Aggregator

A vulnerability classified as critical has been found in QNAP Systems Qsync Central. This vulnerability affects unknown code. The manipulation leads to buffer overflow. This vulnerability is documented as CVE-2025-52870. The attack can be initiated remotely. There is not any exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in QNAP Systems Qsync Central. This issue affects some unknown processing. The manipulation results in null pointer dereference. This vulnerability is reported as CVE-2025-54146. The attack can be launched remotely. No exploit exists. Upgrading the affected component is advised.

A vulnerability marked as very critical has been reported in Fortinet FortiOS up to 7.4.2. This issue affects some unknown processing of the component SSL-VPN. Performing a manipulation results in out-of-bounds write. This vulnerability is reported as CVE-2024-21762. The attack is possible to be carried out remotely. Moreover, an exploit is present. It is suggested to upgrade the affected component.

瑞士研究团队采用部分重编程技术，短暂启动三个关键基因 Oct4、Sox2 和 Klf4（简称 OSK）。此前研究表明，这组因子可在一定程度上逆转细胞老化迹象。他们利用腺相关病毒作为载体，通过精确脑部注射，将标记学习激活神经元的荧光系统和可控开启 OSK 表达的时间开关两个元件送入两大关键脑区——海马体齿状回与内侧前额叶皮层。前者主导近期记忆的形成与提取，后者则负责远期记忆和回忆。结果显示，在老年小鼠中，仅需短暂激活海马体内的印痕神经元 OSK 表达，其记忆表现便恢复至年轻小鼠水平；而靶向前额叶皮层时，几周前形成的遥远记忆也得以重现。

Специалисты Google зафиксировали рост числа попыток кражи «мозгов» ИИ-моделей.

Accel-Led Funding Round Fuels AI-Native Detection and Response
Vega raised $120 million led by Accel to expand its AI-native security operations platform. The funding will boost product development and global go-to-market efforts as enterprises seek faster threat detection, broader analytics and support for complex multi-cloud and on-premises environments.

A vulnerability categorized as problematic has been discovered in Wix Web Application. This vulnerability affects unknown code of the component SVG Image Parser. Executing a manipulation can lead to cross site scripting. This vulnerability is handled as CVE-2026-2276. The attack can be executed remotely. There is not any exploit available.

A vulnerability was found in SolaX Power Pocket WiFi 3.0, Pocket WiFi+LAN, Pocket WiFi+4GM, Pocket WiFi+LAN 2.0 and Pocket WiFi 4.0 prior 3.022.03. It has been rated as problematic. This affects an unknown part of the component Firmware Update Handler. Performing a manipulation results in download of code without integrity check. This vulnerability is known as CVE-2025-15575. The attack may be carried out on the physical device. No exploit is available.

A vulnerability was found in SolaX Power Pocket WiFi 3.0, Pocket WiFi+LAN, Pocket WiFi+4GM, Pocket WiFi+LAN 2.0 and Pocket WiFi 4.0 prior 3.022.03. It has been declared as problematic. Affected by this issue is some unknown functionality of the component Registration Handler. Such manipulation leads to insufficiently random values. This vulnerability is traded as CVE-2025-15574. The attack can be executed directly on the physical device. There is no exploit available.

A vulnerability was found in SolaX Power Pocket WiFi 3.0, Pocket WiFi+LAN, Pocket WiFi+4GM, Pocket WiFi+LAN 2.0 and Pocket WiFi 4.0. It has been classified as critical. Affected by this vulnerability is an unknown functionality of the component MQTT Handler. This manipulation causes improper certificate validation. This vulnerability appears as CVE-2025-15573. The attack may be initiated remotely. There is no available exploit.

根据发表在《Current Biology》期刊上的一项研究，人类和其它动物的总能量消耗受到限制。这种能量支出模型被称为约束模型，约束模型认为人体的总能量预算是有限的，并会努力维持在一个相对稳定的区间内。当我们通过体育锻炼显著增加能量输出时，身体会悄悄减少其他方面的能量开支进行补偿，例如降低基础代谢率、睡眠时代谢率或减少用于细胞修复、免疫等内部生理活动的能量。研究人员认为，约束模型可能源于远古祖先的生存策略：在食物不稳定的时代，过度消耗能量会危及生命，因此身体进化出总能量控制系统，确保总支出稳定在安全区间。这解释了为什么现代人即使每天多跑几公里，体重减轻也往往缓慢。

Google researchers found that government-backed hackers now use AI throughout the whole attack lifecycle

Opus 4.6 показала лучший результат в тесте на выявление скрытых бэкдоров.

Discover the best enterprise SSO providers for EdTech and Education SaaS in 2026, comparing security, scalability, compliance, and integrations.

The post Best Enterprise SSO Providers for EdTech/Education SaaS in 2026 appeared first on Security Boulevard.

Landmark trials now underway allege Meta failed to protect children from sexual exploitation, grooming, and addiction-driven design.

The post Child exploitation, grooming, and social media addiction claims put Meta on trial appeared first on Security Boulevard.

Лицо в мониторе ненастоящее. Голос тоже. А вот потеря денег — реальна.

Threat actors have begun leveraging Google’s Gemini API to dynamically generate C# code for multi-stage malware, evading traditional detection methods. The Google Threat Intelligence Group (GTIG) detailed this in its February 2026 AI Threat Tracker report, spotlighting the HONESTCUE framework first observed in September 2025. HONESTCUE operates as a downloader and launcher that queries Gemini’s […]

The post Google Warns of Hackers Leveraging Gemini AI for All Stages of Cyberattacks appeared first on Cyber Security News.

CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.

• CVE-2024-43468 Microsoft Configuration Manager SQL Injection Vulnerability
• CVE-2025-15556 Notepad++ Download of Code Without Integrity Check Vulnerability
• CVE-2025-40536 SolarWinds Web Help Desk Security Control Bypass Vulnerability
• CVE-2026-20700 Apple Multiple Buffer Overflow Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of KEV Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria. 

A vulnerability was found in WaMate Confirm Plugin up to 2.0.1 on WordPress. It has been declared as problematic. This vulnerability affects unknown code of the component Phone Number Handler. The manipulation results in missing authorization. This vulnerability is cataloged as CVE-2026-1833. The attack may be launched remotely. There is no exploit available.