☬(◣_◢)꧂ลя๏¢รэ 𝑨𝒓𝒆𝒍𝒊 𝑶𝒄𝒕𝒂𝒗𝒊𝒐 𝒔𝒐𝒍𝒊𝒔

做渗透测试，最耗时间的从来不是“找不到漏洞”，而是扫描器误报满屏，你还得一条条手动复核，真正的高危点反而被噪音淹没。 最近看到一个开源安全扫描器 Lonkero，主打“把误报压下去”。它用贝叶斯假设引擎 + 智能过滤，把误报率做到约 5%，比行业常见水平低出一截，结果更干净，验证更省事。 Lonkero 基于 Rust 构建，内置 125+ 专业扫描器，覆盖注入、认证、API 安全、现代框架等场景；还能自动识别技术栈并动态调整测试策略，不用你反复手动配置。 GitHub：https://t.co/7tQ6QI7rR6 它还带机器学习引擎：每次扫描后都会学习响应模式，越跑越准；同时支持联邦学习，只共享模型权重、不上传原始数据，让社区一起把模型越训越好。 如果你想要一个低误报、高效率、适配主流技术栈的渗透测试工具，或者已经受够了传统扫描器的“误报海”，Lonkero 值得试一试。

⚠️First Public macOS Kernel Exploit on Apple M5 Prepared Using Mythos Preview in Five Days Source: https://t.co/CDD1VZTlbv Apple's M5 silicon has reportedly been exploited for the first time in a public macOS kernel memory corruption attack, successfully bypassing the company's notable hardware-level memory protection. The exploit chain starts from an unprivileged local user account, uses only standard system calls, and delivers a full root shell, all while Apple's Memory Integrity Enforcement (MIE) is active. The breakthrough was made possible in part by Anthropic's Mythos Preview, a powerful AI model that helped identify the two vulnerabilities and assisted throughout the exploit development process. #cybersecuritynews

🚨 Arkadaşlar, web scraping dünyasında çok ciddi bir kırılma noktası yaşandı. 🫪 OpenClaw (Scrapling), artık herhangi bir web sitesini **engellenmeden** scrape edebiliyor. - Sıfır robot tespiti - Cloudflare’ı doğal yollarla bypass ediyor - BeautifulSoup’tan **774 kat daha hızlı** - Seçici (selector) bakımına gerek yok - Sadece veri istiyorsunuz, gerisini o hallediyor Tamamen açık kaynak ve son derece güçlü. Web scraping, veri toplama ve otomasyon işleriyle uğraşan herkesin mutlaka incelemesi gereken bir proje. 🔗 GitHub: https://t.co/XqGgrlerdW Sizce bu tür stealth ve yüksek performanslı scraping araçları, veri toplama ve otomasyon süreçlerini ne ölçüde dönüştürecek? Düşüncelerinizi yorumlara yazın, beraber konuşalım. 🕷️

‼️🚨 BREAKING: An AI found a Linux kernel zero-day that roots every distribution since 2017. The exploit fits in 732 bytes of Python. Patch your kernel ASAP. The vulnerability is CVE-2026-31431, nicknamed "Copy Fail," disclosed today by Theori. It has been sitting quietly in the Linux kernel for nine years. Most Linux privilege-escalation bugs are picky. They need a precise timing window (a "race"), or specific kernel addresses leaked from somewhere, or careful tuning per distribution. Copy Fail needs none of that. It is a straight-line logic mistake that works on the first try, every time, on every mainstream Linux box. The attacker just needs a normal user account on the machine. From there, the script asks the kernel to do some encryption work, abuses how that work is wired up, and ends up writing 4 bytes into a memory area called the "page cache" (Linux's high-speed copy of files in RAM). Those 4 bytes can be aimed at any program the system trusts, like /usr/bin/su, the shortcut to becoming root. Result: the next time anyone runs that program, it lets the attacker in as root. What should worry most: the corruption never touches the file on disk. It only exists in Linux's in-memory copy of that file. If you imaged the hard drive afterwards, the on-disk file would match the official package hash exactly. Reboot the machine, or just put it under memory pressure (any normal system load that needs the RAM), and the cached copy reloads fresh from disk. Containers do not help either. The page cache is shared across the whole host, so a process inside a container can use this bug to compromise the underlying server and reach into other tenants. The original sin was a 2017 "in-place optimization" in a kernel crypto module called algif_aead. It was meant to make encryption slightly faster. The change broke a critical safety assumption, and nobody noticed for nine years. That bug then rode every kernel update from 2017 to today. This vulnerability affects the following: 🔴 Shared servers (dev boxes, jump hosts, build servers): any user becomes root 🔴 Kubernetes and container clusters: one compromised pod escapes to the host 🔴 CI runners (GitHub Actions, GitLab, Jenkins): a malicious pull request becomes root on the runner 🔴 Cloud platforms running user code (notebooks, agent sandboxes, serverless functions): a tenant becomes host root Timeline: 🔴 March 23, 2026: reported to the Linux kernel security team 🔴 April 1: patch committed to mainline (commit a664bf3d603d) 🔴 April 22: CVE assigned 🔴 April 29: public disclosure Mitigation: update your kernel to a build that includes mainline commit a664bf3d603d. If you cannot patch immediately, turn off the vulnerable module: echo "install algif_aead /bin/false" > /etc/modprobe.d/disable-algif.conf rmmod algif_aead 2>/dev/null || true For environments that run untrusted code (containers, sandboxes, CI runners), block access to the kernel's AF_ALG crypto interface entirely, even after patching. Almost nothing legitimate needs it, and blocking it shuts the door on this whole class of bug...