Aggregator

Теневой рынок столкнулся с неожиданной переменой правил игры.

Cybersecurity and Infrastructure Security (CISA) Acting Director Nick Andersen said the agency has been working closely with industry and sector-based groups on threats from Iran in the past couple of weeks.

A vulnerability identified as critical has been detected in Shinetheme Traveler Plugin 3.2.2/3.2.3/3.2.6/3.2.8 on WordPress. This affects an unknown function. This manipulation causes deserialization. This vulnerability is registered as CVE-2026-25449. Remote exploitation of the attack is possible. No exploit is available. You should upgrade the affected component.

A vulnerability categorized as problematic has been discovered in LibreChat 0.8.1-rc2. The impacted element is an unknown function of the component LibreChat API/RAG API. The manipulation results in incorrect resource transfer. This vulnerability is cataloged as CVE-2026-33265. The attack must be initiated from a local position. There is no exploit available.

A vulnerability was found in OpenText ZENworks Service Desk 25.2/25.3. It has been rated as problematic. The affected element is an unknown function. The manipulation leads to cross site scripting. This vulnerability is listed as CVE-2026-3278. The attack may be initiated remotely. There is no available exploit.

A vulnerability was found in danny-avila LibreChat 0.8.1-rc2. It has been declared as critical. Impacted is an unknown function of the component JWT Secret Handler. Executing a manipulation can lead to improper access controls. This vulnerability is tracked as CVE-2025-41258. The attack is only possible within the local network. No exploit exists.

A ransomware group known as LeakNet has been quietly building a more dangerous attack strategy. Until recently, the group averaged about three victims per month — but new evidence shows it is scaling up fast, adding new tools that most security defenses are not built to catch. LeakNet has introduced two notable additions: a social […]

The post LeakNet Scales Ransomware Operations With ClickFix Lures and Stealthy Deno Loader appeared first on Cyber Security News.

A vulnerability was found in Canonical Juju up to 3.6.18. It has been classified as critical. This issue affects some unknown processing of the component Vault Secrets Back-End. Performing a manipulation results in improper authorization. This vulnerability is identified as CVE-2026-32692. The attack can be initiated remotely. There is not any exploit available. Upgrading the affected component is recommended.

A vulnerability was found in Canonical Juju up to 3.6.18 and classified as very critical. This vulnerability affects unknown code of the component secret-set Tool. Such manipulation leads to incorrect authorization. This vulnerability is referenced as CVE-2026-32693. It is possible to launch the attack remotely. No exploit is available. It is suggested to upgrade the affected component.

A vulnerability has been found in Canonical Juju up to 3.6.18 and classified as problematic. This affects an unknown part. This manipulation causes incorrect ownership assignment. The identification of this vulnerability is CVE-2026-32691. It is possible to initiate the attack remotely. There is no exploit available. The affected component should be upgraded.

A vulnerability, which was classified as problematic, was found in Canonical Juju up to 3.6.18. Affected by this issue is some unknown functionality. The manipulation results in predictable value range from previous values. This vulnerability was named CVE-2026-32694. The attack may be performed from remote. There is no available exploit. You should upgrade the affected component.

ShieldGuard Chrome extension posed as a crypto security tool but stole wallets and drained user data

在科幻电影《火星救援（The Martian）》中，马特·达蒙扮演的宇航员 Mark Watney 因意外被孤身一人留在火星，他随后在堆肥的帮助下通过种植马铃薯生存了下来。根据发表在 bioRxiv 平台上的一项研究，研究人员报告他们在类似月球的土壤中成功种植了马铃薯，和《火星救援》类似，类月球土壤也需要大量堆肥。月球风化层缺乏植物生长所需的有机物，俄勒冈州立大学的 David Handy 和同事添加了蚯蚓粪——蚯蚓的有机排泄物。他们发现，添加 5% 蚯蚓粪的混合物能让马铃薯在模拟月球环境的严酷条件下生长。经过近两个月的生长，研究团队收获了马铃薯块茎，将其冷冻干燥并研磨成粉末进行进一步测试。DNA 分析表明，马铃薯压力相关的基因已被激活，其铜和锌含量高于地球土壤种植的马铃薯，人类食用可能有害。但这些马铃薯的营养价值与地球马铃薯相似。

Безопасное соединение с банком оказалось иллюзией.

Refund fraud is now a business, with methods and tutorials sold to exploit return policies for profit. Flare shows how fraudsters turn refunds and chargebacks into a repeatable profit model. [...]

A new exploit kit for iOS devices and delivery framework dubbed "Darksword" has been used to steal a wide range of personal information, including data from cryptocurrency wallet app. [...]

Menlo Security has unveiled the Browser Security Platform, purpose-built to secure the agentic enterprise, where autonomous AI agents will outnumber human employees and the browser has become the operating system for both. Menlo provides unified control plane to apply machine-speed governance and threat prevention to both human and non-human actors, deployed globally on Menlo’s elastic cloud infrastructure. “The next billion web users won’t be human. This isn’t a future prediction; it’s the current reality for … More →

The post Menlo Security delivers unified governance and threat prevention for AI agents and humans appeared first on Help Net Security.