Aggregator

为矿山行业提供稳定、安全的数据传输保障。

PJPROJECT 2.16 - Heap Bufferoverflow

ePati Antikor NGFW 2.0.1301 - Authentication Bypass

Apache HertzBeat 1.8.0 - Remote Code Execution

WordPress Plugin Supsystic Contact Form 1.7.36 - SSTI

2026年6月5日，上海明捷万丽酒店二层宴会厅

Die MetaRheinMainChaosDays (MRMCD) sind eine seit 2004 jährlich stattfindende Konferenz des

This daily article is intended to make it easier for those who want to stay updated with my regular Dark Web Informer and X/Twitter posts.

Two independent studies found that Anthropic's Claude Mythos Preview and OpenAI's GPT-5.5 have outpaced every trend line researchers were tracking. No one is sure if this is a one-time leap or the new normal.

The post Researchers say AI just broke every benchmark for autonomous cyber capability appeared first on CyberScoop.

West Pharmaceutical Services disclosed that it was the target of a cyberattack that resulted in data exfiltration and system encryption. [...]

The committee held a closed briefing Wednesday with company reps, and more oversight is in the works.

The post Closed briefing sets stage for House hearing on Anthropic’s Mythos and cyber risks appeared first on CyberScoop.

Hackers Constantly Break 'Confirmation of Data Destruction' Promises
When a business that stores children's personal data gets hit by data-leaking extortionists, what should it do? For Instructure, which develops online learning platform Canvas, the answer was to pay a ransom, and tell victims, straight-faced, to have "digital confirmation of data destruction."

Malicious npm Package Lets Attackers Capture Refreshed Tokens
A researcher has mapped a five-step attack on Claude Code that intercepts the credentials giving AI agents access to Jira, GitHub and Confluence, and demonstrated that the standard incident response move, rotating the stolen token, hands the attacker a fresh one.

Latest Mini Shai-Hulud Worm Steals Credentials, Includes Wiper, Now Open Source
A new Shai-Hulud variant has infected multiple npm repositories and jumped to other widely used JavaScript and Python packages. Designed to rapidly propagate, the worm steals over 100 different types of credentials and can wipe systems, including if developers try to delete it.

Medical Board Urged State to Ditch Pilot, Citing Patient Safety Concerns
The state of Utah is forging ahead with a pilot program that allows patients with chronic conditions to autonomously refill medication prescriptions using an artificial intelligence-powered telehealth platform despite opposition from its state medical licensing board.

Forrester's Allie Mellen on Preparing for a Mythos-Level Surge in Vulnerabilities
AI is simultaneously the biggest threat to financial system security and the most powerful tool for defending it. The IMF is sounding the alarm on systemic risk. Forrester principal analyst Allie Mellen breaks down what that means for CISOs and security teams at financial institutions.

The Iran-linked hacking group MuddyWater (a.k.a. Seedworm, Static Kitten) launched a broad cyber-espionage campaign targeting at least nine high-profile organizations across multiple sectors and countries. [...]

Security governance needs to be more than an annual compliance exercise. New companies are emerging to address risk-management gaps in current audit tools.

Currently trending CVE - Hype Score: 4 - Next.js is a React framework for building full-stack web applications. From 13.0.0 to before 15.5.16 and 16.2.5, applications that use beforeInteractive scripts together with untrusted content can be vulnerable to cross-site scripting. In affected versions, serialized script ...

Currently trending CVE - Hype Score: 4 - Next.js is a React framework for building full-stack web applications. From 14.2.0 to before 15.5.16 and 16.2.5, applications using React Server Components can be vulnerable to cache poisoning when shared caches do not correctly partition response variants. Under affected ...