Aggregator

攻击者可利用该漏洞劫持蓝牙音频配件、追踪用户位置并窃听对话。

In this Help Net Security video, James Wickett, CEO of DryRun Security, explains cyber risks many teams underestimate as they add AI to products. He focuses on how fast LLM features are pushed into live applications without limits or guardrails. The video also looks at AI-generated code and why it should not be trusted by default, especially for business logic and access control. Wickett closes by warning about blurred trust boundaries when AI systems can … More →

The post Unbounded AI use can break your systems appeared first on Help Net Security.

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Rocco Calvi (@TecR0c) with TecSecurity' was reported to the affected vendor on: 2026-01-22, 62 days ago. The vendor is given until 2026-05-22 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 8.8 AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Daniel FREDERIC from Fuzzinglabs, Julien COHEN-SCALI from Fuzzinglabs, Patrick VENTUZELO from Fuzzinglabs' was reported to the affected vendor on: 2026-01-22, 62 days ago. The vendor is given until 2026-05-22 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 7.8 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'welpsigh' was reported to the affected vendor on: 2026-01-22, 62 days ago. The vendor is given until 2026-05-22 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 8.8 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Rocco Calvi (@TecR0c) with TecSecurity' was reported to the affected vendor on: 2026-01-22, 62 days ago. The vendor is given until 2026-05-22 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'kimiya' was reported to the affected vendor on: 2026-01-22, 62 days ago. The vendor is given until 2026-04-22 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

パイオニア株式会社が提供する複数の製品のインストーラーにはDLL読み込みに関する脆弱性が存在します。

Cybersecurity company Arctic Wolf has warned of a "new cluster of automated malicious activity" that involves unauthorized firewall configuration changes on Fortinet FortiGate devices. The activity, it said, commenced on January 15, 2026, adding it shares similarities with a December 2025 campaign in which malicious SSO logins on FortiGate appliances were recorded against the admin account from

A vulnerability labeled as problematic has been found in Saleor up to 3.20.107/3.21.42/3.22.26. This affects an unknown function of the component SVG File Handler. The manipulation results in cross site scripting. This vulnerability is known as CVE-2026-23499. It is possible to launch the attack remotely. No exploit is available. The affected component should be upgraded.

Citizen Lab обнаружила следы цифрового шпионажа в телефонах иорданских активистов и журналистов.

Расследование преступлений теперь начнётся прямо в вашем жилом пространстве.

本文探索AI Coding如何赋能恶意代码分析，希望您喜欢！

A vulnerability identified as critical has been detected in OPNsense up to 23.6. This vulnerability affects unknown code of the file diag_backup.php of the component Backup Configuration File Handler. Performing a manipulation results in command injection. This vulnerability is cataloged as CVE-2023-39001. The attack must originate from the local network. There is no exploit available. You should upgrade the affected component.

A vulnerability categorized as critical has been discovered in OPNsense up to 23.6. This affects an unknown function of the file /tmp. The manipulation results in permission issues. This vulnerability is identified as CVE-2023-39003. The attack can only be performed from the local network. There is not any exploit available. It is advisable to upgrade the affected component.

A vulnerability described as problematic has been identified in OPNsense up to 23.6. Affected by this issue is some unknown functionality of the file /ui/diagnostics/log/core/ of the component URL Handler. Executing a manipulation can lead to cross site scripting. This vulnerability is registered as CVE-2023-39000. It is possible to launch the attack remotely. No exploit is available. Upgrading the affected component is recommended.

A vulnerability classified as problematic has been found in OPNsense up to 23.6. This affects an unknown function of the file /system/halt of the component System Halt API. Performing a manipulation results in cross-site request forgery. This vulnerability is cataloged as CVE-2023-38999. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability marked as problematic has been reported in OPNsense up to 23.6. Affected by this vulnerability is an unknown functionality of the component Login Page. Performing a manipulation results in open redirect. This vulnerability is cataloged as CVE-2023-38998. The attack must originate from the local network. There is no exploit available. It is suggested to upgrade the affected component.

Сеть рекламных «пушей» собирала детальные технические данные пользователей в 60 странах мира.

Attackers continue to rely on domain names as an entry point into enterprise systems. A CSC domain security study finds that large organizations leave this part of their attack surface underprotected, even as attacks become more frequent. The research examined the Forbes Global 2000 and compared them with the world’s top 100 privately held unicorn companies. Domain security adoption: 100 unicorns vs Global 2000 (Source: CSC) Domains sit outside standard security controls Domains operate outside … More →

The post The internet’s oldest trust mechanism is still one of its weakest links appeared first on Help Net Security.