Aggregator

A critical Telegram flaw could allow zero-click remote code execution on devices, but Telegram denies it. Researcher Michael DePlante (@izobashi) of TrendAI Zero Day disclosed a new Telegram vulnerability through Zero Day Initiative (ZDI). The vulnerability, tracked as ZDI-CAN-30207 (CVSS score of 9.8) allows attackers to execute code on targeted devices without any user interaction. […]

Ozon, Wildberries и «Яндекс» начнут ограничивать доступ пользователям с VPN.

AI SOC agents can reduce alert fatigue, but most teams fail to measure real outcomes. Prophet Security breaks down Gartner's questions for evaluating AI SOC agents and separating real impact from hype. [...]

Lloyds app glitch exposed up to 447,936 customers’ transactions and personal data during update

Как эксперты пугают нас дутыми цифрами

In a statement issued Friday, the Commission said it had detected an incident affecting the Europa.eu web portal, the European Union’s central online platform hosting websites and services for its institutions.

Some weeks are loud. This one was quieter but not in a good way. Long-running operations are finally hitting courtrooms, old attack methods are showing up in new places, and research that stopped being theoretical right around the time defenders stopped paying attention. There's a bit of everything this week. Persistence plays, legal wins, influence ops, and at least one thing that looks boring

百科上的介绍偏重他的作家身份，对他的革命者、建设者身份着墨不多。我则对他的另两重身份很有兴趣。

A vulnerability has been found in ON24 Q&A Chat and classified as problematic. Affected by this vulnerability is an unknown functionality of the file console-survey/api/v1/answer/ of the component History Handler. Performing a manipulation results in authorization bypass. This vulnerability is cataloged as CVE-2026-3321. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in code-projects Online Food Ordering System 1.0. Affected is an unknown function of the file /form/order.php of the component Order Module. Such manipulation of the argument cust_id leads to cross site scripting. This vulnerability is listed as CVE-2026-5157. The attack may be performed from remote. In addition, an exploit is available.

Теневой рынок перестал быть страшилкой — он стал частью цифровой экономики, где ваши данные уже могут лежать в открытом доступе.

Submit #780254 / VDB-207689

Submit #780253 / VDB-207689

Submit #780238 / VDB-199340