Aggregator

A CVSS score 3.3 AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N severity vulnerability discovered by 'Michael DePlante (@izobashi) of TrendAI Zero Day Initiative' was reported to the affected vendor on: 2026-02-19, 49 days ago. The vendor is given until 2026-06-19 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

好，我现在要帮用户总结这篇文章的内容，控制在100字以内。首先，我需要仔细阅读文章，抓住主要信息点。 文章讲的是Meta计划推出一款AI智能手表，代号Malibu 2，预计今年晚些时候发布。同时，他们还会升级Meta雷朋Display智能眼镜。之前Meta在2022年因为技术问题和成本削减取消了智能手表项目，现在重新启动了这个计划。此外，混合现实眼镜Phoenix被推迟到2027年发布。 接下来，我需要把这些信息浓缩到100字以内。要注意不要使用“文章内容总结”之类的开头词，直接描述内容。 可能的结构是：Meta计划推出AI智能手表Malibu 2和升级版智能眼镜，这是他们时隔四年重新进入可穿戴设备市场。之前因技术问题取消了项目，现在重启，并推迟了另一款产品的时间。 这样应该能涵盖所有关键点，并且简洁明了。 Meta计划推出AI智能手表Malibu 2和升级版智能眼镜，时隔四年重返可穿戴设备市场。此前因技术难题取消智能手表项目。混合现实眼镜Phoenix推迟至2027年发布。

嗯，用户让我帮忙总结一下这篇文章的内容，控制在一百个字以内，而且不需要用“文章内容总结”或者“这篇文章”这样的开头，直接写描述。好的，我先看看文章的主要内容。 文章看起来是少数派编辑部的成员们分享他们最近购买的新产品和使用体验。比如@Lotta买了OPPO Find X9手机，详细介绍了她的购机选择和对手机功能的满意之处。@樱桃小丸子买了点心礼盒，觉得包装精美，点心也不错。@什么陈买了一个优衣库的蓬松挎包，适合通勤用。@一只索狗买了一个艾达普触摸手指机器人，用来远程控制家里的电器。 所以，总结起来就是编辑们分享了各自的新玩意及其体验。我需要把这些信息浓缩到100字以内，并且直接描述内容。 可能会这样写：“少数派编辑部分享了近期购买的新产品及使用体验，包括OPPO Find X9手机、樱桃小丸子点心礼盒、优衣库蓬松挎包和艾达普触摸手指机器人等。”这样既涵盖了主要内容，又符合字数限制。 少数派编辑部分享了近期购买的新产品及使用体验，包括OPPO Find X9手机、樱桃小丸子点心礼盒、优衣库蓬松挎包和艾达普触摸手指机器人等。

A vulnerability described as problematic has been identified in Media Library Folders Plugin up to 8.3.6 on WordPress. Affected by this vulnerability is the function delete_maxgalleria_media of the component Attachment Handler. Executing a manipulation can lead to improper control of resource identifiers. The identification of this vulnerability is CVE-2026-2312. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as critical has been found in Linux Kernel up to 6.18.7. Affected is an unknown function of the component igc. The manipulation leads to buffer overflow. This vulnerability is uniquely identified as CVE-2026-23122. The attack can only be initiated within the local network. No exploit exists. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Linux Kernel up to 6.18.7. Affected by this issue is the function l2tp_tunnel_del_work of the component l2tp. Such manipulation leads to race condition. This vulnerability is traded as CVE-2026-23120. Access to the local network is required for this attack to succeed. There is no exploit available. Upgrading the affected component is advised.

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 6.18.7. This affects the function mISDN_read/mISDN_poll of the component mISDN. Performing a manipulation results in race condition. This vulnerability is known as CVE-2026-23121. Access to the local network is required for this attack. No exploit is available. It is advisable to upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 6.6.121/6.12.67/6.18.7 and classified as critical. This issue affects the function debugfs_create_str. The manipulation leads to uninitialized pointer. This vulnerability is uniquely identified as CVE-2026-23123. The attack can only be initiated within the local network. No exploit exists. The affected component should be upgraded.

A vulnerability was found in Linux Kernel up to 5.15.198/6.1.161/6.6.121/6.12.67/6.18.7. It has been rated as critical. Affected is the function ndisc_router_discovery of the component ipv6. Performing a manipulation results in race condition. This vulnerability is cataloged as CVE-2026-23124. The attack must originate from the local network. There is no exploit available. Upgrading the affected component is advised.

Debt collection agencies are starting to use automated voice systems and AI-driven messaging to handle consumer calls. These systems help scale outreach, reduce call center staffing demands, and offer 24/7 service. A new study covering 11 European countries found that this shift changes how consumers emotionally experience debt collection, especially around stigma and empathy. The research evaluated consumer reactions to scripted debt collection phone calls involving either a human representative or an AI voice assistant. … More →

The post Consumers feel less judged by AI debt collectors appeared first on Help Net Security.

Физик доказал, что мост Эйнштейна–Розена ведёт не в другую галактику…

A vulnerability classified as problematic has been found in Linux Kernel up to 6.6.92/6.12.30/6.14.8. This issue affects some unknown processing of the component spi-rockchip. The manipulation leads to out-of-bounds read. This vulnerability is traded as CVE-2025-38081. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Linux Kernel up to 6.12.31/6.14.9. Impacted is the function simple_write_to_buffer of the component gpio. The manipulation results in out-of-bounds write. This vulnerability is known as CVE-2025-38082. Access to the local network is required for this attack. No exploit is available. Upgrading the affected component is advised.

A vulnerability was found in Linux Kernel up to 6.14.8. It has been declared as critical. This issue affects the function hfsc_enqueue of the component sch_hfsc. The manipulation results in use after free. This vulnerability is identified as CVE-2025-38000. The attack can only be performed from the local network. There is not any exploit available. It is recommended to upgrade the affected component.

A vulnerability labeled as critical has been found in Linux Kernel up to 5.15.184/6.1.140/6.6.92/6.12.30/6.14.8. Affected by this issue is the function current_password_store. Such manipulation of the argument length leads to buffer overflow. This vulnerability is documented as CVE-2025-38077. The attack requires being on the local network. There is not any exploit available. The affected component should be upgraded.

A vulnerability described as critical has been identified in Linux Kernel up to 6.6.92/6.12.30/6.14.8. This vulnerability affects the function block_sequence. Executing a manipulation can lead to buffer overflow. This vulnerability appears as CVE-2025-38080. The attacker needs to be present on the local network. There is no available exploit. Upgrading the affected component is recommended.

A vulnerability was found in Linux Kernel up to 6.14.8. It has been declared as problematic. This affects the function snd_pcm_format_set_silence of the component ALSA. The manipulation results in improper initialization. This vulnerability is cataloged as CVE-2025-38078. The attack must originate from the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability identified as problematic has been detected in Linux Kernel up to 6.14.8. Affected by this vulnerability is the function free_module of the component alloc_tag. This manipulation causes allocation of resources. This vulnerability is registered as CVE-2025-38076. The attack requires access to the local network. No exploit is available. You should upgrade the affected component.

Полиция и внешние эксперты расследуют проникновение в сеть главного агробанка ЮАР.

Attackers keep getting in, often through the same predictable weak spots: identity systems, third-party access, and poorly secured perimeter devices. A new threat report from Barracuda based on Managed XDR telemetry from 2025 shows that many successful incidents still start with basic access and configuration failures, not advanced malware. The report draws on more than two trillion IT events, nearly 600,000 security alerts, and more than 300,000 protected assets monitored over the year. Barracuda’s SOC … More →

The post Attackers keep finding the same gaps in security programs appeared first on Help Net Security.