Aggregator

A vulnerability was found in Linux Kernel up to 6.12.74/6.18.15/6.19.5. It has been declared as critical. The affected element is an unknown function. Such manipulation leads to injection. This vulnerability is referenced as CVE-2025-71300. The attack needs to be initiated within the local network. No exploit is available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.18.15/6.19.5. It has been classified as critical. Impacted is the function pm_runtime_disable of the file /usr/src/kernel/drivers/clk/clk.c of the component DT Parser. This manipulation causes privilege escalation. The identification of this vulnerability is CVE-2025-71299. The attack needs to be done within the local network. There is no exploit available. Upgrading the affected component is recommended.

A vulnerability was found in Linux Kernel up to 6.19.5 and classified as critical. This issue affects some unknown processing of the component net. The manipulation results in uninitialized pointer. This vulnerability was named CVE-2026-43291. The attack needs to be approached within the local network. There is no available exploit. It is suggested to upgrade the affected component.

Attackers move faster than overwhelmed SOC teams can realistically investigate alerts. Prophet Security breaks down how AI can help analysts investigate alerts faster and focus on real threats. [...]

A vulnerability has been found in Linux Kernel up to 6.18.15/6.19.5 and classified as critical. This vulnerability affects the function hugetlb_acct_memory of the component hugetlb. The manipulation leads to allocation of resources. This vulnerability is uniquely identified as CVE-2026-43286. The attack can only be initiated within the local network. No exploit exists. The affected component should be upgraded.

The hardest part of cybersecurity isn't the technology, it’s the people. Every major breach you’ve read about lately usually starts the same way: one employee, one clever email, and one "Patient Zero" infection. In 2026, hackers are using AI to make these "first clicks" nearly impossible to spot. If a single laptop gets compromised on your watch, do you have a plan to stop it from taking down

Имплант ICVP - шанс заново увидеть мир.

下载管理器 JDownloader 的网站遭到攻击，攻击者在一天多时间里向 Windows 和 Linux 用户推送了恶意程序。JDownloader 团队确认了此次攻击，它立即关闭了网站展开全面调查。调查显示，攻击者于 5 月 6 日专门修改了替代下载页，用未签名的恶意可执行文件替代了所有 Windows 安装程序的替代链接。Linux shell 安装程序也被替换为包含恶意 shell 代码的版本。但主 JDownloader.jar 文件、macOS 安装程序以及 Winget、Flatpak 和 Snap 等软件库中的软件包未受到破坏。

An active malware distribution campaign abusing two prominent AI platforms, Hugging Face and ClawHub, to deliver trojans, cryptominers, and infostealers disguised as legitimate AI tools and agent extensions. The campaign marks a significant evolution in supply chain attacks, shifting from traditional software repositories to trusted AI ecosystems. Within the OpenClaw ecosystem distributed through ClawHub, Acronis […]

The post Hackers Leveraged Hugging Face and ClawHub With 575+ Malicious Skills to Deploy Malware appeared first on Cyber Security News.

天体物理学家 Joseph Dwyer 任职于佛罗里达理工学院前致力于利用 NASA 的卫星研究太阳耀斑，搬到佛罗里达州后他将注意力转向了闪电，他发现闪电仍然是一个未解之谜。他开创了利用研究宇宙射线的仪器研究闪电形成之高能过程的先河。过去几个世纪，物理学家通过实验发现，电场强度达到临界值——大约 300 万伏特/米——空气会被击穿。电场将松散的电子抛向相邻的原子，撞击出更多的电子。就像雪崩，电子雪崩式增加，空气加热至发光。科学家认为闪电是这种现象的规模放大版本。然而到了 20 世纪中期，科学家发现雷暴云层确实存在电场，但电场非常弱，典型的雷暴只有产生击穿所需电场强度的十分之一，迄今测量到的最强雷暴电场强度仅为临界值的三分之一。而根据 NASA 卫星的数据，全球每时每刻都有逾 2000 多场雷暴发生。Dwyer 提出了失控相对论雪崩理论去解释闪电。一个电子与原子碰撞会发生反弹并释放出伽马射线。伽马射线会转化为一个电子及其反物质正电子。云团的电场会将正电子推回雪崩起点附近。它可能会撞击另一个原子，引发另一次雪崩，从而产生更多的伽马射线、更多正电子、更多雪崩，层层叠加启动闪电。

A 12-year-old boy grabbed an eyebrow pencil, drew a moustache on his face, held it up to his screen, and was verified as 15 years old. That single moment, shared by a parent in a UK survey, says more about online age verification than any technical report could. The UK Online Safety Act came into […]

The post Fake Moustache Bypasses Age Verification System Raising Online Safety Act Concerns appeared first on Cyber Security News.

AI 会替代很多任务，也会重组大量岗位，但“劳动份额下降”不等于“劳动需求归零”。真正的问题不是 AI 能不能做人的工作，而是 AI 省下来的钱最终会流向哪里。只要支出仍流向包含人类劳动的服务、体验和关系型商品，人类就不是马。

The ClaudeBleed vulnerability allows hackers to bypass Claude for Chrome guardrails to exfiltrate private Google Drive and Gmail data.

Акустический резонанс вместо таблеток. Как высокочастотные волны разрывают оболочку опасных патогенов.

The group that stole data from Instructure users claims that it will release the data of students from nearly 9,000 education institutions around the country.

The post ShinyHunters claims nearly 9,000 schools affected by Canvas data breach appeared first on CyberScoop.

The attack on the Trellix source code repository disclosed last week has been claimed by the RansomHouse threat group, which leaked a small set of images as proof of the intrusion. [...]

Researchers at Moscow-based cybersecurity firm Kaspersky said they identified overlapping infrastructure and tools used by both groups — including command-and-control systems operating on the same compromised host — suggesting some coordination.

Agentic AI is more popular than ever, but researchers keep finding trivial ways to hijack LLMs for nefarious purposes.

The post Flaw in Claude’s Chrome extension allowed ‘any’ other plugin to hijack victims’ AI appeared first on CyberScoop.

Разработчик опубликовал консольную утилиту для диагностики блокировок РКН.