A while ago we got our hands on documents from the Xinjiang Police College in Urumqi, concerning the requirements on their Cyberspace Security Laboratory to be build in 2025.
The document was quite detailed on what kind of training the authorities are planning to provide to the upcoming members of the "cyber police" and delivers some interesting insights into the capabilities of the security services.
It holds details on what kind of malware and viruses the training setup should include, remote intelligence gathering ( including OSINT and network traffic analysis of targets and suspects ), learning how to use "living off the land" tooling to conduct offensive as well as defensive tactics.
It also holds references to AI capabilities and the procurement of NVIDIA RTX 4090 ( which were on the entity list at the stage of the release of the document ).
Old technique, new zero-day
CVE-2026-5426 in KnowledgeDeliver is related to hardcoded machine keys enabling ViewState deserialization attacks. If you're a defender in APJ, but especially Japan, this may be relevant to you:
EN:
https://t.co/DJLspWRWNP
JP:
https://t.co/o7r7WEVsrE
And this one is human insight w/ LLM-assisted research. Took about one week to finish everything. The AI really rescued me from a lot of tedious work
— excluding the part where it changed the Domain Admin password, locked me out, and claimed it got RCE 🤦
Confirmed! Orange Tsai (@orange_8361) of DEVCORE Research Team (@d3vc0r3) chained 4 logic bugs to achieve a sandbox escape on Microsoft Edge, earning $175,000 and 17.5 Master of Pwn points. Full win! #Pwn2Own#P2OBerlin
🛑 3rd Linux kernel LPE in just ~2 weeks: Fragnesia (CVE-2026-46300) just dropped.
Attackers can now gain root by corrupting the kernel page cache through a flaw in XFRM ESP-in-TCP.
PoC is public. Major distros have already issued advisories.
Details: https://t.co/s8S9XA3sl1
🚨 Palo Alto has disclosed a zero day: CVE-2026-0300 (CVSS 9.3) - a buffer overflow vulnerability in the Captive Portal service of PAN-OS.
Nuclei template for fingerprinting PAN-OS:
https://t.co/9h3Fihh3Y3
This issue is applicable only to PA-Series and VM-Series firewalls that are configured to use User-ID™ Authentication Portal - Prisma Access, Cloud NGFW and Panorama appliances are not impacted by this vulnerability.
No patches are available yet, only workarounds. Full details and mitigations are in the official advisory.
https://t.co/gtNOVl24fg
CVE‑2026‑31431 — Copy‑Paste Root Detection 😂
Ever wondered which of your Linux users are achieving “instant root” status by simply copy‑pasting commands into the terminal and hitting execute?
#Cybersecurity#CopyFail#DumbUserDetection
🔥 GitHub RCE via single git push!
CVE-2026-3854: Unsanitized push options let attackers run commands on backend servers, bypassing sandboxing (cross-tenant risk).
🔗 Learn how header injection led to full compromise → https://t.co/YzdRbikpau
Patched within hours.