Aggregator

原域名已变更且将在2024年彻底废弃，请访问 https://govuln.com/news/ 查看新的RSS订阅

Learn when SaaS teams should adopt passwordless authentication to boost security, reduce friction, and accelerate secure product development.

The post Building Secure Authentication Faster: When SaaS Teams Should Go Passwordless appeared first on Security Boulevard.

Как ДНК-оригами может стать ключом к главной вакцине века.

Хакеры получили доступ к системе Salesforce оператора Odido через фишинг и социальную инженерию.

A vulnerability was found in zhanghuanhao LibrarySystem 图书馆管理系统 up to 1.1.1. It has been rated as critical. This impacts an unknown function of the file BookController.java. The manipulation leads to improper access controls. This vulnerability is uniquely identified as CVE-2026-2549. The attack is possible to be carried out remotely. Moreover, an exploit is present. The project was informed of the problem early through an issue report but has not responded yet.

A vulnerability categorized as critical has been discovered in EFM iptime A6004MX 14.18.2. Affected is the function commit_vpncli_file_upload of the file /cgi/timepro.cgi. The manipulation results in unrestricted upload. This vulnerability was named CVE-2026-2550. The attack may be performed from remote. In addition, an exploit is available. Applying restrictive firewalling is recommended. The vendor was contacted early about this disclosure but did not respond in any way.

Cybersecurity researchers have disclosed details of a new mobile spyware platform dubbed ZeroDayRAT that's being advertised on Telegram as a way to grab sensitive data and facilitate real-time surveillance on Android and iOS devices. "The developer runs dedicated channels for sales, customer support, and regular updates, giving buyers a single point of access to a fully operational spyware

OpenAI has introduced Lockdown Mode and Elevated Risk labels in ChatGPT to help users and organizations reduce the risk of prompt injection attacks and other advanced security threats, particularly when using features that interact with external systems. Limiting tool access to prevent data exfiltration Lockdown Mode in ChatGPT is an optional, advanced security setting for highly security-conscious users who require protection against advanced threats. To reduce the risk of prompt injection–based data exfiltration, it constrains … More →

The post ChatGPT gets new security feature to fight prompt injection attacks appeared first on Help Net Security.

Google patched Chrome zero-day CVE-2026-2441, a high-severity CSS use-after-free flaw actively exploited in the wild. Google has released urgent security updates to address a high-severity zero-day vulnerability, tracked as CVE-2026-2441, in Chrome that is already being exploited in real-world attacks. The flaw is a use-after-free bug in the browser’s CSS component. This is the first […]

Хакеры получили доступ к истории интимных заказов клиентов японского бренда Tenga.

A vulnerability labeled as problematic has been found in SourceCodester Free and Open Source Inventory Management System 1.0. The impacted element is an unknown function of the component Add Supplier Handler. The manipulation results in cross site scripting. This vulnerability is cataloged as CVE-2023-46450. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as problematic has been found in Best Courier Management System 1.0. Affected by this issue is some unknown functionality. Performing a manipulation of the argument Username results in cross site scripting. This vulnerability is reported as CVE-2023-46451. The attack is possible to be carried out remotely. No exploit exists.

A vulnerability was found in Space Applications Services Yamcs 5.8.6 and classified as problematic. This affects an unknown function of the component ArchiveBrowser. Such manipulation leads to cross site scripting. This vulnerability is listed as CVE-2023-46470. The attack may be performed from remote. There is no available exploit.

A vulnerability categorized as problematic has been discovered in juzawebCMS up to 3.4. Impacted is an unknown function of the component Registration Page. Such manipulation of the argument Username leads to cross site scripting. This vulnerability is documented as CVE-2023-46467. The attack can be executed remotely. There is not any exploit available.

A vulnerability categorized as critical has been discovered in SourceCodester Free and Open Source Inventory Management System 1.0. Impacted is an unknown function of the component Password Change Handler. Executing a manipulation can lead to improper access controls. This vulnerability is tracked as CVE-2023-46449. The attack can be launched remotely. No exploit exists.