Aggregator

A vulnerability was found in Linux Kernel up to 7.0-rc2. It has been rated as critical. Affected by this vulnerability is the function bcm_tx_setup of the component can. The manipulation leads to improper initialization. This vulnerability is referenced as CVE-2026-23362. The attack needs to be initiated within the local network. No exploit is available. Upgrading the affected component is advised.

A vulnerability categorized as critical has been discovered in Linux Kernel up to 6.12.76/6.18.16/6.19.6/7.0-rc1. Affected by this issue is the function dw_pcie_ep_raise_msix_irq of the component PCI. The manipulation results in privilege escalation. This vulnerability is identified as CVE-2026-23361. The attack can only be performed from the local network. There is not any exploit available. It is advisable to upgrade the affected component.

A vulnerability identified as critical has been detected in Linux Kernel up to 6.12.76/6.18.16/6.19.6/7.0-rc2. This affects the function acpi_lock of the component i2c. This manipulation causes null pointer dereference. This vulnerability is tracked as CVE-2026-23369. The attack is only possible within the local network. No exploit exists. You should upgrade the affected component.

A vulnerability categorized as critical has been discovered in Linux Kernel up to 6.12.76/6.18.16/6.19.6/7.0-rc2. Affected is the function mt7925_mac_write_txwi_80211 of the component wifi. The manipulation results in out-of-bounds read. This vulnerability was named CVE-2026-23363. The attack needs to be approached within the local network. There is no available exploit. It is advisable to upgrade the affected component.

A vulnerability labeled as problematic has been found in Linux Kernel up to 7.0-rc1. Affected by this issue is the function memcmp of the component ksmbd. Such manipulation leads to observable timing discrepancy. This vulnerability is referenced as CVE-2026-23364. The attack needs to be initiated within the local network. No exploit is available. The affected component should be upgraded.

A vulnerability classified as critical has been found in Linux Kernel up to 7.0-rc1. This issue affects some unknown processing of the component USB Endpoint. The manipulation leads to denial of service. This vulnerability is listed as CVE-2026-23365. The attack must be carried out from within the local network. There is no available exploit. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Linux Kernel up to 6.18.16/6.19.6/7.0-rc1. Impacted is the function drm_client_modeset_probe. The manipulation results in null pointer dereference. This vulnerability is cataloged as CVE-2026-23366. The attack must originate from the local network. There is no exploit available. Upgrading the affected component is advised.

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 7.0-rc1. The affected element is the function rtnl_lock. This manipulation causes deadlock. This vulnerability is registered as CVE-2026-23368. The attack requires access to the local network. No exploit is available. It is advisable to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Linux Kernel up to 7.0-rc2. The impacted element is the function set_new_password. Such manipulation leads to missing encryption of sensitive data. This vulnerability is documented as CVE-2026-23370. The attack can be executed remotely. There is not any exploit available. You should upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 7.0-rc1 and classified as critical. This affects the function _next_ns_data of the component wifi. Performing a manipulation results in uninitialized pointer. This vulnerability is reported as CVE-2026-23367. The attacker must have access to the local network to execute the attack. No exploit exists. The affected component should be upgraded.

近日，国家安全部发布一起典型案件。某无人机航拍“发烧友”利用软件非法破解无人机飞行高度和禁飞区限制系统，多次操控无人机在民航航路航线范围内“黑飞”，严重威胁民航安全。

2026年开春，以鲜明“龙虾”形象为标识的开源AI 智能体Open-Claw，从极客与开发者圈层快速破圈走向大众，迅速在数字生态中广泛传播。该智能体突破传统问答式大模型交互范式……

“数据二十条”发布以来，我国数据要素市场蓬勃发展，出现了大量新场景和新实践，需要进一步细化落实数据产权结构性分置制度，更好反映数据要素市场发展的新进展和新特点，及时回应数据要素市场的制度需求。

广大人民群众如发现涉及危害国家安全的可疑线索，可通过12339国家安全机关举报受理电话、网络举报受理平台（www.12339.gov.cn）、国家安全部微信公众号举报受理渠道或者直接向当地国家安全机关进行举报。

在总体国家安全观与构建网络空间命运共同体理念的指引下，中国逐步形成了兼具法律制度、技术体系、产业动能与国际合作的网络安全治理体系，在关键信息基础设施保护、数据安全治理、网络犯罪打击等方面取得一定成效……

Microsoft has pulled a buggy Windows 11 non-security preview update to investigate a known issue that triggers 0x80073712 errors during installation. [...]

Вот почему корпорации все чаще выбирают компьютеры Apple.

A critical SQL injection vulnerability in Fortinet’s FortiClient Endpoint Management Server (EMS), tracked as CVE-2026-21643, is actively being exploited in the wild. Threat actors have been leveraging this flaw in attacks starting four days ago, despite it not yet appearing on the CISA Known Exploited Vulnerabilities catalog. The security flaw affects FortiClient EMS version 7.4.4, […]

The post Critical Fortinet Forticlient EMS Vulnerability Exploited in Attacks appeared first on Cyber Security News.

Как «синтетическое поле» меняет поведение фотонов.

非人类身份激增、无密码认证、监管收紧及市场并购潮，正重新定义CISO的IAM战略。