Aggregator

Red Canary's monthly roundup of upcoming security conferences and call for papers (CFP) submission deadlines May 2026

Haaretz《国土报》对报告信号失守：揭秘隐秘监控势力对全球电信网络的系统性渗透 进行了独家审阅，补充了一些新内容。 第一起行动利用了以色列的地理位置技术追踪目标，其流量经过了以色列运营商 019Mobile 和 Partner Communications 的网络。不过这两家以色列公司均否认参与其中。 根据《国土报》获取的信息，数十次独立的追踪请求似乎都经过了 019Mobile 的服务器。 这些请求的特征与合法通信不符，更符合监控行为的特点。 每个移动网络都拥有一个唯一的地址，类似于网站地址，供其他电信公司用于路由通话和数据流量。注册在 019Mobile 名下的地址被用于通过 Partner Communications 的基础设施发送位置追踪请求，而 019Mobile 本身正是依赖 Partner 的网络提供服务。另一条追踪路径则经过了以色列公司 Exelera Telecom，该公司提供云计算和通信服务，拥有一条国际海底光缆。Exelera Telecom 未回应《国土报》的置评请求。 《国土报》获取的内部文件显示，Cognyte 的母公司 Verint 曾向刚果民主共和国的一个政府客户出售过一款名为 SkyLock 的产品。 SkyLock 正是一款基于 SS7 协议的追踪工具，能够利用旧的漫游系统在全球范围内定位设备。这些文件还显示，该公司与泰国、马来西亚、印度尼西亚、越南和刚果的运营商存在商业联系，而这些国家正是第一起追踪行动被发现的部分地区。其中一家运营商泰国 AIS，也在该行动的流量来源中出现。 第二起行动更为复杂，其关联到一家瑞士公司 Fink Telecom Services。这家公司在 2023 年就曾被《国土报》和 Lighthouse Reports 曝光，向包括 Rayzone 在内的以色列监控公司提供基于 SS7 协议的追踪能力。Rayzone 是一家向全球政府机构开发和销售网络情报技术的公司。调查发现，这家瑞士电信公司允许 Rayzone 等公司伪装成蜂窝运营商接入传统移动网络，从而实现对全球用户的追踪。 随着电信基础设施的不断演进，监控公司也在不断升级其技术手段。报告中披露了一种名为 SIMjacking（SIM 卡劫持）的新型追踪技术，该技术利用了 SIM 卡本身的漏洞。 这种方法的工作原理是，向目标手机发送一条隐藏的短信，其中包含一条秘密指令。这条指令会触发 SIM 卡主动传输设备的精确位置。整个过程完全在后台进行，用户不会收到任何通知，也不会在手机上留下任何可见的痕迹。 在 2023 年《国土报》和 Lighthouse Reports 曝光 Fink Telecom Services 的活动时，Fink公司尚未采用这种技术。

Закон требует найти человека за VPN, хотя VPN как раз для этого и нужен.

根据发表在《Nature Communications》期刊上的一项研究，科学家发现常饮用含咖啡因和不含咖啡因的咖啡会影响肠道菌群，从而影响情绪和压力水平。研究人员对比了 31 名常饮用咖啡者和 31 名不喝咖啡者。常饮用咖啡者指的是每天饮用 3-5 杯咖啡的人。实验开始时，咖啡饮用者停止饮用咖啡两周。在此期间，研究人员持续收集生物样本监测心理健康状况。实验期间参与者并不知道自己饮用的是含咖啡因的咖啡还是不含咖啡因的咖啡。一半参与者饮用不含咖啡因的咖啡，另一半饮用普通咖啡。参与者都报告情绪有所改善，这一结果显示即使不含咖啡因咖啡也能改善情绪。研究还发现常饮用咖啡者有更高的埃格特菌属（Eggertella sp.）和短隐杆菌（Cryptobacterium curtum），更多的厚壁菌门（Firmicutes）。只有摄入不含咖啡因的人才表现出学习和记忆力的提升，而只有摄入咖啡因的参与者才体验到焦虑减轻以及注意力和警觉性提高。

A vulnerability identified as problematic has been detected in ILM Informatique jOpenDocument 1.5. The affected element is an unknown function. The manipulation leads to xml external entity reference. This vulnerability is documented as CVE-2026-6501. The attack can be initiated remotely. There is not any exploit available.

A vulnerability categorized as critical has been discovered in 3onedata GW1101-1D -TB-P. Impacted is an unknown function. Executing a manipulation of the argument IP address can lead to os command injection. This vulnerability is registered as CVE-2025-13605. The attack requires access to the local network. No exploit is available. It is advisable to upgrade the affected component.

A malicious npm package impersonating the widely trusted TanStack project was discovered on April 29, 2026, silently stealing developer environment files the moment it was installed. The attacker registered the unscoped “tanstack” package name on npm, dressed it up as a legitimate video player SDK called “TanStackPlayer,” and embedded a credential-harvesting script inside it that […]

The post Malicious Tanstack Package Uses Postinstall Script to Steal Developer Environment Files appeared first on Cyber Security News.

A vulnerability was found in Apache HTTP Server up to 2.4.66. It has been rated as critical. This issue affects some unknown processing of the component Module. Performing a manipulation results in http response splitting. This vulnerability is cataloged as CVE-2026-33523. It is possible to initiate the attack remotely. There is no exploit available. Upgrading the affected component is advised.

Mediaworks confirmed the incident on Friday, warning that “a significant amount of illegally obtained data may have come into the possession of unauthorized persons."

A vulnerability was found in Apache HTTP Server up to 2.4.66. It has been declared as problematic. This vulnerability affects unknown code of the component mod_dav_lock/mod_dav_svn. Such manipulation leads to null pointer dereference. This vulnerability is listed as CVE-2026-29169. The attack may be performed from remote. There is no available exploit. It is recommended to upgrade the affected component.

A vulnerability was found in Apache HTTP Server up to 2.4.66. It has been classified as problematic. This affects an unknown part of the component mod_authn_socache. This manipulation causes null pointer dereference. This vulnerability is tracked as CVE-2026-33007. The attack is possible to be carried out remotely. No exploit exists. Upgrading the affected component is recommended.

A vulnerability was found in Apache HTTP Server up to 2.4.66 and classified as problematic. Affected by this issue is some unknown functionality of the component mod_auth_digest. The manipulation results in observable timing discrepancy. This vulnerability is identified as CVE-2026-33006. The attack can be executed remotely. There is not any exploit available. It is suggested to upgrade the affected component.

A vulnerability has been found in Apache HTTP Server 2.4.66 and classified as critical. Affected by this vulnerability is an unknown functionality of the component HTTP2 Handler. The manipulation leads to double free. This vulnerability is referenced as CVE-2026-23918. Remote exploitation of the attack is possible. No exploit is available. The affected component should be upgraded.

A vulnerability, which was classified as problematic, was found in ILM Informatique OpenConcerto 1.7.5. Affected is an unknown function. Executing a manipulation can lead to incorrect permission assignment. The identification of this vulnerability is CVE-2026-6499. The attack can only be executed locally. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in Assimp 6.0.2. This impacts the function ConvertMeshMultiMaterial of the file FBXConverter.cpp. Performing a manipulation results in denial of service. This vulnerability was named CVE-2025-70069. The attack may be initiated remotely. There is no available exploit.

A vulnerability classified as problematic was found in Pluck CMS up to 4.7.20. This affects the function sanitizePageContent of the file editpage.php. Such manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2026-31205. The attack can be launched remotely. No exploit exists. Upgrading the affected component is advised.

A vulnerability classified as critical has been found in Digium Asterisk up to 1.6.2.0. Impacted is an unknown function of the file main/acl.c. The manipulation of the argument permit leads to improper access controls. This vulnerability is documented as CVE-2010-1224. The attack can be initiated remotely. There is not any exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Apple iPhone OS 3.1. The impacted element is an unknown function of the component HTTP Client. This manipulation causes improper input validation. This vulnerability appears as CVE-2010-1226. The attack may be initiated remotely. In addition, an exploit is available.

A vulnerability categorized as problematic has been discovered in VMware Server 1.0/3.0.3/3.5. The impacted element is an unknown function of the component Console. The manipulation results in cross site scripting. This vulnerability is known as CVE-2010-1137. It is possible to launch the attack remotely. No exploit is available. It is advisable to upgrade the affected component.

A vulnerability identified as problematic has been detected in IBM WebSphere Application Server up to 6.1.0.10. Affected by this issue is some unknown functionality. This manipulation causes credentials management. This vulnerability is tracked as CVE-2010-0769. The attack is possible to be carried out remotely. No exploit exists. You should upgrade the affected component.