Aggregator

Разработчики EspoCRM закрыли критическую уязвимость в механизме обработки файлов.

Apple has introduced a security feature in macOS Tahoe 26.4 that blocks pasting and executing potentially harmful commands in Terminal and alerts users to possible risks. [...]

Apple introduced an extra layer of protection against ClickFix attacks, only for macOS Tahoe 26.4 and later

The post New macOS security feature will alert users about possible ClickFix attacks appeared first on Security Boulevard.

A critical Telegram flaw could allow zero-click remote code execution on devices, but Telegram denies it. Researcher Michael DePlante (@izobashi) of TrendAI Zero Day disclosed a new Telegram vulnerability through Zero Day Initiative (ZDI). The vulnerability, tracked as ZDI-CAN-30207 (CVSS score of 9.8) allows attackers to execute code on targeted devices without any user interaction. […]

Ozon, Wildberries и «Яндекс» начнут ограничивать доступ пользователям с VPN.

AI SOC agents can reduce alert fatigue, but most teams fail to measure real outcomes. Prophet Security breaks down Gartner's questions for evaluating AI SOC agents and separating real impact from hype. [...]

Lloyds app glitch exposed up to 447,936 customers’ transactions and personal data during update

Как эксперты пугают нас дутыми цифрами

In a statement issued Friday, the Commission said it had detected an incident affecting the Europa.eu web portal, the European Union’s central online platform hosting websites and services for its institutions.

Some weeks are loud. This one was quieter but not in a good way. Long-running operations are finally hitting courtrooms, old attack methods are showing up in new places, and research that stopped being theoretical right around the time defenders stopped paying attention. There's a bit of everything this week. Persistence plays, legal wins, influence ops, and at least one thing that looks boring

百科上的介绍偏重他的作家身份，对他的革命者、建设者身份着墨不多。我则对他的另两重身份很有兴趣。

A vulnerability has been found in ON24 Q&A Chat and classified as problematic. Affected by this vulnerability is an unknown functionality of the file console-survey/api/v1/answer/ of the component History Handler. Performing a manipulation results in authorization bypass. This vulnerability is cataloged as CVE-2026-3321. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in code-projects Online Food Ordering System 1.0. Affected is an unknown function of the file /form/order.php of the component Order Module. Such manipulation of the argument cust_id leads to cross site scripting. This vulnerability is listed as CVE-2026-5157. The attack may be performed from remote. In addition, an exploit is available.