Aggregator

A vulnerability labeled as problematic has been found in Open Notebook up to 1.8.2. This vulnerability affects unknown code. Such manipulation leads to permissive cross-domain policy with untrusted domains. This vulnerability is documented as CVE-2026-28201. The attack can be executed remotely. There is not any exploit available.

WatchGuard has released urgent security updates to address multiple high-severity vulnerabilities affecting the WatchGuard Agent on Windows. The most critical of these flaws allows authenticated local attackers to escalate their privileges to the highest system level, granting them complete control over the compromised machine. Additional vulnerabilities discovered in the software include network-based buffer overflows that […]

The post WatchGuard Agent Vulnerabilities Let Attackers Grant Full SYSTEM Privileges on Windows appeared first on Cyber Security News.

A vulnerability identified as problematic has been detected in Ercom Cryptobox up to 4.37.x/4.40.182. This affects an unknown part. This manipulation causes improper handling of insufficient permissions or privileges. This vulnerability is registered as CVE-2026-6805. Remote exploitation of the attack is possible. No exploit is available. You should upgrade the affected component.

A vulnerability categorized as problematic has been discovered in NotebookOpen Notebook up to 1.8.3. Affected by this issue is some unknown functionality of the component Docker Container Handler. The manipulation results in improper neutralization of special elements used in a template engine. This vulnerability is cataloged as CVE-2026-33587. The attack must be initiated from a local position. There is no exploit available.

Five dangerous vulnerabilities in Redis expose Redis Cloud, Redis Software, and all open-source community editions to potential remote code execution, giving authenticated attackers a direct path to compromise affected systems. All require authenticated access to exploit, but successful exploitation can lead to arbitrary code execution, full system compromise, data exfiltration, or service disruption. The advisory, […]

The post Critical Redis Vulnerabilities Enables Remote Code Execution Attacks appeared first on Cyber Security News.

​Genesis AI 发布 GENE-26.5，学会用刀背运菜了。

Palo Alto Networks believes the in-the-wild exploitation of a zero-day vulnerability (CVE-2026-0300) in its firewalls is likely the work of state-sponsored threat actors. A flaw with no patch (yet) CVE-2026-0300 is a buffer overflow vulnerability in the User-ID Authentication Portal service of Palo Alto Networks PAN-OS software, and can be exploited by unauthenticated attackers sending specially crafted packets to internet-facing User-ID Authentication Portals. The flaw affects Palo Alto Networks’ PA-Series and VM-Series firewalls, and the … More →

The post State-sponsored hackers likely behind zero-day attacks on Palo Alto firewalls appeared first on Help Net Security.

A critical zero-day vulnerability in Palo Alto Networks PAN-OS software has been actively exploited by a likely state-sponsored threat actor since at least April 2026, the company revealed in a security advisory published on May 6, 2026. Tracked as CVE-2026-0300, the flaw is a buffer overflow vulnerability residing in the User-ID Authentication Portal, also known […]

The post Palo Alto Networks Firewall Zero-Day RCE Vulnerability Exploited in the Wild Since April appeared first on Cyber Security News.

Outdated maintenance software increases ransomware risk by exposing weak access controls, unpatched systems, and critical operational data to attackers.

Бизнес-боты Telegram теперь у всех, а не только у тех, кто платит Premium.

Bad week. Turns out the easiest way to get hacked in 2026 is still the same old garbage: shady packages, fake apps, forgotten DNS junk, scam ads, and stolen logins getting dumped into Discord channels like it’s normal. Some of these attack chains don’t even feel sophisticated anymore. More like some tired guy with a Telegram account and too much free time. The worst part is how often this stuff

根据 SpaceX 的 IPO 注册申报文件，SpaceX 组合超级投票权、强制仲裁等规则赋予马斯克（Elon Musk）等人广泛的控制权，马斯克拥有几乎不受制约的执行权，还限制了投资者/股东挑战管理层、提起诉讼以及就公司治理问题进行投票的能力，结果是唯一能解雇马斯克的人只有马斯克本人。马斯克目前持有 SpaceX 42.5% 的股权，拥有 83.8% 的投票权，上市后仍将有逾 50% 的投票权。SpaceX 的 IPO 文件属于保密文件，使得该公司可在不披露详细财务信息的情况下推进 IPO 进程。

AI 漏洞挖掘开始交付"工程化结果" 从音频解码到工业 CAD，从车端 CAN 帧到企业 Java 中间件——这一次，AI 红队没有靠"灵感"。

AI 漏洞挖掘开始交付"工程化结果" 从音频解码到工业 CAD，从车端 CAN 帧到企业 Java 中间件——这一次，AI 红队没有靠"灵感"。

AI 漏洞挖掘开始交付"工程化结果" 从音频解码到工业 CAD，从车端 CAN 帧到企业 Java 中间件——这一次，AI 红队没有靠"灵感"。

Четыре группировки дали почти три четверти новых образцов вредоносного ПО.

Palo Alto Networks warned customers that suspected state-sponsored hackers have been exploiting a critical-severity PAN-OS firewall zero-day vulnerability for nearly a month. [...]

Having an incident response retainer, or even a pre-approved external incident response firm, is not the same as being ready for an incident. A retainer means someone will answer the phone. Operational readiness determines whether that team can do meaningful work the moment they do.  That distinction matters far more than many organizations realize. In the first hours of a security incident

慢雾 RWA 智能合约安全审计服务现已推出，欢迎有需求的项目方及相关机构联系我们。

近日，国家信息安全漏洞库（CNNVD）收到关于Palo Alto Networks PAN-OS安全漏洞（CNNVD-202605-766、CVE-2026-0300）情况的报送。