Aggregator

A vulnerability classified as critical was found in WeKan up to 8.20. This affects an unknown function of the file models/attachments.js of the component Attachment Storage. The manipulation results in improper access controls. This vulnerability is cataloged as CVE-2026-1963. The attack may be launched remotely. There is no exploit available. Upgrading the affected component is advised.

A vulnerability classified as critical has been found in WeKan up to 8.20. The impacted element is an unknown function of the file server/attachmentMigration.js of the component Attachment Migration. The manipulation leads to improper access controls. This vulnerability is listed as CVE-2026-1962. The attack may be initiated remotely. There is no available exploit. It is recommended to upgrade the affected component.

GitHub has expanded Agents HQ, enabling AI coding agents such as GitHub Copilot, Claude by Anthropic, and OpenAI Codex to execute development tasks directly within GitHub and developer editors while preserving repository context, session history, and review workflows. Copilot Pro+ and Copilot Enterprise developers can start agent sessions from GitHub, GitHub Mobile, and Visual Studio Code, with support for Copilot CLI expected soon. “We’re bringing Claude into GitHub to meet developers where they are. With … More →

The post GitHub enables multi-agent AI coding inside repository workflows appeared first on Help Net Security.

Submit #742680 / VDB-344486

Submit #742679 / VDB-344267

Submit #742678 / VDB-344485

Submit #742677 / VDB-344484

Permission sprawl is colliding with AI regulations, creating new compliance risks across hybrid and multi-cloud environments.

The post The Compliance Convergence Challenge: Permission Sprawl and AI Regulations in Hybrid Environments appeared first on Security Boulevard.

Securing AI agents can’t fall on customers. Platform providers must own data protection, prompt injection defense and agent guardrails.

The post Securing Agents Isn’t the Customer’s Job, It’s the Platform’s appeared first on Security Boulevard.

Police officers from Poland’s Central Bureau for Combating Cybercrime (CBZC) have arrested a 20-year-old man suspected of carrying out global DDoS attacks targeting high-profile and strategically important websites. Arrest (Source: Poland’s Central Bureau for Combating Cybercrime) The suspect faces six criminal charges, including disrupting IT systems and obtaining specialized software designed to conduct cyberattacks. If convicted, he could be sentenced to up to five years in prison. “The 20-year-old confessed to most of the charges … More →

The post Police shut down global DDoS operation, arrest 20-year-old appeared first on Help Net Security.

速更新

速修复

实战成效显著，360以AI辅助漏洞发现斩获天府杯双项荣誉

Зачем приближать изображение линзами, если можно «раздуть» саму клетку и увидеть всё?

A vulnerability classified as critical has been found in SiYuan up to 3.5.4. Affected by this vulnerability is an unknown functionality of the file /api/file/copyFile of the component File Endpoint. The manipulation of the argument dest leads to path traversal. This vulnerability is traded as CVE-2026-25539. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in devtron-labs devtron up to 2.0.0. It has been declared as critical. The impacted element is an unknown function of the component Attributes API Interface. The manipulation results in missing authorization. This vulnerability is identified as CVE-2026-25538. The attack can be executed remotely. There is not any exploit available. It is best practice to apply a patch to resolve this issue.

A vulnerability identified as problematic has been detected in OpenMage magento-lts up to 20.16.0. This affects an unknown part of the component Admin URL. The manipulation leads to information disclosure. This vulnerability is listed as CVE-2026-25523. The attack may be initiated remotely. There is no available exploit. You should upgrade the affected component.

The elusive Iranian threat group known as Infy (aka Prince of Persia) has evolved its tactics as part of efforts to hide its tracks, even as it readied new command-and-control (C2) infrastructure coinciding with the end of the widespread internet blackout the regime imposed at the start of January 2026. "The threat actor stopped maintaining its C2 servers on January 8 for the first time since we

A fresh wave of spam is hitting inboxes worldwide, with users reporting that they are once again being bombarded by automated emails generated through companies' unsecured Zendesk support systems. Some recipients say they are receiving hundreds of messages with strange or alarming subject lines. such as 'Activate account...' [...]

A vulnerability was found in Linux Kernel up to 6.12.53/6.17.3. It has been declared as critical. The impacted element is the function ioremap_cache of the component kvm. Such manipulation leads to improper initialization. This vulnerability is referenced as CVE-2025-40181. The attack needs to be initiated within the local network. No exploit is available. It is recommended to upgrade the affected component.