Aggregator

A vulnerability was found in Mozilla Firefox up to 150 and classified as critical. This impacts an unknown function. Executing a manipulation can lead to memory corruption. This vulnerability appears as CVE-2026-8974. The attack may be performed from remote. There is no available exploit. It is suggested to upgrade the affected component.

A newly disclosed flaw in one of the world’s most widely deployed web servers is forcing administrators into another emergency patch cycle. Tracked as CVE-2026-9256 and publicly nicknamed nginx-poolslip, the vulnerability affects both NGINX Plus and NGINX Open Source, and can be triggered by a remote, unauthenticated attacker over plain HTTP. The vulnerability resides in […]

The post Nginx-poolslip Vulnerability Enables DoS and Code Execution Attacks — Patch Now! appeared first on Cyber Security News.

PagesAboutDidier Stevens SuiteLinksMy Python TemplatesMy SoftwareProfession

618大促拉开帷幕。继几天前苹果公司、华为、小米等多家手机厂商集体降价后，近日 “国产手机突然降价2000元” 等话题再次冲上多个平台热搜。5月21日0 时开始，多家国产手机品牌调价。这轮降价的时间点

A vulnerability classified as critical was found in Mozilla Firefox up to 150. This affects an unknown function of the component Security Component. Such manipulation leads to protection mechanism failure. This vulnerability is listed as CVE-2026-8962. The attack may be performed from remote. There is no available exploit. Upgrading the affected component is advised.

A vulnerability, which was classified as problematic, has been found in Mozilla Firefox up to 150. This impacts an unknown function of the component Security Component. Performing a manipulation results in information disclosure. This vulnerability is cataloged as CVE-2026-8965. It is possible to initiate the attack remotely. There is no exploit available. It is advisable to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Mozilla Firefox up to 150. Affected is an unknown function of the component IP Protection Component. Executing a manipulation can lead to information disclosure. This vulnerability is registered as CVE-2026-8966. It is possible to launch the attack remotely. No exploit is available. You should upgrade the affected component.

A vulnerability has been found in Mozilla Firefox up to 150 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component WebGPU. The manipulation leads to information disclosure. This vulnerability is documented as CVE-2026-8967. The attack can be initiated remotely. There is not any exploit available. The affected component should be upgraded.

A vulnerability, which was classified as problematic, has been found in Mozilla Firefox up to 150. Affected by this issue is some unknown functionality of the component Web Speech. The manipulation leads to authentication bypass by spoofing. This vulnerability is listed as CVE-2026-8963. The attack may be initiated remotely. There is no available exploit. It is advisable to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Mozilla Firefox up to 150. This affects an unknown part of the component Popup Blocker. The manipulation results in clickjacking. This vulnerability is cataloged as CVE-2026-8964. The attack may be launched remotely. There is no exploit available. You should upgrade the affected component.

A vulnerability has been found in Mozilla Firefox up to 140.10/150 and classified as problematic. This vulnerability affects unknown code of the component Web Codecs. This manipulation causes denial of service. This vulnerability is registered as CVE-2026-8968. Remote exploitation of the attack is possible. No exploit is available. The affected component should be upgraded.

A vulnerability was found in Mozilla Firefox up to 150. It has been declared as problematic. The affected element is an unknown function of the component WebExtensions. Executing a manipulation can lead to authentication bypass by spoofing. This vulnerability appears as CVE-2026-8960. The attack may be performed from remote. There is no available exploit. It is recommended to upgrade the affected component.

A vulnerability was found in Mozilla Firefox up to 140.10/150. It has been rated as problematic. The impacted element is an unknown function of the component Form Autofill. The manipulation leads to authentication bypass by spoofing. This vulnerability is traded as CVE-2026-8961. It is possible to initiate the attack remotely. There is no exploit available. Upgrading the affected component is advised.

A vulnerability categorized as problematic has been discovered in Mozilla Firefox up to 140.10/150. This affects an unknown function of the component Security Component. The manipulation results in improper privilege management. This vulnerability is known as CVE-2026-8970. Access to the local network is required for this attack. No exploit is available. It is advisable to upgrade the affected component.

A vulnerability identified as problematic has been detected in Mozilla Firefox up to 150. This impacts an unknown function of the component JAR. This manipulation causes permissive cross-domain policy with untrusted domains. This vulnerability is handled as CVE-2026-8971. The attack can be initiated remotely. There is not any exploit available. You should upgrade the affected component.

Cybersecurity firm VulnCheck reveals hackers are using a critical 2018 vulnerability to bypass authentication and hack over a million ASUS routers.

Жертве достаточно открыть заражённую ссылку, чтобы мгновенно лишиться всех цифровых накоплений.

劳工保护组织 More Perfect Union 公开了扎克伯格（Mark Zuckerberg）上月底回答员工有关设备监控提问的六分钟录音。Meta 上个月通知员工将使用名为 Model Capability Initiative 的监控工具监控员工的鼠标点击和按键，此举旨在收集数据训练 AI 模型。扎克伯格在回答中为监控员工辩护，称如果想训练模型的编程能力，那么让内部员工去开发一些工具，或者去解决一些任务，以此来教模型如何写代码——这种方式能让模型在编程能力上实现飞跃。这种速度是行业内其他对手无法企及的，因为他们的公司没有成千上万名顶尖工程师，“这只是一个例子。我们的系统还需要非常擅长的一点就是‘操作电脑’。而要让一个系统学会熟练操作电脑，最有效的办法就是让它去观察极其聪明的人是如何操作电脑的。这基本上就是我们目前正在做的事情的核心本质。”扎克伯格表示不会监视员工的工作行为，MCI 数据不会用于绩效评估。因为欧盟的 GDPR 法律，Meta 位于欧洲的员工据报道不用参与该计划。Meta 并非唯一一家通过员工获取 AI 训练数据的科技公司，微软和 xAI 也在利用内部员工生成和完善训练数据集。

劳工保护组织 More Perfect Union 公开了扎克伯格（Mark Zuckerberg）上月底回答员工有关设备监控提问的六分钟录音。Meta 上个月通知员工将使用名为 Mode

A vulnerability, which was classified as problematic, was found in ulisesbocchio jasypt-spring-boot up to 3.0.5/4.0.4. Affected by this vulnerability is the function getSecretKeySaltGenerator of the file jasypt-spring-boot/src/main/java/com/ulisesbocchio/jasyptspringboot/encryptor/SimpleGCMConfig.java of the component Password Hash Handler. Executing a manipulation can lead to use of a one-way hash with a predictable salt. This vulnerability is tracked as CVE-2026-9370. The attack can be launched remotely. Moreover, an exploit is present. The project was informed of the problem early through an issue report but has not responded yet.