Aggregator

日本電気株式会社が提供するAtermシリーズには、OSコマンドインジェクションの脆弱性が存在します。

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Nurihan Kim (HanTul), Hyeon-gyu Lee (hy30nq)' was reported to the affected vendor on: 2026-05-25, 6 days ago. The vendor is given until 2026-09-22 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

日本電気株式会社が提供するAtermシリーズには、クロスサイトスクリプティングの脆弱性が存在します。

«Бесплатный сыр» теперь прячется в архиваторах и программах для документов.

In this Help Net Security video, Ziv Levi, SVP of Technology at CYE, explains why translating cyber risk into dollars is one of the most pressing tasks for security leaders. Boards and executives want cyber exposure described in business terms, not technical jargon. Levi walks through a three-step financial translation framework. First, identify business exposure by mapping attack paths to the assets that matter most, such as intellectual property and customer data. Second, focus on … More →

The post Boards want cyber risk in dollars, not CVE counts appeared first on Help Net Security.

CERT/CCから本件に関するアドバイザリが公表されました。

Теневой рынок успешно парализует бизнес откровенной дезинформацией.

Senior decision-makers are the heaviest users of unapproved AI tools, and they continue using them despite being aware of the security and privacy risks linked to shadow AI, according to TrustedTech’s Shadow AI in the Workplace report. The study found that 65% of decision-makers use shadow AI, compared with 31% of employees below decision-maker level. Net Shadow AI use (Source: TrustedTech) The data suggests that shadow AI is not mainly driven by junior employees experimenting … More →

The post Turns out the C-suite loves shadow AI appeared first on Help Net Security.

在智能体安全检测、逻辑漏洞扫描、精准误报分析、开启ai驱动的代码安全新时代。

A vulnerability, which was classified as problematic, was found in NEC Platforms Aterm WX1800HP, Aterm WX5400HP, Aterm WX7800T8, Aterm WX11000T12, Aterm WX3000HP2, Aterm WX4200D5, Aterm GX621A1, Aterm SH621A1 and Aterm 19000T12BE. This affects an unknown function of the component Web Management Interface. The manipulation results in cross site scripting. This vulnerability is reported as CVE-2026-6059. The attack can be launched remotely. No exploit exists.

A vulnerability, which was classified as critical, has been found in NEC Platforms Aterm MR51FN and Aterm CM51FD. The impacted element is an unknown function. The manipulation leads to os command injection. This vulnerability is documented as CVE-2026-8652. The attack requires being on the local network. There is not any exploit available.

A vulnerability classified as critical was found in Acer NitrorSense up to 3.01.3052. The affected element is an unknown function. Executing a manipulation can lead to path traversal. This vulnerability is registered as CVE-2026-9489. The attack needs to be launched locally. No exploit is available. Upgrading the affected component is advised.

A vulnerability classified as problematic has been found in SPIP up to 4.4.14. Impacted is an unknown function of the file action/cookie.php of the component ecrire. Performing a manipulation results in open redirect. This vulnerability is cataloged as CVE-2026-48832. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability described as critical has been identified in WineHQ Wine up to 11.0. This issue affects some unknown processing of the component MIME Handler. Such manipulation leads to incorrect resource transfer. This vulnerability is listed as CVE-2026-48831. The attack must be carried out locally. There is no available exploit. There is ongoing doubt regarding the real existence of this vulnerability.

A vulnerability marked as problematic has been reported in huggingface transformers up to 5.2.x. This vulnerability affects the function AutoModelForCausalLM.from_pretrained of the file config.json. This manipulation of the argument _attn_implementation_internal causes missing serialization control element. This vulnerability is tracked as CVE-2026-4372. The attack is restricted to local execution. No exploit exists. It is suggested to upgrade the affected component.

2026年5月22日，美国国家情报总监图尔西·加巴德在社交媒体发布了一封辞职信。

开发了 14 年但发布日期未知的《星际公民(Star Citizen)》的筹款突破了十亿美元达到 1,003,408,183 美元。《星际公民》由《银河飞将》创始人 Chris Roberts 领导开发，试图复兴太空模拟飞行游戏，允许玩家在广袤的宇宙空间内探险，交易和战斗。它于 2012 年在 Kickstarter 上成功众筹，原计划的交付时间是 2014 年。但在 Kickstarter 众筹结束后，开发团队继续在官方网站上进行募资，许多募资其实就是销售游戏内的虚拟物品如各种型号的飞船。2018 年它筹集到 2 亿美元，五年之后突破 6 亿美元，2024 年 5 月突破了 7 亿美元，2 年之后突破了 10 亿美元。《星际公民》堪称史上开发预算最高的 3A 游戏。

荷兰金融犯罪调查局（FIOD）逮捕了两名男子，并扣押了与一家网络托管公司相关的800台服务器，该公司为网络攻击、干涉行动和虚假信息宣传活动提供支持。 FIOD逮捕了一名57岁嫌疑人（公司董事）和一名39岁嫌疑人——他是另一家提供互联网连接服务公司的负责人。 据当局称，嫌疑人间接向受到欧盟（EU）制裁的俄罗斯和白俄罗斯实体提供经济资源。 调查聚焦于 Stark In...

Пока вы описываете симптомы, доктор уже печатает чат-боту “срочно выручай!”.

GitHub 为 npm 推出了新的安全控制措施，以提升软件供应链的安全性，使维护者能够在软件包公开发布可供安装之前，明确批准某个版本。该功能称为 staged publishing（分阶段发布），现已正式在 npm 上可用。它要求人工维护者通过 2FA（双因素认证）挑战来批准一个软件包，然后才能将其推送至 npmjs[.]com。GitHub 表示：“与直接发布（...