Aggregator

A vulnerability, which was classified as critical, was found in Linux Kernel up to 6.18.20/6.19.10/7.0-rc5. Affected by this vulnerability is the function futex_key_to_node_opt of the file kernel/futex/core.c. Such manipulation leads to use after free. This vulnerability is referenced as CVE-2026-23415. The attack needs to be initiated within the local network. No exploit is available. You should upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 6.18.20/6.19.10/7.0-rc5 and classified as critical. Affected by this issue is the function vma_modify_flags. Performing a manipulation results in excessive iteration. This vulnerability is identified as CVE-2026-23416. The attack can only be performed from the local network. There is not any exploit available. The affected component should be upgraded.

A vulnerability described as critical has been identified in Linux Kernel up to 6.12.79/6.18.20/6.19.10/7.0-rc4. The impacted element is the function bpf_jit_blind_insn of the component bpf. Executing a manipulation can lead to privilege escalation. This vulnerability is handled as CVE-2026-23417. The attack can only be done within the local network. There is not any exploit available. Upgrading the affected component is recommended.

A vulnerability identified as critical has been detected in efforthye fast-filesystem-mcp up to 3.5.1. The affected element is the function handleGetDiskUsage of the file src/index.ts. Performing a manipulation results in command injection. This vulnerability is reported as CVE-2026-5327. The attack is possible to be carried out remotely. Moreover, an exploit is present. The project was informed of the problem early through an issue report but has not responded yet.

A dangerous Android rootkit named NoVoice has been hiding inside over 50 apps on Google Play, compromising more than 2.3 million devices worldwide. Tracked as Operation NoVoice, the malware uses 22 exploits to take full control of a device without raising any alerts, making it one of the most destructive Android threats uncovered in recent […]

The post NoVoice on Google Play with 22 Exploits Attacks Millions of Android Users appeared first on Cyber Security News.

Грядущая реформа обещает стать самой масштабной за последние пять лет.

Two vulnerabilities in Progress ShareFile, an enterprise-grade secure file transfer solution, can be chained to enable unauthenticated file exfiltration from affected environments. [...]

iOS/iPadOS 18.7.7 updates expanded to protect older devices from DarkSword web exploit kit

Stryker Corporation, one of the world's leading medical technology companies, says it's fully operational three weeks after many of its systems were wiped out in a cyberattack claimed by the Iranian-linked Handala hacktivist group. [...]

New research from Varonis Threat Labs reveals Storm infostealer, a malicious subscription service that bypasses Google Chrome encryption.…

Red Hat has announced Red Hat Enterprise Linux Extended Life Cycle Premium, a new subscription that provides a predictable 14-year life cycle for major Red Hat Enterprise Linux releases. This stand-alone subscription consolidates extended support, simplifying the management of multiple support streams. It helps organizations maintain their most sensitive, change-averse workloads on a single, hardened foundation for more than a decade. As enterprises deploy full-scale production, the underlying infrastructure relies on consistency. Frequent minor release … More →

The post New Red Hat subscription simplifies long-term enterprise Linux support appeared first on Help Net Security.

Кажется, здравый смысл наконец-то победил вечную конкуренцию.

Identity attacks are rising as trust expands — learn how to detect misuse, close gaps, and defend beyond authentication.

Unified Platforms Reduce Risk, Cost From Ransomware and AI Threats
Leaders must maximize existing infrastructure as ransomware and AI-driven threats raise costs and risk. In order to extract more value from current hardware, organizations must strengthen resilience through private cloud architectures, improved storage efficiency and automated recovery.

Moves Reverse Biden-Era Changes; National Coordinator Returns to Health IT Policy
The U.S. Department of Health and Services is reversing Biden-era changes, returning the Office of the National Coordinator for Health IT's focused role on external health IT policy and standards, while shifting department-wide cybersecurity, cloud, AI and data operations back to the Office of CIO.

Enterprises Seek Multi-Agent Systems to Govern LLM-Generated Code at Scale
As AI-generated code surges, New York-based startup Qodo has raised $70 million in Series B funding to address governance and quality challenges. The company is building multi-agent systems to review code, enforce standards and reduce risk in enterprise software development.

Fallout Continues Over Leaked Claude Source Code Incident
The tension between AI developers and cybersecurity vendors is becoming increasingly apparent as new models show sudden leaps in capability - and AI firm Anthropic, for better or for worse, finds itself at the center of the drama.

Augmented Marauder's multipronged banking-Trojan cyber campaigns are targeting Spanish speakers, evading detection, and replicating rapidly.

LNK files use GitHub C2, embedded decoders and PowerShell for persistence and data exfiltration

Halcyon says Akira is now capable of carrying out an entire ransomware attack in less than an hour