guide
ANTHROPIC_MAGIC_STRING_* 在官方文档和 API 中被弃用。ref: https://platform.claude.com/docs/en/test-and-evaluate/strengthen-guardrails/handle-streaming-refusals#implementation-guide
PL Nerd 迎来惊天大变,Vibe Coder 喜提 AI 原生
https://zhuanlan.zhihu.com/p/2039725076204016063
可能有订户觉得咱是 mbt 黑子(咱不否认),但是咱看完这篇文章之后只想给 mbt 郑重道歉。
我要洗眼睛!!!!
https://zhuanlan.zhihu.com/p/2039725076204016063
可能有订户觉得咱是 mbt 黑子(咱不否认),但是咱看完这篇文章之后只想给 mbt 郑重道歉。
我要洗眼睛!!!!
中国地震台网自动测定:05月18日21时44分在广西柳州市柳南区附近(北纬24.37度,东经109.26度)发生5.2级左右地震,最终结果以正式速报为准。
https://weibo.com/1904228041/R016t3Cqb
(你没看错,又来了一轮)
https://weibo.com/1904228041/R016t3Cqb
(你没看错,又来了一轮)
#优质博文 #CSS #前端 #新动态
Gap decorations: Now available in Chromium | Chrome for Developers:CSS 终于原生支持给 Flex/Grid 间隙加分割线了,再也不用手写各种伪元素和 Border Hack 啦!Chrome 149 正式引入 CSS Gap Decorations。
Gap decorations: Now available in Chromium | Chrome for Developers:CSS 终于原生支持给 Flex/Grid 间隙加分割线了,再也不用手写各种伪元素和 Border Hack 啦!Chrome 149 正式引入 CSS Gap Decorations。
AI 摘要:Chrome 149 正式引入 CSS Gap Decorations,新增 row-rule 和 column-rule 属性。开发者现在可以像使用 column-rule 处理多列布局一样,直接为网格(Grid)和弹性盒(Flex)布局的间距添加分割线。该功能支持复杂的样式重复(repeat())、动画效果以及交叉点断开控制(rule-break),极大简化了 UI 分割线的实现逻辑。
Chrome for Developers
Gap decorations: Now available in Chromium | Blog | Chrome for Developers
A new way to style gaps in CSS from Chrome and Edge 149.
中国地震台网正式测定:05月18日00时21分在广西柳州市柳南区(北纬24.38度,东经109.26度)发生5.2级地震,震源深度8千米。
https://weibo.com/2817059020/QFQcops28
https://weibo.com/2817059020/QFQcops28
https://app.mokahr.com/m/social-recruitment/high-flyer/140576#/job/54f386a9-913b-4626-9bf4-e1709b62fcda
以 5.99 美刀为例,Steam 按三种方式的转换价格分别为¥ 42.00、¥ 22.00、¥ 26.00 .
https://partner.steamgames.com/pricing/explorer
https://steamcommunity.com/groups/steamworks/announcements/detail/501722749836722406
fragnesia-5db89c99566fc
This is a variant of our Fragnesia bug (CVE-2026-46300) that bypasses the merged fix (commit f84eca581739) by exploiting a separate path that remains unpatched in both mainline and the netdev net tree as of 2026-05-15 18:00 UTC.
The bug is in skb_segment() in net/core/skbuff.c. When building GSO segments from an skb that has a frag_list, the function propagates SKBFL_SHARED_FRAG only from the head skb. If a frag_list member carries page-cache-backed frags with the flag set but the head does not, the resulting segment skbs lose the marker. This lets them pass the skip_cow guard in esp_input() and get decrypted in place over page-cache pages, same primitive as the original Dirty Frag and Fragnesia exploits.
Triggering it requires three network namespaces connected by veth pairs. The sender does a normal send() followed by splice() on the same TCP connection. GRO on the forwarding hop coalesces the two into a single skb where the send() segment becomes the head (no flag) and the splice() segment goes into the frag_list (flag set). The forwarder has GSO disabled on its egress veth, so skb_segment() fires and strips the flag. The segments then reach an espintcp receiver that decrypts in place. The GRO coalescing step requires both segments to arrive in the same NAPI poll cycle, which is reliable with back-to-back sends but not fully deterministic, so the exploit retries on failure. The rest of the exploitation is identical to Fragnesia: AES-GCM keystream control gives a deterministic one-byte page-cache write per trigger, and the exploit iterates over a small ELF payload to overwrite a SUID binary.
We have reported this to the relevant parties. There is a pending patch (not currently accepted or merged) on the netdev list that would incidentally help prevent this by propagating the flag earlier in the GRO path, though it was not written to address this bug specifically, and no patch currently proposed fixes the root cause in skb_segment() itself.
https://github.com/v12-security/pocs/tree/main/fragnesia-5db89c99566fc
This is a variant of our Fragnesia bug (CVE-2026-46300) that bypasses the merged fix (commit f84eca581739) by exploiting a separate path that remains unpatched in both mainline and the netdev net tree as of 2026-05-15 18:00 UTC.
The bug is in skb_segment() in net/core/skbuff.c. When building GSO segments from an skb that has a frag_list, the function propagates SKBFL_SHARED_FRAG only from the head skb. If a frag_list member carries page-cache-backed frags with the flag set but the head does not, the resulting segment skbs lose the marker. This lets them pass the skip_cow guard in esp_input() and get decrypted in place over page-cache pages, same primitive as the original Dirty Frag and Fragnesia exploits.
Triggering it requires three network namespaces connected by veth pairs. The sender does a normal send() followed by splice() on the same TCP connection. GRO on the forwarding hop coalesces the two into a single skb where the send() segment becomes the head (no flag) and the splice() segment goes into the frag_list (flag set). The forwarder has GSO disabled on its egress veth, so skb_segment() fires and strips the flag. The segments then reach an espintcp receiver that decrypts in place. The GRO coalescing step requires both segments to arrive in the same NAPI poll cycle, which is reliable with back-to-back sends but not fully deterministic, so the exploit retries on failure. The rest of the exploitation is identical to Fragnesia: AES-GCM keystream control gives a deterministic one-byte page-cache write per trigger, and the exploit iterates over a small ELF payload to overwrite a SUID binary.
We have reported this to the relevant parties. There is a pending patch (not currently accepted or merged) on the netdev list that would incidentally help prevent this by propagating the flag earlier in the GRO path, though it was not written to address this bug specifically, and no patch currently proposed fixes the root cause in skb_segment() itself.
https://github.com/v12-security/pocs/tree/main/fragnesia-5db89c99566fc
GitHub
pocs/fragnesia-5db89c99566fc at main · v12-security/pocs
poc it like it's hot. Contribute to v12-security/pocs development by creating an account on GitHub.
