Aggregator
Foxit PDF Reader RCE Flaw CVE-2024-30326 Highlights PDF Attack Surface
1 week 2 days ago
A remote code execution vulnerability in Foxit PDF Reader, tracked as CVE-2024-30326, highlights the continued risk of malicious PDF files being used as an initial access vector.
Dark Web Informer
拆解FBI完整溯源黑客组织核心成员的技术链与时间线
1 week 2 days ago
近日美国伊利诺伊北区法院公开了一份更新版刑事起诉书,揭开了知名黑客组织 Scattered Spider 核心
德国华人性侵案成员被判 5 年监禁
1 week 2 days ago
柏林地方法院周三裁定一名 32 岁的原籍中国的男子犯有协助实施三起严重强奸及严重性胁迫罪,并判处该男子总计五年监禁。这名男子是一个交流有关强奸被麻醉女性信息的聊天群组的八名成员之一。该被告(现已获得医学博士学位)在群组内多次就如何麻醉女性提供医学建议。2024 年 1 月 7 日,一名女性在美因河畔法兰克福遭另一名涉案男子强奸。在此前一天,被告在明知对方有强奸意图的情况下,提供了关于麻醉的具体建议,而该男子随后采纳了这些建议。法庭还认定被告在 2020 年和 2021 年期间曾三次性虐待其未婚妻。这些行为发生在北京的一家酒店客房内,受害女性在这些事件中同样处于被麻醉状态。主审法官将这些罪行定性为严重犯罪。他指出,这些行为体现了极端的厌女倾向,因为涉案女性被贬低为满足性欲的客体。
RedWing Android Spyware Sold as a Service on Telegram
1 week 2 days ago
Zimperium found RedWing, an Android spyware sold as a service via Telegram to target banking apps
n8n security advisory (AV26-672)
1 week 2 days ago
Canadian Centre for Cyber Security
Akira
1 week 2 days ago
You must login to view this content
cohenido
Ubiquiti security advisory (AV26-671)
1 week 2 days ago
Canadian Centre for Cyber Security
Работы основателя квантовой теории Макса Планка отозвали спустя 80 лет — но дело не в фальсификации
1 week 2 days ago
Кто сегодня решает, какие научные тексты доживут до читателя?
New HalluSquatting Attack Could Trick AI Coding Assistants Into Installing Botnet Malware
1 week 2 days ago
AI coding assistants have a habit of making things up. Ask one to fetch a popular tool, and it will sometimes hand back a real-sounding name for a project that does not exist.
New research, which its authors call HalluSquatting, turns that habit into an attack: work out the fake names an AI reliably invents, register them first, and wait for the assistant to fetch your trap on a user's
The Hacker News
Ubiquiti Patches Critical UniFi Flaws Across Connect, Talk, Access, Protect, and OS
1 week 2 days ago
Ubiquiti has shipped updates to address multiple critical security flaws impacting UniFi Connect, UniFi Talk, UniFi Access, UniFi Protect, and UniFi OS that could result in privilege escalation and arbitrary command execution.
The list of vulnerabilities is as follows -
CVE-2026-50746 (CVSS score: 10.0) - An improper access control vulnerability in UniFi Connect Application that an attacker
The Hacker News
Астероиды не только убивали динозавров — задолго до этого они создали материки, на которых мы живём
1 week 2 days ago
Тысячи ударов из космоса дали Земле в десять раз больше тепла, чем всё остальное. А потом…
从体脂秤到薄荷健康,蚂蚁阿福的稳扎稳打
1 week 2 days ago
智能硬件+健康 AI 走得通吗?
China-Linked APT Expands Proxy Network With New Malware
1 week 2 days ago
Cisco Talos said China-linked APT UAT-7810 is growing its proxy relay network with new malware
Armored Likho Hits Government, Energy Sectors With BusySnake Stealer
1 week 2 days ago
Kaspersky details how the newly named Armored Likho APT uses BusySnake Stealer, AI-generated loaders, and phishing to target government and energy organizations.
Waqas
Former UK privacy chief preparing legal action against woman who reported him, minister says
1 week 2 days ago
Liz Kendall, the secretary of state for science, innovation and technology, said she was “absolutely appalled” at the findings of “sexual harassment and bullying” made by an independent investigation at the Information Commissioner’s Office (ICO).
CVE-2026-5068 | zephyrproject-rtos Zephyr up to 4.3.0 l2cap.c l2cap_chan_le_recv_seg out-of-bounds write
1 week 2 days ago
A vulnerability was found in zephyrproject-rtos Zephyr up to 4.3.0. It has been rated as critical. Affected is the function l2cap_chan_le_recv_seg of the file subsys/bluetooth/host/l2cap.c. The manipulation leads to out-of-bounds write.
This vulnerability is uniquely identified as CVE-2026-5068. The attack can only be initiated within the local network. No exploit exists.
vuldb.com
CVE-2026-7300 | RTI Connext Professional Web Integration Service buffer overflow
1 week 2 days ago
A vulnerability was found in RTI Connext Professional. It has been classified as critical. Affected by this vulnerability is an unknown functionality of the component Web Integration Service. This manipulation causes buffer overflow.
This vulnerability is tracked as CVE-2026-7300. The attack is possible to be carried out remotely. No exploit exists.
Upgrading the affected component is recommended.
vuldb.com
CVE-2026-53236 | Linux Kernel up to 7.0.12 tcp privilege escalation
1 week 2 days ago
A vulnerability was found in Linux Kernel up to 6.1.175/6.6.142/6.12.93/6.18.35/7.0.12. It has been classified as critical. Impacted is an unknown function of the component tcp. The manipulation leads to privilege escalation.
This vulnerability is listed as CVE-2026-53236. The attack must be carried out from within the local network. There is no available exploit.
Upgrading the affected component is recommended.
vuldb.com
CVE-2026-53237 | Linux Kernel up to 6.6.142/6.12.93/6.18.35/7.0.12 gpio mvebu_pwm_suspend mvpwm null pointer dereference
1 week 2 days ago
A vulnerability was found in Linux Kernel up to 6.6.142/6.12.93/6.18.35/7.0.12. It has been declared as critical. The affected element is the function mvebu_pwm_suspend of the component gpio. The manipulation of the argument mvpwm results in null pointer dereference.
This vulnerability is cataloged as CVE-2026-53237. The attack must originate from the local network. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com