Aggregator

A vulnerability was found in labring FastGPT up to 4.14.7. It has been declared as critical. This issue affects some unknown processing of the file /api/core/app/httpTools/runTool of the component Endpoint. The manipulation results in missing authentication. This vulnerability is reported as CVE-2026-34162. The attack can be launched remotely. No exploit exists. It is recommended to upgrade the affected component.

A vulnerability labeled as critical has been found in Nhost up to 1.40.x. This affects an unknown function. Executing a manipulation can lead to missing authentication. This vulnerability is handled as CVE-2026-34200. It is possible to launch the attack on the local host. There is not any exploit available. The affected component should be upgraded.

Pondurance announced MDR Essentials, MDR Essentials, an MDR service providing an autonomous SOC that reduces the time from threat detection to containment by 90%. Threat actors today use AI to attack at machine-speed, making it difficult for traditional cybersecurity solutions to accurately detect and contain cyber threats before they can become breaches. A recent paper from PwC notes that “in AI-driven SOCs, threats can be blocked in seconds, autonomously.” Pondurance’s MDR Essentials with the Kanati … More →

The post Pondurance MDR Essentials uses autonomous SOC to tackle AI-driven attacks appeared first on Help Net Security.

就是Lazarus，附完整处置方案！

Гелий бросает вызов фундаментальным основам мироздания.

HisModules ERP 系统存在的严重安全缺陷

Bread 靶机渗透测试：利用 ACL/ACE 滥用攻击提权前言Bread 靶机是由 maze-sec 团队开发的 Active Directory (AD) 环境靶场，旨在模拟真实域环境下的权限提升场景。本文记录了从信息收集到域控提权的完整过程，重点聚焦于 Wegia CMS 的 SQL 注入漏洞利用、密码爆破，以及通过 bloodyAD 工具进行的 ACL/ACE 滥用攻击。该靶机强调 AD

Submit #780725 / VDB-354450

Researchers at numerous firms are sounding warnings about the supply-chain attack on an open-source project with 100 million weekly downloads.

The post Attack on axios software developer tool threatens widespread compromises appeared first on CyberScoop.

Submit #780669 / VDB-354449

Submit #780666 / VDB-354448

Submit #780723 / VDB-354447

Submit #780618 / VDB-354446

Submit #780617 / VDB-354445

Submit #780615 / VDB-354444

本文旨在研究 PDF 解析器 Xpdf 中的深度递归漏洞（CVE-2019-13288）。通过使用 AFL++ 模糊测试工具对 Xpdf 3.02 进行压力测试，成功捕获了由于畸形 PDF 文件引起的拒绝服务（DoS）崩溃

Submit #780614 / VDB-354443

Submit #780613 / VDB-354442

Submit #780607 / VDB-354441

A high-severity security flaw in the TrueConf client video conferencing software has been exploited in the wild as a zero-day as part of a campaign targeting government entities in Southeast Asia dubbed TrueChaos. The vulnerability in question is CVE-2026-3502 (CVSS score: 7.8), a lack of integrity check when fetching application update code, allowing an attacker to distribute a tampered update,