Aggregator

New Agency Focuses on Public Programs, Ignores Private Sector Fraud
Citing recent high-profile arrests of fraud rings in Minnesota, President Donald Trump announced the creation of National Fraud Enforcement division in the Department of Justice. Sounds nice, but will it make a difference without deeper coordination with banks, payment platforms and businesses?

Joint US, UK and Five Eyes Guidance Flags OT Exposure as National Risk
U.S. and allied cyber agencies issued new guidance warning that insecure operational technology connectivity - driven by remote access, third-party vendors and IT integration - remains a major threat vector, enabling cyber intrusions to escalate into physical disruptions.

Also, Venezuela Cyberattack, Endesa Confirms Breach and Telegram IP Leak
This week, a software flaw caused the Verizon outage. U.S. cyberattack in Venezuela. ICE identities published online. BreachForums users leaked. Spanish energy provider Endesa data breach. Telegram privacy risk. A MuddyWater upgrade. Dutch man sentenced for hacking a maritime port. A ServiceNow patch.

Funding at $1.2B Valuation to Propel Federal Market Entry and R&D in GenAI
Torq secured $140 million in Series D funding at a $1.2 billion valuation to expand its generative AI-powered security operations platform. With backing from Merlin Ventures, Torq will grow internationally, deepen AI research and pursue U.S. federal opportunities including FedRAMP certification.

Forrester's Sandy Carielli on Quantum Readiness, Key Steps for Successful Migration
Quantum security migrations are multi-year, cross-functional projects that touch product, infrastructure and supply chains. While the scope of migration can be daunting, CIOs can follow several practical steps to make the project more manageable, said Forrester's Sandy Carielli.

、

A vulnerability identified as critical has been detected in Linux Kernel up to 6.6.119/6.12.63/6.18.2. This affects the function f2fs_put_super. The manipulation leads to improper update of reference count. This vulnerability is listed as CVE-2025-71107. The attack must be carried out from within the local network. There is no available exploit. You should upgrade the affected component.

A vulnerability classified as critical was found in Linux Kernel up to 6.18.2. This affects the function filesystems_freeze_callback of the component fs. Executing a manipulation can lead to denial of service. This vulnerability appears as CVE-2025-71106. The attacker needs to be present on the local network. There is no available exploit. Upgrading the affected component is advised.

A vulnerability classified as problematic was found in Authlib up to 1.6.4. Affected by this issue is the function decompress of the component Decompression Handler. The manipulation results in resource consumption. This vulnerability is identified as CVE-2025-62706. The attack can be executed remotely. There is not any exploit available. Upgrading the affected component is advised.

A vulnerability was found in modelcontextprotocol python-sdk up to 1.22.x. It has been declared as problematic. The impacted element is an unknown function. Such manipulation leads to insecure default initialization of resource. This vulnerability is listed as CVE-2025-66416. The attack must be carried out locally. There is no available exploit. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Google Chrome. This impacts an unknown function of the component Split View. This manipulation causes improper restriction of rendered ui layers. This vulnerability appears as CVE-2026-0907. The attack may be initiated remotely. There is no available exploit. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in Google Chrome. Affected is an unknown function of the component UI. Such manipulation leads to improper restriction of rendered ui layers. This vulnerability is traded as CVE-2026-0906. The attack may be launched remotely. There is no exploit available. Upgrading the affected component is advised.

A vulnerability marked as critical has been reported in Google Chrome. The impacted element is an unknown function of the component Policy Enforcement Handler. The manipulation leads to improper access controls. This vulnerability is documented as CVE-2026-0905. The attack can be initiated remotely. There is not any exploit available. It is suggested to upgrade the affected component.

A vulnerability marked as critical has been reported in Mozilla Firefox up to 146. This issue affects some unknown processing of the component Messaging System. Performing a manipulation results in sandbox issue. This vulnerability is known as CVE-2026-0881. Remote exploitation of the attack is possible. No exploit is available. It is suggested to upgrade the affected component.

Google has confirmed that it's now possible to change your @gmail.com address. This means that if your current email is [email protected], you can now change it to [email protected]. [...]

银狐黑产组织针对跨境电商从业人员进行钓鱼攻击活动

A vulnerability has been found in NASA CryptoLib up to 1.4.2 and classified as critical. This issue affects some unknown processing of the component Link Security Protocol. This manipulation causes out-of-bounds read. The identification of this vulnerability is CVE-2026-21899. It is possible to initiate the attack remotely. There is no exploit available. The affected component should be upgraded.

A vulnerability identified as problematic has been detected in run-llama llama_index up to 0.11.6. Affected by this issue is the function BGEM3Index.load_from_disk of the file llama_index/indices/managed/bge_m3/base.py. The manipulation leads to deserialization. This vulnerability is uniquely identified as CVE-2024-14021. Local access is required to approach this attack. No exploit exists.