Aggregator

A vulnerability, which was classified as critical, was found in rustdesk-client RustDesk Client up to 1.4.5. This impacts the function hash_password of the file src/client.Rs. Executing a manipulation can lead to authentication bypass by capture-replay. The identification of this vulnerability is CVE-2026-30789. The attack may be launched remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in mlc-ai xgrammar up to 0.1.31. This affects an unknown function. Performing a manipulation results in uncontrolled recursion. This vulnerability was named CVE-2026-25048. The attack may be initiated remotely. There is no available exploit. It is advisable to upgrade the affected component.

A vulnerability classified as problematic was found in rustdesk-client RustDesk Client up to 1.4.5. The impacted element is an unknown function of the file src/hbbs_http/sync.Rs. Such manipulation leads to cleartext transmission of sensitive information. This vulnerability is uniquely identified as CVE-2026-30795. The attack can be launched remotely. No exploit exists.

A vulnerability classified as critical has been found in rustdesk-client RustDesk Client up to 1.4.5. The affected element is an unknown function of the file src/hbbs_http/http_client.Rs. This manipulation causes improper certificate validation. This vulnerability is handled as CVE-2026-30794. The attack can be initiated remotely. There is not any exploit available.

A vulnerability described as critical has been identified in rustdesk-client RustDesk Client up to 1.4.5. Impacted is the function Config::set_options of the file src/hbbs_http/sync.Rs of the component API Message Handler. The manipulation results in violation of secure design principles. This vulnerability is known as CVE-2026-30792. It is possible to launch the attack remotely. No exploit is available.

A vulnerability marked as problematic has been reported in rustdesk-client RustDesk Client up to 1.4.5. This issue affects the function parseRustdeskUri/importConfig in the library flutter/lib/common.Dart of the file hbb_common/src/config.Rs. The manipulation leads to risky cryptographic algorithm. This vulnerability is traded as CVE-2026-30791. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability labeled as problematic has been found in rustdesk-server-pro RustDesk Server Pro up to 1.7.5. This vulnerability affects unknown code of the component Address Book Sync API Module. Executing a manipulation can lead to cleartext transmission of sensitive information. This vulnerability appears as CVE-2026-30796. The attack may be performed from remote. There is no available exploit.

结合自己发现和公开的案例来讲解这十大风险

A vulnerability identified as problematic has been detected in Python-Markdown up to 3.8/3.8.1. This affects the function html.parser.HTMLParser. Performing a manipulation results in denial of service. This vulnerability is reported as CVE-2025-69534. The attack is possible to be carried out remotely. No exploit exists. You should upgrade the affected component.

Привычка загружать файлы без проверки стала слишком рискованной.

Organizations can borrow secure-by-design processes to manage non-technical challenges like governance or the inevitable human error.

A coordinated malware campaign is targeting cryptocurrency and Web3 professionals through a carefully built chain of social engineering, fake venture capital identities, and spoofed video conferencing links. First tracked in early 2026, the operation uses a technique called ClickFix to manipulate victims into running malicious commands on their own machines — making them the unwitting […]

The post ClickFix Campaign Uses Fake VCs on LinkedIn to Deliver Malware to Crypto and Web3 Professionals appeared first on Cyber Security News.

Как эксплойт Coruna превратился в главную загадку кибербезопасности.

Malicious insiders are using misusing AI for nefarious gain, while employees cutting corners also creates risk, warns Mimecast

恶意LLM对话式AI诱使用户泄露个人信息 by 花菜

更多最新文章，请访问SecWiki

在太阳系中，木星是无可争议的行星之王，但在银河系的其它角落，存在着体型比木星还更大的超级木星。发表在《自然天文学》期刊的一项研究利用韦伯太空望远镜观测了距离地球约 130 光年外的 HR 8799 星系。该星系有四颗质量高达木星 5-10 倍的巨型气态行星，它们与母恒星的距离远达 15-70 个天文单位，这在传统行星形成理论中几乎是难以解释的地带。天文学界对于巨大天体的诞生通常有两套剧本：一种是如同木星般由岩石核心缓慢吸积尘埃与气体的「由下而上」模式；另一种则是像恒星一样，由气体云直接因引力坍缩而成的「由上而下」模式。由于 HR 8799 的行星位于物质稀薄的星盘边缘，过去许多专家认为，这些远在天边的巨兽应该是透过引力塌缩直接形成的，因为在那个距离下，传统的核心吸积速度太慢，根本来不及在气体盘消散前拼凑出如此庞大的行星。研究团队利用韦伯望远镜的近红外线光谱仪寻找大气中的「硫」。在行星形成的初期，硫通常被锁在固体的岩石或冰粒中，因此如果在行星大气中发现大量的硫，就代表这颗行星在成长过程中曾经吞噬过大量的固体物质，这强烈暗示它走的是核心吸积路线。研究结果令人惊讶，团队在内侧三颗行星中都发现了硫化氢的踪迹，证实这些质量高达木星 10 倍的巨型行星，其形成方式与木星非常相似，也就是由下而上的核心吸积法。这项发挑战了现有的行星演化模型。