Aggregator

活动时间：5月21日-6月4日

领取你的补天端午礼盒啦~

投稿得补天端午礼盒~

Участившиеся хакерские атаки заставили создателей сервиса действовать предельно жёстко.

A vulnerability classified as critical was found in Das Parking Management System 停车场管理系统 6.2.0. This vulnerability affects unknown code of the component Search API Endpoint. The manipulation of the argument Value results in sql injection. This vulnerability is known as CVE-2026-9552. It is possible to launch the attack remotely. Furthermore, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability classified as critical has been found in Das Parking Management System 停车场管理系统 6.2.0. This affects the function xp_cmdshell of the file ParkingRecord/ExportParkingRecords of the component API Endpoint. The manipulation of the argument Value leads to sql injection. This vulnerability is traded as CVE-2026-9551. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability described as critical has been identified in Acrel Electrical EEMS Enterprise Power Operation and Maintenance Cloud Platform 1.3.0. Affected by this issue is some unknown functionality of the file /SubstationWEBV2/app/..;/main/upfile. Executing a manipulation of the argument path can lead to path traversal. This vulnerability appears as CVE-2026-9550. The attack may be performed from remote. In addition, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

Submit #815457 / VDB-365611

Submit #815456 / VDB-365610

dnsmasqには複数の脆弱性が存在します。

The algorithmic stablecoins EURR and USDR, curated by the digital asset institution StablR, suffered a severe and precipitous de-pegging from their respective fiat baselines following a targeted compromise of their token-minting contract within the...

The post StablR Stablecoin Depeg Hack: $10M Minted in Multisig Failure appeared first on Information Security News.

Submit #815455 / VDB-365609

The Iranian state-sponsored threat actor known as Nimbus Manticore (aka Screening Serpens and UNC1549) has been attributed to a fresh campaign using lures impersonating organizations in the aviation and software sectors across the U.S., Europe, and the Middle East following the joint U.S.-Israeli military campaign against the country in late February 2026. The activity, besides embracing

加州年龄验证法律的修正案将豁免大部分 Linux 发行版和自由开源软件。年龄验证法律要求操作系统提供商在设置询问用户年龄。该法案的修改版 AB-1856 缩小了适用的操作系统提供商和应用程序的范围：(2) “操作系统提供商”不包括在许可条款允许接收方复制、重新分发和修改该软件的情况下，分发操作系统或应用程序的个人或实体。(2) “应用程序”不包括其本身并未作为独立可执行应用程序、通过受监管的应用程序商店向消费者提供的软件组件。Valve 的 SteamOS 平台仍然受到影响，因为它的 Steam 客户端是受监管的应用商店。

North Korea’s adversarial presence within the digital theater has transcended the legacy paradigm of isolated, decentralized hacking collectives. Per comprehensive threat intelligence compiled by Krypt3ia, the state’s offensive cyber apparatus has evolved into a...

The post The Consolidation of North Korean Cyber Doctrine: From Fragmented Threat Actors to a Unified Cyber Ecosystem appeared first on Information Security News.

The state-sponsored North Korean threat syndicate designated as Void Dokkaebi has fundamentally recalibrated the delivery architecture of its flagship backdoor, InvisibleFerret, systematically elevating its defensive evasion capabilities. The adversaries have abandoned the distribution of...

The post The Evolutionary Stratagem of Void Dokkaebi: Analyzing the Cythonized Mutation of InvisibleFerret appeared first on Information Security News.

华为τ定律的战略意义

85 операторов оштрафованы за молчание об IP-адресах.

The ShinyHunters extortion gang stole the personal information of over 183,000 people after hacking the systems of convenience store chain giant 7-Eleven in April, according to data breach notification service Have I Been Pwned. [...]

雷神众测拥有该文章的修改和解释权。如欲转载或传播此文章，必须保证此文章的副本，包括版权声明等全部内容。声明雷神众测允许，不得任意修改或增减此文章内容，不得以任何方式将其用于商业目的。