Aggregator

A vulnerability labeled as critical has been found in Ubbcentral UBB.threads 6.5.1.1. This impacts an unknown function. Executing a manipulation of the argument config[path] can lead to Remote Code Execution. This vulnerability is tracked as CVE-2006-5137. The attack can be launched remotely. Moreover, an exploit is present. The affected component should be upgraded.

Министерство коммерции Китая направило в Еврокомиссию жесткую критику закона о кибербезопасности.

Quorum Cyber report finds higher and further education institutions experienced 63% increase in attacks over a year

Microsoft is set to introduce Efficiency Mode in Microsoft Teams, a performance-enhancing feature designed to improve app responsiveness and meeting quality on hardware-constrained devices. The rollout begins in early May 2026 and is expected to be completed by mid-May 2026, with the feature linked to Microsoft 365 Roadmap ID 560055. Efficiency Mode is a performance-optimized […]

The post Microsoft Teams Rolls Out Efficiency Mode to Optimize Performance on Low-End Devices appeared first on Cyber Security News.

Cybersecurity researchers at Forcepoint uncover new indirect prompt injection attacks that use hidden website code to exploit AI assistants like GitHub Copilot.

Leaked data from RAMP reveals Russia’s ransomware ecosystem, analyzing 1,732 threads, 7,707 users, and 340,000 IP records from the forum. RAMP was not just another dark web forum. It was one of the clearest examples of how ransomware has become an organized marketplace, with sellers, buyers, brokers, and recruiters all playing different roles in the […]

自主安全成为防御体系的新基石。

美国防部网络高官针对美军网络空间态势和能力作证。

默认设计暴露了所有用户数据

A vulnerability was found in PowerDNS Authoritative up to 4.9.13/5.0.3. It has been classified as problematic. This affects an unknown part of the component File Descriptor Handler. Performing a manipulation results in denial of service. This vulnerability is known as CVE-2026-33610. Remote exploitation of the attack is possible. No exploit is available. Upgrading the affected component is recommended.

A vulnerability was found in PowerDNS Authoritative up to 4.9.13/5.0.3. It has been declared as problematic. This vulnerability affects unknown code. Executing a manipulation can lead to ldap injection. This vulnerability is handled as CVE-2026-33609. The attack can be executed remotely. There is not any exploit available. It is recommended to upgrade the affected component.

A vulnerability labeled as problematic has been found in PowerDNS Authoritative up to 4.9.13/5.0.3. This issue affects some unknown processing. The manipulation results in denial of service. This vulnerability is identified as CVE-2026-33608. The attack can be executed remotely. There is not any exploit available. The affected component should be upgraded.

A vulnerability described as critical has been identified in Dell PowerProtect Data Domain up to 7.13.1.60/8.3.1.10/8.6. This affects an unknown part. Such manipulation leads to stack-based buffer overflow. This vulnerability is uniquely identified as CVE-2026-26354. The attack can be launched remotely. No exploit exists.

Web infrastructure platform Vercel has disclosed a significant security incident involving unauthorized access to internal systems, tracing the attack chain back to a compromise of Context.ai, a third-party AI productivity tool used by one of its employees. Vercel first published its security bulletin on April 19, 2026, confirming that an attacker successfully gained a foothold […]

The post Vercel Confirms Security Breach – Set of Customer Account Compromised appeared first on Cyber Security News.

AI靶场安全实战系列：RAG知识源投毒——利用PDF隐藏文字劫持AI客服

A sophisticated cyberattack campaign linked to the well-known threat group Tropic Trooper has recently surfaced, leveraging military-themed document lures to target Chinese-speaking individuals in Taiwan, along with individuals in South Korea and Japan. The campaign was discovered on March 12, 2026, when researchers came across a malicious ZIP archive that set off a multi-stage attack […]

The post New Tropic Trooper Attack Uses Custom Beacon Listener and VS Code Tunnels for Remote Access appeared first on Cyber Security News.

The proof of concept revealed AI-based attacks unfold too fast for human defenders to respond, and that AI evinced more autonomous behavior than expected.

这也是这次攻击事件的关键背景——攻击者并非随机选择目标，而是精准瞄准了 AI/ML 开发者的工具链。

Злоумышленники используют VBE-скрипты и индивидуальные инструменты для каждой жертвы.

源码级Frida，开启上帝视角。