Aggregator

Томас Левенсон показывает, что доводы против вакцин почти не изменились со времен оспы, хотя на стороне прививок теперь микробиология, иммунология и огромная статистика.

A vulnerability, which was classified as critical, was found in OFFIS DCMTK 3.7.0. This affects the function DcmQueryRetrieveIndexDatabaseHandle::deleteOldestImages of the file dcmqrdb/libsrc/dcmqrdbi.cc of the component dcmqrscp. Executing a manipulation can lead to heap-based buffer overflow. The identification of this vulnerability is CVE-2026-10194. The attack may be launched remotely. There is no exploit available. A patch should be applied to remediate this issue.

Коллаборация IceCube отвергла старую схему с одной степенной зависимостью и нашла заметный перелом около 30 ТэВ.

Submit #821029 / VDB-367475

A vulnerability, which was classified as critical, has been found in OFCMS up to 1.1.3. The impacted element is the function Query of the file ofcms-admin\src\main\java\com\ofsoft\cms\admin\controller\ComnController.java of the component ComnController. Performing a manipulation of the argument system.user.query results in sql injection. This vulnerability was named CVE-2026-10193. The attack may be initiated remotely. In addition, an exploit is available. The project was informed of the problem early through an issue report but has not responded yet.

Palo Alto Networks is warning that hackers are now exploiting a PAN-OS GlobalProtect authentication bypass flaw, tracked as CVE-2026-0257, in attacks attempting to breach corporate networks. [...]

Name: Hackअस्त्र (an Hackअस्त्र CTF Qualifiers event.)
Date: May 29, 2026, 10:15 a.m. — 30 May 2026, 17:15 UTC  [add to calendar]
Format: Jeopardy
On-line
Offical URL: https://ctf.hackastra.tech/
Rating weight: 25.00
Event organizers: Ethical HCK

Name: HSE CTF 2026 (an HSE CTF event.)
Date: May 30, 2026, 7 a.m. — 30 May 2026, 13:00 UTC  [add to calendar]
Format: Jeopardy
On-site
Location: Moscow, Russia
Offical URL: https://ctf.miem.hse.ru/
Rating weight: 0.00
Event organizers: HSE CTF Crew

Name: Pwn2Play Open CTF (an Pwn2Play Open CTF event.)
Date: May 30, 2026, 9 a.m. — 30 May 2026, 18:00 UTC  [add to calendar]
Format: Jeopardy
On-line
Location: DMU Leicester & Online
Offical URL: https://pwn2play.biterra.co/
Rating weight: 0
Event organizers: DMUHackers26

Submit #820665 / VDB-367474

Submit #820133 / VDB-367468

Fake Anthropic websites are being used to target Claude Code users with a fileless infostealer campaign that steals browser credentials and evades detection.

В цепочке хватило одного слабого места, чтобы защита превратилась в проблему для всей сети.

A vulnerability classified as critical was found in Tenda W12 3.0.0.7(4763). The affected element is the function set_local_time_0 of the file /bin/httpd. Such manipulation of the argument Time leads to stack-based buffer overflow. This vulnerability is uniquely identified as CVE-2026-10192. The attack can be launched remotely. Moreover, an exploit is present.

A vulnerability classified as critical has been found in Tenda W12 3.0.0.7(4763). Impacted is the function cgiWifiMacFilterSet of the file /bin/httpd. This manipulation of the argument wifiMacFilterSet.macList.mac causes stack-based buffer overflow. This vulnerability is handled as CVE-2026-10191. The attack can be initiated remotely. Additionally, an exploit exists.

A vulnerability described as problematic has been identified in Tenda W12 3.0.0.7(4763). This issue affects the function cgiSysWebTimeoutSet of the file /bin/httpd of the component Web Management Interface. The manipulation of the argument web_over_time results in denial of service. This vulnerability is known as CVE-2026-10190. It is possible to launch the attack remotely. Furthermore, an exploit is available.