Real-time cybersecurity news from 190+ sources. Updated every 5 minutes.
Join the next webinar organized by the Digital Security Helpline, to discuss key trends and strategies to keep at-risk actors safe online. The post Digital security in war and conflict: challenges for...
BYO power for AI bit barns may be the best way to ease the problem, says energy watchdog
CVE ID :CVE-2026-45672 Published : May 15, 2026, 8:55 p.m. | 21 minutes ago Description :Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Pr...
CVE ID :CVE-2026-8696 Published : May 15, 2026, 8:52 p.m. | 24 minutes ago Description :radare2 6.1.5 contains a use-after-free vulnerability in the gdbr_pids_list() function within the GDB ...
CVE ID :CVE-2026-45400 Published : May 15, 2026, 8:40 p.m. | 35 minutes ago Description :Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Pr...
CVE ID :CVE-2026-45402 Published : May 15, 2026, 8:40 p.m. | 36 minutes ago Description :Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Pr...
CVE ID :CVE-2026-45386 Published : May 15, 2026, 8:36 p.m. | 40 minutes ago Description :Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Pr...
CVE ID :CVE-2026-45397 Published : May 15, 2026, 8:34 p.m. | 42 minutes ago Description :Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Pr...
CVE ID :CVE-2026-45396 Published : May 15, 2026, 8:33 p.m. | 42 minutes ago Description :Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Pr...
CVE ID :CVE-2026-45395 Published : May 15, 2026, 8:33 p.m. | 43 minutes ago Description :Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Pr...
CVE ID :CVE-2026-45387 Published : May 15, 2026, 8:32 p.m. | 44 minutes ago Description :Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Pr...
CVE ID :CVE-2026-45385 Published : May 15, 2026, 8:29 p.m. | 22 minutes ago Description :Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Pr...
CVE ID :CVE-2026-45671 Published : May 15, 2026, 8:16 p.m. | 59 minutes ago Description :Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Pr...
CVE ID :CVE-2026-45675 Published : May 15, 2026, 8:16 p.m. | 59 minutes ago Description :Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Pr...
CVE ID :CVE-2026-44564 Published : May 15, 2026, 8:16 p.m. | 59 minutes ago Description :Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Pr...
CVE ID :CVE-2026-44568 Published : May 15, 2026, 8:16 p.m. | 59 minutes ago Description :Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Pr...
CVE ID :CVE-2026-45349 Published : May 15, 2026, 8:16 p.m. | 59 minutes ago Description :Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Pr...
CVE ID :CVE-2026-45399 Published : May 15, 2026, 8:16 p.m. | 59 minutes ago Description :Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Pr...
CVE ID :CVE-2026-44557 Published : May 15, 2026, 8:16 p.m. | 35 minutes ago Description :Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Pr...
CVE ID :CVE-2026-44561 Published : May 15, 2026, 8:16 p.m. | 59 minutes ago Description :Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Pr...
CVE ID :CVE-2026-44562 Published : May 15, 2026, 8:16 p.m. | 59 minutes ago Description :Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Pr...
CVE ID :CVE-2026-44553 Published : May 15, 2026, 8:16 p.m. | 35 minutes ago Description :Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Pr...
CVE ID :CVE-2026-44552 Published : May 15, 2026, 8:16 p.m. | 35 minutes ago Description :Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Pr...
A vulnerability has been discovered in Microsoft Exchange Server that could allow for arbitrary code execution. Microsoft Exchange Server is an enterprise-level email and collaboration platform develo...
THORChain officials said the investigation into the incident is ongoing but explained that one of their six vaults was compromised, leading to a loss of about $10.7 million.
A critical vulnerability in the Funnel Builder plugin for WordPress is being actively exploited to inject malicious JavaScript snippets into WooCommerce checkout pages. [...]
Serial number: AV26–474Date: May 15, 2026 On May 15, 2026, FreePBX published a security advisory to address a critical vulnerability in the following products: FreePBX Security-Reporting userman (Fr...
Weaponizing a text editor for fun and profitGather round, dear readers, because today, we (by we, we mean @h00die) dropped the ultimate persistence mechanism: Vim plugin persistence. And honestly, cal...
CVE ID :CVE-2026-46474 Published : May 15, 2026, 6:16 p.m. | 35 minutes ago Description :Trog::TOTP versions before 1.006 for Perl generate secrets using rand. Secrets were generated using ...
Второй ежеквартальный номер «Хакера» уже передан в типографию. Сейчас журналы печатают, а значит, до начала рассылки заказов осталось совсем немного времени. Так как тираж ограничен, и допечатки мы не...
During the second day of Pwn2Own Berlin 2026, competitors collected $385,750 in cash awards after exploiting 15 unique zero-day vulnerabilities in multiple products, including Windows 11, Microsoft E...
TL;DR for busy executives The AWS AI Security Framework helps security leaders move fast and stay secure with AI. Security compounds from day 1 as workloads evolve from prototype to production to scal...
В Android 17 появится система, которая сможет распознавать поддельные звонки якобы «из банка» и автоматически разрывать соединение. Также разработчики Google расширяют защиту от шпионского ПО, кражи O...
CVE ID :CVE-2026-8695 Published : May 15, 2026, 5:16 p.m. | 1 hour, 35 minutes ago Description :radare2 6.1.5 contains a use-after-free vulnerability in the gdbr_threads_list() function that...
CVE ID :CVE-2026-46383 Published : May 15, 2026, 5:16 p.m. | 1 hour, 35 minutes ago Description :Microsoft APM is an open-source, community-driven dependency manager for AI agents. Prior to ...
CVE ID :CVE-2026-44717 Published : May 15, 2026, 5:16 p.m. | 1 hour, 35 minutes ago Description :MCP Calculate Server is a mathematical calculation service based on MCP protocol and SymPy li...
CVE ID :CVE-2026-45539 Published : May 15, 2026, 5:16 p.m. | 1 hour, 35 minutes ago Description :Microsoft APM is an open-source, community-driven dependency manager for AI agents. From 0.5....
CVE ID :CVE-2026-45038 Published : May 15, 2026, 5:16 p.m. | 1 hour, 35 minutes ago Description :Tabby (formerly Terminus) is a highly configurable terminal emulator. Prior to 1.0.233, since...
CVE ID :CVE-2026-45037 Published : May 15, 2026, 5:16 p.m. | 1 hour, 35 minutes ago Description :Tabby (formerly Terminus) is a highly configurable terminal emulator. Prior to 1.0.232, Tabby...
CVE ID :CVE-2026-45035 Published : May 15, 2026, 5:16 p.m. | 1 hour, 35 minutes ago Description :Tabby (formerly Terminus) is a highly configurable terminal emulator. Prior to 1.0.233, Tabby...
CVE ID :CVE-2026-44774 Published : May 15, 2026, 5:16 p.m. | 1 hour, 35 minutes ago Description :Traefik is an HTTP reverse proxy and load balancer. Prior to 2.11.46, 3.6.17, and 3.7.1, Trae...
CVE ID :CVE-2026-44714 Published : May 15, 2026, 5:16 p.m. | 1 hour, 35 minutes ago Description :The bitcoinj library is a Java implementation of the Bitcoin protocol. Prior to 0.17.1, Scrip...
CVE ID :CVE-2026-44699 Published : May 15, 2026, 5:16 p.m. | 1 hour, 35 minutes ago Description :LibJWT is a C JSON Web Token Library. From 3.0.0 to 3.3.2, libjwt accepts an RSA JWK that doe...
CVE ID :CVE-2026-44310 Published : May 15, 2026, 5:16 p.m. | 1 hour, 35 minutes ago Description :Gitsign is a keyless Sigstore to signing tool for Git commits with your a GitHub / OIDC ident...
CVE ID :CVE-2026-44309 Published : May 15, 2026, 5:16 p.m. | 1 hour, 35 minutes ago Description :Gitsign is a keyless Sigstore to signing tool for Git commits with your a GitHub / OIDC ident...
CVE ID :CVE-2026-44641 Published : May 15, 2026, 5:16 p.m. | 1 hour, 35 minutes ago Description :Microsoft APM is an open-source, community-driven dependency manager for AI agents. Prior to ...
CVE ID :CVE-2026-42207 Published : May 15, 2026, 5:16 p.m. | 1 hour, 35 minutes ago Description :Magento Long Term Support (LTS) is an unofficial, community-driven project provides an altern...
CVE ID :CVE-2026-42458 Published : May 15, 2026, 5:16 p.m. | 1 hour, 35 minutes ago Description :Magento Long Term Support (LTS) is an unofficial, community-driven project provides an altern...
CVE ID :CVE-2026-42155 Published : May 15, 2026, 5:16 p.m. | 1 hour, 35 minutes ago Description :Magento Long Term Support (LTS) is an unofficial, community-driven project provides an altern...
CVE ID :CVE-2026-41181 Published : May 15, 2026, 5:16 p.m. | 1 hour, 35 minutes ago Description :Traefik is an HTTP reverse proxy and load balancer. Prior to 2.11.44, 3.6.15, and 3.7.0-rc.3,...
CVE ID :CVE-2026-41258 Published : May 15, 2026, 5:16 p.m. | 1 hour, 35 minutes ago Description :OpenMRS is an open source electronic medical record system platform. From 2.7.0 to before 2.7...
CVE ID :CVE-2026-23695 Published : May 15, 2026, 5:16 p.m. | 1 hour, 35 minutes ago Description :Cockpit CMS through version 2.14.0, patched in commit 72a83fc, contains a stored cross-site s...
Hackers have injected credential-stealing malware into newly published versions of node-ipc, a popular inter-process communication package, in a new supply chain attack targeting npm. [...]
The Russian state-sponsored hacking group known as Turla has transformed its custom backdoor Kazuar into a modular peer-to-peer (P2P) botnet that's engineered for stealth and persistent ac...
Hackers are hiding XWorm malware in PyInstaller files to bypass Windows security, steal data and remotely control devices through ads.
CVE ID :CVE-2026-46508 Published : May 15, 2026, 4:16 p.m. | 2 hours, 35 minutes ago Description :Turborepo is a high-performance build system for JavaScript and TypeScript codebases. Prior ...
CVE ID :CVE-2026-45803 Published : May 15, 2026, 4:16 p.m. | 2 hours, 35 minutes ago Description :`gh` is GitHub’s official command line tool. From 1.6.0 to before 2.92.0, a security vulnera...
CVE ID :CVE-2026-45773 Published : May 15, 2026, 4:16 p.m. | 2 hours, 35 minutes ago Description :Turborepo is a high-performance build system for JavaScript and TypeScript codebases. Prior ...
CVE ID :CVE-2026-35194 Published : May 15, 2026, 4:16 p.m. | 1 hour ago Description :Code injection in SQL code generation in Apache Flink 1.15.0 through 1.20.x and 2.0.0 through 2.x allows ...
CVE ID :CVE-2026-2031 Published : May 15, 2026, 4:16 p.m. | 1 hour ago Description :An Improper Access Control vulnerability in several internal API endpoints for Google Cloud Application In...
CVE ID :CVE-2026-45772 Published : May 15, 2026, 4:16 p.m. | 2 hours, 35 minutes ago Description :Turborepo is a high-performance build system for JavaScript and TypeScript codebases. From 1...
今日暂未更新资讯~更多最新文章,请访问SecWiki
Two vulnerabilities in the Avada Builder plugin for WordPress, with an estimated one million active installations, allow hackers to read arbitrary files and extract sensitive information from the data...
В Берлине стартовало соревнование Pwn2Own Berlin 2026, посвященное взлому корпоративных технологий и ИИ. В первый день исследователи заработали 523 000 долларов США, продемонстрировав 24 уникальных 0-...
A critical security flaw discovered in Android 16 allows malicious apps to leak a user’s real IP address even when “Always-On VPN” and “Block connections without VPN” are...
CVE ID :CVE-2026-8669 Published : May 15, 2026, 3:16 p.m. | 1 hour, 34 minutes ago Description :Imager versions through 1.030 for Perl allow a heap out of bounds (OOB) write on crafted multi...
CVE ID :CVE-2026-46483 Published : May 15, 2026, 3:16 p.m. | 1 hour, 34 minutes ago Description :Vim is an open source, command line text editor. Prior to 9.2.0479, a command injection vulne...
CVE ID :CVE-2026-45736 Published : May 15, 2026, 3:16 p.m. | 1 hour, 34 minutes ago Description :ws is an open source WebSocket client and server for Node.js. Prior to 8.20.1, the websocket....
CVE ID :CVE-2026-39054 Published : May 15, 2026, 3:16 p.m. | 1 hour, 34 minutes ago Description :Oinone Pamirs 7.0.0 contains a command injection vulnerability in CommandHelper.executeComman...
CVE ID :CVE-2026-38728 Published : May 15, 2026, 3:16 p.m. | 1 hour, 34 minutes ago Description :An issue in Nodemailer smtp_server before v.3.18.3 allows a remote attacker to cause a denial...
CVE ID :CVE-2026-34253 Published : May 15, 2026, 3:16 p.m. | 1 hour, 34 minutes ago Description :A buffer underflow vulnerability has been identified in the ogg123 utility from the vorbis-to...
CVE ID :CVE-2025-67437 Published : May 15, 2026, 3:16 p.m. | 1 hour, 34 minutes ago Description :Medical Management System a81df1ce700a9662cb136b27af47f4cbde64156b is vulnerable to Insecure ...
CVE ID :CVE-2025-14972 Published : May 15, 2026, 3:16 p.m. | 1 hour, 34 minutes ago Description :* Countermeasures for DPA within SYMCRYPTO engine on SixG301xxx devices are not sufficiently...
在这个版块中看到有人发了个【广州市】中考志愿模拟填报判定录取工具 V2026,刚好我也有朋友需要,广州的这个不太适合我们这里,并且没有源码,下载下来的表格没有表头,搞不清楚里面的含义,于时我自己试着写了一个html ...
22 мая 2026 года в Москве состоится бесплатная конференция «Периметр», посвященная наступательной информационной безопасности и ориентированная на тех, кто привык не только читать отчеты, но и писать ...
写了一个玩具 [GDI绘制时钟] 没啥介绍的 ,就是个玩具 娱乐娱乐就行 对了,那个GDI绘制模块 好像可以写透视外挂[反正我不知道怎么写外挂,求教] 源码及下载:https://www.lanzoux.com/iFY9t3pj893i
Other noteworthy stories that might have slipped under the radar: Nvidia cloud gaming data breach, Android 17 security upgrades, FBI warning after ShinyHunters hacks Canvas. The post In Other News: Bi...
Microsoft is updating the Edge web browser to ensure it no longer loads saved passwords into process memory in clear text at startup after previously stating it was "by design." [...]
[md] # LUKS 全盘解密实战笔记:内存提取主密钥 + 离线挂载 > **免责声明**:本文仅供学习计算机取证与安全防御技术,请勿用于非法用途。理解 LUKS 的弱点,才能更好地设计防御措施(如使用 TPM、避免内存长时间存 ...
Rome, Italy, 15th May 2026, CyberNewswire RaccoonLine Publishes Analysis of VPN Data Disclosure Risks and the Shift Toward Decentralized Routing on Latest Hacking News | Cyber Security News, Hacking T...
A new Gremlin stealer variant has evolved into a modular toolkit with advanced evasion and data theft capabilities, according to new Unit 42 research
CVE ID :CVE-2026-46333 Published : May 15, 2026, 2:16 p.m. | 58 minutes ago Description :In the Linux kernel, the following vulnerability has been resolved: ptrace: slightly saner 'get_dump...
The threat group behind the attacks is also linked to a series of recently disclosed vulnerabilities in the vendor’s firewalls and SD-WAN systems. The post Cisco zero-day under ongoing attack by persi...
Stolen browser sessions and authentication tokens are becoming more valuable than stolen passwords. Flare explains how the REMUS infostealer evolved around session theft and operational scalability. [...
We're updating our bug bounty program standards to prioritize quality submissions, clarify shared responsibility boundaries, and evolve how we reward low-risk findings. The post Raising the bar: Quali...
Serial number: AV26-473Date: May 15, 2026 On May 14, 2026, Microsoft published a security advisory to address a critical vulnerability in the following products: Microsoft Exchange Server 2016 on p...
A newly disclosed vulnerability in VMware Fusion is raising alarms across the cybersecurity community, as it allows attackers to escalate privileges to root on affected systems, effectively granting f...
Cybersecurity researchers have disclosed a set of four security flaws in OpenClaw that could be chained to achieve data theft, privilege escalation, and persistence. The vulnerabilities, collectiv...
Для подписчиковСокрытие процессов — классическая задача для малвари. Обычно это территория руткитов: LKM-модули, перехват syscall-таблицы, подмена обработчиков в /proc. Все это требует загрузки кода в...
麻烦帮忙下载一个优 酷视频,不是VIP,就是正常视频,可以正常播放完,浏览器扩展上下载不太方便(我不会合并),应该是M3U8类,需要完整视频,然后给个网盘链接我(最好是百度网盘),谢谢! 视频网址:https://v.youku.com/v_show/id_XMzYxMjA1MTg1Ng==.html?
Gunra ransomware is rapidly evolving into a more structured and dangerous cybercrime operation after shifting from a Conti-based locker to its own Ransomware-as-a-Service (RaaS) model. First discovere...
CVE ID :CVE-2026-7182 Published : May 15, 2026, 1:16 p.m. | 1 hour, 59 minutes ago Description :Diagram's export module is vulnerable to Path Traversal in src attribute due to lack of HTML s...
CVE ID :CVE-2026-41553 Published : May 15, 2026, 1:16 p.m. | 1 hour, 59 minutes ago Description :PDF Export Module used in DHTMLX's products Gantt and Scheduler is vulnerable to Remote Code ...
Cisco released a patch for the vulnerability on Thursday, writing in an advisory that it could “allow an unauthenticated, remote attacker to bypass authentication and obtain administrative privileges ...
Google Project Zero researchers have uncovered a full zero-click exploit chain targeting Pixel 10 devices, demonstrating how a remote audio decoding bug can escalate all the way to complete kernel con...
Number: AL26-012Date: May 15, 2026 Audience This Alert is intended for IT professionals and managers. Purpose An Alert is used to raise awareness of a recently identified cyber threat that may imp...
Learn how adversaries weaponize CI/CD pipelines and how continuous behavioral monitoring helps protect against software supply chain attacks.
Police dismantle dark web markets, threat actors weaponize AI for zero-day exploits, and ShinyHunters extorts an edutech giant via XSS flaws.
VMware Workstation Pro 26H1 25388281 简体中文汉化版&简体中文语言包 官方版本下载(英文版 // 26H1) https://files06.tchspt.com/down/VMware-Workstation-Full-26H1-25388281.exe 官方英文版极速云下载链 ...
A high-severity authentication bypass in PraisonAI is drawing urgent attention after security researchers observed active exploitation attempts within hours of public disclosure a stark reminder of ho...
A newly disclosed vulnerability in VMware Fusion has raised serious security concerns after researchers confirmed it could allow attackers to escalate privileges to root on affected systems. The flaw,...
2025年旧版已经失效,原因为官方检测到窗口被关闭或者隐藏直接会退出,此版本解决了这个问题,支持最新版。 免CB下载:https://wwbhp.lanzoul.com/iBTvF3pitvmj
The JDownloader website was compromised and installer download links served malware for several days.
Google has updated Context-Aware Access (CAA) in Google Workspace to introduce a default policy assignment for SAML applications. SAML applications are third-party or internal applications that use th...
Cisco has patched yet another Catalyst SD-WAN Controller authentication bypass vulnerability (CVE-2026-20182) that has been exploited as a zero-day by “a highly sophisticated cyber threat actor&...
Shai-Hulud is a major cybersecurity threat targeting the open-source software supply chain. Security researchers are raising alarms over “Shai-Hulud,” a self-propagating npm worm designed to steal sen...
The zero-day vulnerability affects on-premises installations for all versions of Exchange Server 2016, 2019 and Subscription Edition
WhatsApp now offers disappearing AI chats Meta says it cannot read. While Instagram just removed the feature that stopped Meta reading your messages.
Исследователи из компании DepthFirst AI обнаружили в NGINX критическую уязвимость CVE-2026-42945, набравшую 9,2 балла по шкале CVSS. Проблема затрагивает все версии NGINX от 0.6.27 до 1.30.0 и существ...
Microsoft is introducing a new capability that will allow it to remotely roll back problematic Windows drivers delivered through Windows Update. [...]
Top ethical hackers wasted no time breaking into modern software and AI platforms at Pwn2Own Berlin 2026, exposing critical zero-day vulnerabilities across Microsoft Edge, Windows 11, LiteLLM, and NVI...
CVE ID :CVE-2026-8503 Published : May 15, 2026, 12:17 p.m. | 2 hours, 58 minutes ago Description :Apache::Session::Generate::SHA256 versions before 1.3.19 for Perl create insecure session id...
CVE ID :CVE-2026-8454 Published : May 15, 2026, 12:17 p.m. | 57 minutes ago Description :Imager::File::GIF versions through 1.002 for Perl allow a heap out of bounds (OOB) write on crafted m...
A powerful zero-click exploit chain for the Pixel 10 that can take an attacker from a remote Dolby decoding bug to full kernel control through a single vulnerable video processing driver. The work sho...
Hackers are rapidly weaponizing a little-known Microsoft authentication feature to hijack enterprise accounts, as device code phishing surges across the threat landscape. The spike in activity is clos...
Microsoft has shared mitigations for CVE-2026-42897 until a permanent patch can be released for affected Exchange Server versions. The post Microsoft Warns of Exchange Server Zero-Day Exploited in the...
When it comes to using agentic AI, make sure you can walk before you run.
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2026-42897 Microsoft Exchange Server Cross-Site Scripting Vuln...
Robert "RSnake" Hansen, Katie Moussouris, Rich Mogull, Richard Stiennon, and Bruce Schneier reflect on how their favorite columns penned for Dark Reading over the past 20 years have stood the test of ...
Microsoft: rilevato sfruttamento attivo della CVE-2026-41615 Agenzia per la Cybersicurezza Nazionale - ACN
A high-severity vulnerability in PraisonAI is drawing urgent attention after security researchers observed exploitation attempts within hours of public disclosure. The flaw, tracked as CVE-2026-44338 ...
CERT Polska has received a report about 3 vulnerabilities (CVE-2026-7182, CVE-2026-41552 and CVE-2026-41553) found in DHTMLX software.
Microsoft mitigation may bork inline images, calendar printing while admins wait for a proper patch
Amazon Redshift users are facing a serious security risk after researchers uncovered a high-severity vulnerability that could allow attackers to execute arbitrary code on affected systems. The flaw, t...
《人工桌面》是上海米哈游旗下的一款动态桌面软件,以高人气的虚拟偶像“yoyo鹿鸣”为核心。通过实时渲染技术,将高精度的3D角色带到你的电脑或手机桌面。 核心亮点: 极致画质 采用UE4引擎,画质媲美预渲染CG, ...
Rapido has driven its growth by enabling ride-hailing for lower-cost and more flexible modes of transport such as motorbikes and autorickshaws.
Каждый спринт мы экспортируем JSON из Kibana, листаем сотни записей и говорим себе, что потом превратим их в тест-кейсы, но потом никогда не наступает.Логи содержат реальные API-вызовы. Настоящие endp...
Привет, Хабр! Находясь на конференции UserGate Conf, я думал: а с кем бы поговорить на тему современных киберугроз и построения эффективной защиты. Поэтому выбор пал на человека, кто каждый день сталк...
Akamai has entered into a definitive agreement to acquire LayerX, a provider of browser-based AI usage control and secure enterprise browser (SEB) technology. LayerX’s solutions will extend Akamai’s p...
Denna vecka vill vi tipsa om att vi har publicerat enkla och korta ”Tabletop”-övningar för hantering av utpressningsangrepp, överbelastningsangrepp och nätfiske. Du hittar övningarna här: https://www....
A wave of critical security flaws in cPanel & WHM is putting millions of hosted websites at risk, and at least one vulnerability is already being weaponized in the wild before patches were even releas...
The non-bank lender discovered a ransomware attack nearly one year ago, but only recently completed its investigation. The post American Lending Center Data Breach Affects 123,000 Individuals appeared...
Some AI-based video age-verification checks can be fooled with a fake mustache.
OpenClaw四大漏洞可致数据窃取、权限提升与持久化攻击,速修复!
The budget-friendly Centris 2 ebike can fit the back seat of a car and has narrow handlebars for miles of easy riding—until it needs a recharge, that is.
A customized mid-motor and Shimano's new Cues components are a winning combination.
Here’s how you can hack together a radio transmitter and receiver out of stuff you have at home—and explore the weirdness of wireless.
In Your Biggest Security Risk Isn't Malware — It's What You Already Trust, we made a simple argument: the most dangerous activity inside most organizations no longer looks like an attack. It looks lik...
Unrestricted Upload of File with Dangerous Type vulnerability (CVE-2026-44088) has been found in SzafirHost software.
Microsoft ha revelado una nueva vulnerabilidad de seguridad que afecta a las versiones locales de Exchange Server y que, según la compañía, está siendo explotada activamente. La vulnerabilid...
OpenAI has disclosed that two of its employee devices in its corporate environment were impacted via the Mini Shai-Hulud supply chain attack on TanStack, but noted that no user data, production system...
如今钉钉已成为企业日常办公、协同沟通的主流工具,很多用户在钉钉聊天中传输各类办公文件。而对于其中的加密文件,用Read More
Helping a friend recover a stolen phone, Infoblox researchers uncovered a thriving Telegram-based underground marketplace selling unlocking tools and phishing infrastructure used to monetize stolen iP...
Hackers are continuing to abuse a stealthy Linux rootkit known as OrBit to harvest SSH and sudo credentials, with new research showing the threat has quietly evolved over four years while remaining ac...
Google has released a major Chrome security update, fixing 79 vulnerabilities in its Stable channel, including 14 critical flaws that could allow attackers to execute arbitrary code or crash systems. ...
Rilevato sfruttamento di vulnerabilità in prodotti Cisco Agenzia per la Cybersicurezza Nazionale - ACN
ESET uncovered new Ghostwriter (aka FrostyNeighbor) activity targeting Ukrainian government organizations in a campaign active since March 2026. ESET researchers published a new report documenting fre...
A big backyard griddle can change a summer. I made dozens of tacos, burgers, and pancakes to find the best setup.
Hackers are exploiting Outlook calendar invites and device code phishing to steal M365 session tokens, bypass MFA and breach enterprise accounts.
Новая волна атак малвари Shai-Hulud затронула сотни пакетов в npm и PyPI. Хакеры из группировки TeamPCP скомпрометировали популярные проекты, включая TanStack и Mistral AI, встроили в них стилер для к...
"We have no grand plan," says Anthropic's Cat Wu—but that's by design.
Reducing the fee will only have a marginal impact on prices while depriving the government of revenue to maintain roads.
Microsoft has revealed a stealthy intrusion campaign where attackers bypassed traditional malware and exploits, instead abusing trusted enterprise tools to silently infiltrate networks. The technique ...
CVE ID :CVE-2026-41970 Published : May 15, 2026, 10:16 a.m. | 4 hours, 58 minutes ago Description :Out-of-bounds write vulnerability in the distributed file system module. Impact: Successful...
CVE ID :CVE-2026-41966 Published : May 15, 2026, 10:16 a.m. | 4 hours, 58 minutes ago Description :Permission control vulnerability in the smart sensing service. Impact: Successful exploitat...
CVE ID :CVE-2026-41965 Published : May 15, 2026, 10:16 a.m. | 4 hours, 58 minutes ago Description :Use-After-Free (UAF) vulnerability in the web. Impact: Successful exploitation of this vuln...
CVE ID :CVE-2026-41969 Published : May 15, 2026, 10:16 a.m. | 4 hours, 58 minutes ago Description :Permission control vulnerability in the projection module. Impact: Successful exploitation ...
CVE ID :CVE-2026-41971 Published : May 15, 2026, 10:16 a.m. | 4 hours, 58 minutes ago Description :Permission control vulnerability in the security control module. Impact: Successful exploit...
CVE ID :CVE-2026-41968 Published : May 15, 2026, 10:16 a.m. | 4 hours, 58 minutes ago Description :Permission control vulnerability in the manufacturability design module. Impact: Successful...
CVE ID :CVE-2026-41963 Published : May 15, 2026, 10:16 a.m. | 4 hours, 58 minutes ago Description :Stack overflow vulnerability in the media platform. Impact: Successful exploitation of this...
CVE ID :CVE-2026-41961 Published : May 15, 2026, 10:16 a.m. | 4 hours, 58 minutes ago Description :Permission control vulnerability in contacts. Impact: Successful exploitation of this vulne...
CVE ID :CVE-2026-41960 Published : May 15, 2026, 10:16 a.m. | 4 hours, 58 minutes ago Description :Permission control vulnerability in calls. Impact: Successful exploitation of this vulnerab...
每天上班打开企业邮箱,总能看到各类陌生邮件:发票报销、福利补贴、奖金申领、系统通知…… 看着像内部正规消息,实则很多都是伪装到位的钓鱼陷阱。员工稍有不慎点击链接、下载附件,就可能造成信息泄露、财务损失,给企业埋下巨大安全隐患。 很多企业管理者都面临这样的难题:员工防钓鱼意识不足、极易误入钓鱼陷阱,传统安全培训枯燥脱离实际,还没法用数据量化防护效果。为此,CACTER 反钓鱼演练系统(PhishSi...
Attackers stole a limited amount of internal credential material after malware hidden in poisoned packages reached two staff machines
A maximum-severity zero-day vulnerability in Cisco’s Catalyst SD-WAN platform is being actively exploited in the wild, giving attackers full administrative control over enterprise networks, with...
Account Takeover (ATO) attacks are one of the fastest-growing cyber threats targeting businesses and individuals worldwide. Attackers use automated bots, credential stuffing, phishing, and brute force...
Unit 42 analyzes the evolution of Gremlin stealer. This variant uses advanced obfuscation, crypto clipping and session hijacking to compromise data. The post Gremlin Stealer's Evolved Tactics: Hi...
Unit 42 analyzes the evolution of Gremlin stealer. This variant uses advanced obfuscation, crypto clipping and session hijacking to compromise data. The post Gremlin Stealer's Evolved Tactics: Hi...
María de Jesús Estrada Juárez was applying for her green card and thought she was doing everything right. Instead, she was arrested and deported to Mexico.
A critical cross-site scripting (XSS) vulnerability (CVE-2026-42897) in Microsoft Exchange Server is being exploited by attackers, Microsoft warned on Thursday. A permanent fix is still in the works. ...
Привет, Хабр! Меня зовут Данил Зарипов, я эксперт центра безопасности (PT ESC) Positive Technologies. Эту статью мы подготовили вместе с моим коллегой Кириллом Масловым, продуктовым экспертом по напра...
The hacking group is encouraging miscreants to use the code in supply chain attacks, promising monetary rewards. The post TeamPCP Ups the Game, Releases Shai-Hulud Worm’s Source Code appeared first on...
Rocky Linux has introduced a Security Repository that allows the distribution to ship urgent security fixes ahead of upstream Enterprise Linux when public exploit code exists and upstream patches are ...
Представьте: вы запускаете генеративную AI‑фичу в проде. Всё работает как часы. А через месяц получаете иск, потому что ваша модель насоветовала клиентам того, чего не существует в реальных политиках ...
On Thursday, Microsoft shared mitigations for a high-severity Exchange Server vulnerability exploited in attacks that allow threat actors to execute arbitrary code via cross-site scripting (XSS) while...
网安圈最新高危风险:Ghost Bits(幽灵比特)编码绕过 安全检测环节判定为正常字符,后端执行却变为攻击 Read More
CFTC chairman Michael Selig sat down with WIRED to discuss how the agency scours Polymarket and other prediction markets for illegal activity.
2026年5月4日,国际知名研究与咨询机构Gartner®发布Gartner® Magic QuadrantTRead More
CVE ID :CVE-2026-8425 Published : May 15, 2026, 9:16 a.m. | 5 hours, 59 minutes ago Description :The Notify Odoo plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versi...
CVE ID :CVE-2026-7563 Published : May 15, 2026, 9:16 a.m. | 5 hours, 59 minutes ago Description :The Classified Listing – AI-Powered Classified ads & Business Directory Plugin plugin for Wor...
CVE ID :CVE-2026-8398 Published : May 15, 2026, 9:16 a.m. | 5 hours, 59 minutes ago Description :A supply chain attack compromised the official installation packages of DAEMON Tools Lite (Wi...
CVE ID :CVE-2026-7046 Published : May 15, 2026, 9:16 a.m. | 3 hours, 58 minutes ago Description :The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to tim...
CVE ID :CVE-2026-6415 Published : May 15, 2026, 9:16 a.m. | 3 hours, 58 minutes ago Description :The Advanced Custom Fields: Font Awesome plugin for WordPress is vulnerable to Stored Cross-S...
CVE ID :CVE-2026-5229 Published : May 15, 2026, 9:16 a.m. | 3 hours, 58 minutes ago Description :The Form Notify plugin for WordPress is vulnerable to Authentication Bypass in versions up to...
CVE ID :CVE-2026-6403 Published : May 15, 2026, 9:16 a.m. | 1 hour, 32 minutes ago Description :The Quick Playground plugin for WordPress is vulnerable to Path Traversal in versions up to an...
CVE ID :CVE-2026-6228 Published : May 15, 2026, 9:16 a.m. | 3 hours, 58 minutes ago Description :The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to Privilege Escalation i...
CVE ID :CVE-2026-4683 Published : May 15, 2026, 9:16 a.m. | 1 hour, 32 minutes ago Description :The Smartcat Translator for WPML plugin for WordPress is vulnerable to unauthorized modificati...
CVE ID :CVE-2026-44088 Published : May 15, 2026, 9:16 a.m. | 1 hour, 32 minutes ago Description :SzafirHost verifies the signature of the downloaded JAR file using class JarInputStream (read...
За последние несколько недель я отправил довольно много репортов об уязвимостях. Небольшая их часть уже исправлена и раскрыта через бюллетени безопасности. Все они найдены исключительно с помощью LLM,...
PHP is one of the world’s most popular programming languages. The PHP core itself is rarely perceived as an attack surface — attention usually shifts to frameworks and third-party libraries. How...
The world’s top ethical hackers wasted no time breaking into modern software and AI systems on the opening day of Pwn2Own Berlin 2026, exposing critical zero-day vulnerabilities in Microsoft Edge, Win...
这是一个在某个文件夹下计算各种音频视频文件总时长的工具,依赖ffmpeg(ffprobe.exe)程序。 网盘下载1:https://down666.lanzoul.com/b01klakdg 提取码:8gg7 ------旧版网盘下载1:https://down666.lanzoul.co ...