今日已更新 38 条资讯 | 累计 21257 条内容
关于我们

标签:#rce

找到 1516 篇相关文章

AI 资讯

Defender zero-days CVE-2026-41091 and 45498 — what defenders should do today (May 2026)

Microsoft published two Defender vulnerabilities on May 19, 2026 that are being actively exploited in the wild, and CISA has already pushed both into the Known Exploited Vulnerabilities catalog. If you run Windows endpoints, this is a same-week update item, not a "schedule it for the next maintenance window" item. The patches exist, the abuse is happening, and the BOD 22-01 deadline for federal civilian agencies is June 3, 2026. what follows: what happened, who needs to act, and what to do today before someone else makes the decision for you. What's being exploited CVE-2026-41091 is an Elevation of Privilege bug in Microsoft Defender's scanning logic, rated Important. The root cause is improper link resolution before file access. An authenticated local attacker plants symbolic links or NTFS junctions that point at attacker-controlled paths, then triggers Defender to follow them. Defender operates with SYSTEM privileges during scan operations, so the file actions Defender performs on those crafted targets execute as SYSTEM. Net result: a non-admin local user gets full SYSTEM on the host. The attacker needs an authenticated session already. That sounds like a high bar until you remember that initial-access malware lands at user-level, then chains a local privilege escalation to get persistence and lateral-movement capability. CVE-2026-41091 is the second-stage tool intrusion sets are looking for. The Hacker News and BleepingComputer both confirm the in-the-wild abuse is happening. CVE-2026-45498 is a Denial of Service in the Microsoft Defender Antimalware Platform itself. Attackers can trigger a platform-level crash that takes Defender's protection capabilities offline. The exploitation pattern here is the obvious one: kill the EDR/AV before deploying the actual payload, get a clean window for follow-on actions, restore Defender or leave it broken depending on how careful the operator is. CISA's KEV listing tells you this is being chained operationally, not a theoreti

2026-06-05 原文 →
AI 资讯

I Made a Battery Admit It Was Only 73% Healthy — On-Device, End to End

Voltage lies. Put a battery under load and its terminal voltage sags. Let it rest and the voltage springs back. A naive fuel gauge watching only voltage will happily tell you a worn-out cell is "fine" right up until it falls off a cliff. The number you actually care about — is this battery still good, or is it time to replace it? — isn't in the instantaneous voltage at all. It's in the capacity : how much charge the cell can still deliver between full and empty. That quantity fades as a cell ages. Tracking it is called State of Health (SoH) , and it's the difference between "the device says 80%" and "the device has 80% of the runtime it had when it was new." I wanted my open-source battery SDK ( ibattery-sdk , Apache-2.0) to learn SoH on the device itself — no cloud model, no floating-point, on MCUs with kilobytes of RAM. This post is the story of getting that working end to end: from a coulomb integral in firmware to a faded value showing up live on a Grafana dashboard. The idea: learn capacity from one full→empty trip You don't need a PhD-grade model to estimate usable capacity. You need two anchors and an ammeter. Full anchor — when the cell is at its full-voltage plateau, declare "this is full" and set the coulomb counter to the rated capacity. Discharge — integrate current over time (coulomb counting). Every milliamp-hour that leaves the cell ticks the counter down. Empty anchor — when the cell hits its empty-voltage threshold, look at how much charge actually flowed. A healthy cell delivers close to its rated capacity before going empty. An aged cell hits empty early — it simply has less to give. From the charge measured between those two anchors, you get the cell's real usable capacity, and SoH = measured / rated . The SDK runs it through an integer EMA (so one noisy excursion doesn't whip the estimate around) and a plausibility guard (reject anything outside 30–120% of rated — that's almost certainly a glitch, not a real measurement). The whole thing is inte

2026-06-05 原文 →
AI 资讯

Godot AI? Here is the solution: What is Golem-AI?

Enlace a post en Español Click If you are developing games in Godot and using AI to help you code, you are probably tired of constantly switching tabs between your editor and the browser. Copying code, pasting it, explaining your scene context over and over again... it is a massive workflow killer. To solve this, I built Golem-AI (named after the Godot Engine logo because let's face it, it looks like a tiny, friendly mechanical golem). It is a "Cursor-style" AI assistant extension integrated directly into a dock right inside your Godot 4.2+ editor. Today, I am opening the repository to the community as a completely open-source project. It is currently in Beta and has some bugs, but it is fully functional, and I want to share it so we can improve it together. / ____/___ / /__ ____ ___ / | / _/ / / __/ __ \/ / _ \/ __ `__ \______/ /| | / / / /_/ / /_/ / / __/ / / / / /_____/ ___ |_/ / \____/\____/_/\___/_/ /_/ /_/ /_/ |_/___/ 🎮 How it Looks Inside the Editor Here is a glimpse of the integrated dock interface, its session history, and the context autocomplete system in action: 🔥 Key Features 🦙 Local & Cloud Providers: Connect it to Ollama or LM Studio for a 100% free, offline local workflow, or hook it up to OpenAI, Anthropic, Gemini, or Cursor proxies. 🧠 Cursor-Style UX & Context (@ Mentions): Type @ in the chat composer to automatically attach open scenes, specific project files, or custom skills directly into the prompt. 🛠️ Editor Tool Calling: It features an optional multi-step verification loop. The AI can actually interact with native Godot editor tools to help you iterate and fix things faster. 📚 Markdown Skills System: Feed the assistant specific workflows, style guides, or documentation using standard markdown files (/skill or @skill :id). 💬 Advanced Chat UI: Built-in "thinking blocks", agent step progress tracking, searchable history sessions, and a native bilingual UI (English / Spanish). 🛠️ The Current State: "It works, but..." (Looking for Beta Testers!) L

2026-06-05 原文 →
开发者

Arc v0.0.1-alpha - A Lightweight C-Based Programming Language

We are excited to announce the first alpha release of Arc, a lightweight, C-based programming language and interpreter designed for simplicity, performance, and educational clarity. Version Overview Version: v0.0.1-alpha Status: Alpha (Experimental) License: GPL-3.0 This initial release establishes the foundational pipeline of the Arc language, from lexical analysis to AST-based interpretation, featuring a robust set of core language constructs and a custom memory management system. Key Features Language Core Variable System: Declaration and updates using the VAR keyword. Functions: Support for custom functions (FN) with parameters and RETURN values. Control Flow: Conditional branching with IF, THEN, ELIF, and ELSE. Iterative loops with WHILE, FOR, and THEN. Loop control with BREAK and CONTINUE. Exception Handling: Graceful error recovery using TRY...CATCH blocks. Data Types: Integrated support for Numbers (Integers/Floats), Strings, Booleans, and Lists. Import System: Modularize projects by importing other .arc files using IMPORT. Syntax Highlights Case Sensitivity: Keywords (e.g., VAR, WHILE, IF) are case-insensitive. Identifiers (variable and function names) are case-sensitive. Operators: Comprehensive set of arithmetic (+, -, *, /, ^), comparison (==, !=, <, >, <=, >=), and logical (AND, OR, NOT) operators. Comments: Single-line comments starting with #. Built-in Standard Library I/O Operations: print, get_input, open_file, read_file, write_file, close_file. Data Manipulation: len_of, typeof, to_int, split_string, append_list, range. Math Library: A comprehensive math.arc providing constants (PI, E) and functions (sin, cos, tan, sqrt, log, etc.). Tooling & CLI Arc comes with a powerful CLI and an interactive REPL: Interactive REPL: Run code line-by-line with syntax highlighting. CLI Options --debug (-d): View tokens and AST tree during execution. --code (-c): Execute a string of code directly. --float-precision (-p): Control decimal output. --mempool-size (-m):

2026-06-05 原文 →
AI 资讯

How I stopped nodding along and actually contributed to open source

For years I saw "open source contributions" on job descriptions and just... nodded along. Typed it into Google once, got overwhelmed, closed the tab. It always seemed like something other people did. People who actually knew what they were doing. People who weren't me. Then I started looking into it properly. And honestly? It still seemed big. Like I'd need to understand an entire codebase, find a complex bug, write some genius fix that the maintainers would applaud. Turns out that's not it at all. I found some resources that changed how I saw it completely. The bar to start is embarrassingly low, and that's intentional. The open source community built it that way on purpose. So I did it. Was it a few lines of code? Yes. Did I do it directly in the browser like a person who has no idea what they're doing? Also yes. Do I care? Absolutely not. Where to actually start: goodfirstissue.dev — filters repos by good first issue label up-for-grabs.net — same idea, different interface Docs you already use — if you read something and think "that's oddly worded," you're already there GitHub search — label:"good first issue" is:open and filter by language Here's the thing though, this isn't just about open source. Everything seems big and intimidating at first. So you start small. One tiny contribution. Not because it's impressive but because it's real, and it's yours, and it builds something. Confidence mostly. Then you do a slightly bigger thing. Then a bigger thing after that. You don't level up by waiting until you're ready. You level up by starting small and not stopping. My first contribution exists now. That's enough for today.

2026-06-04 原文 →
AI 资讯

I built a Brave debloater that refuses to brick your browser

(yes, its open source. link at the bottom, if u want to skip ahead!) Most "debloat scripts" are a pile of registry edits you run as admin and pray. No preview, no undo, and half of them happily disable Safe Browsing or updates for "performance." For your browser, the most security-sensitive app you run, that's reckless. So I built BraveDebloater with one rule: never make Brave less safe. It clears out the noise like Rewards, Wallet, VPN nags, Leo AI prompts, News, and telemetry such as P3A, Web Discovery, and Chromium metrics. But it flat-out refuses to disable Shields, weaken Safe Browsing, turn off updates, or touch your hosts file. That isn't a README promise. It's enforced in the tool itself. A few things that make it trustworthy: Dry-run by default. Nothing changes until you explicitly apply. Official Brave/Chromium enterprise policies, so every change is visible and auditable in brave://policy instead of hidden. Automatic backups before any change, written safely so you never end up with a corrupted file. Validated restore that checks the backup before writing anything and only touches Brave's own policy and profile files. Doctor mode, a read-only health check of your current policy state with no writes. It's MIT-licensed, PowerShell 5.1 compatible, and has a few beginner-friendly issues open. If you care about privacy or Windows tooling, I'd love a star and a PR. Check it out at: https://github.com/osfv/BraveDebloater

2026-06-04 原文 →