Aggregator

A vulnerability was found in Linux Kernel up to 6.18.13/6.19.3. It has been rated as critical. Affected by this issue is the function llbitmap_suspend_timeout. The manipulation leads to state issue. This vulnerability is documented as CVE-2026-45955. The attack requires being on the local network. There is not any exploit available. Upgrading the affected component is advised.

A vulnerability described as critical has been identified in Linux Kernel up to 6.19.3. Affected by this issue is the function vidi_connection_ioctl of the component exynos. Such manipulation leads to use after free. This vulnerability is traded as CVE-2026-45956. Access to the local network is required for this attack to succeed. There is no exploit available. Upgrading the affected component is recommended.

A vulnerability marked as problematic has been reported in Erlang OTP. This vulnerability affects unknown code in the library lib/public_key/src/pubkey_cert.erl of the component TLS Endpoint. This manipulation causes improper certificate validation. This vulnerability is handled as CVE-2026-42789. The attack can be initiated remotely. There is not any exploit available. It is suggested to upgrade the affected component.

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds SolarWinds Serv-U flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added SolarWinds Serv-U flaw, tracked as CVE-2026-28318 (CVSS ver 3.1 score of 7.5), to its Known Exploited Vulnerabilities (KEV) catalog. SolarWinds Serv-U is a managed file transfer (MFT) and secure file […]

Cybersecurity researchers are warning businesses about Pink Extortion Group, a threat actor that uses voice phishing to bypass multi-factor authentication and steal files from cloud environments.

Currently trending CVE - Hype Score: 3 - Incorrect permission assignment for critical resource issue exists in ServerView Agents for Windows V11.60.04 and earlier. If this vulnerability is exploited, a local authenticated attacker who can log in to the server where the affected product is installed may obtain SYSTEM ...

Currently trending CVE - Hype Score: 4 - Crafted MQTT messages can trigger command injection, resulting in root-level code execution on the target device.

Currently trending CVE - Hype Score: 4 - Web endpoints intended for the Acer Connect app improperly validate the HTTP Authorization header, failing to block requests when Base64 decoding fails.

Алгоритмы вышли из-под контроля раньше, чем компании успели это заметить.

Name: ZeroDay Heist 2026 (an ZerodayHeist event.)
Date: June 6, 2026, 6:30 a.m. — 06 June 2026, 12:30 UTC  [add to calendar]
Format: Jeopardy
On-line
Location: On-line
Offical URL: https://ctf.cyberhx.com/
Rating weight: 24.33
Event organizers: CyberXoX

За обычной дверью скрывался бизнес, который обслуживал клиентов по всей Европе.

OpenAI has released ChatGPT Lockdown Mode, a new security feature designed to limit outbound network access and reduce the risk of data exfiltration from prompt-injection attacks. The feature is now available to eligible personal accounts, self-serve ChatGPT Business users, and managed enterprise workspaces. Prompt injection, where malicious instructions are embedded in content processed by an […]

The post New ChatGPT Lockdown Mode to Mitigate Prompt Injection and Data Exfiltration Attacks appeared first on Cyber Security News.

Browser Choice Alliance написала открытое письмо Сатье Наделле.

Reports claim Anthropic engineers are helping the NSA use its restricted AI model Mythos, known for advanced cybersecurity capabilities. This week, the Financial Times reported that Anthropic has placed approximately six “forward-deployed” engineers inside the National Security Agency to help the intelligence agency use Mythos, its most capable cyber model, for offensive operations. Two people […]

A vulnerability identified as problematic has been detected in SecureAge CatchPulse up to 10.9.1. Impacted is an unknown function in the library saappctl.sys of the component IOCTL Handler. The manipulation leads to information disclosure. This vulnerability is uniquely identified as CVE-2026-11459. Local access is required to approach this attack. Moreover, an exploit is present. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability categorized as problematic has been discovered in erzhongxmu JeeWMS up to 141740afb2ba14d441c82a833d0a418d07ca2d69. This issue affects some unknown processing of the file /base-boot/actuator of the component Boot Actuator Endpoint. Executing a manipulation can lead to information disclosure. This vulnerability is handled as CVE-2026-11458. The attack can be executed remotely. Additionally, an exploit exists. This product implements a rolling release for ongoing delivery, which means version information for affected or updated releases is unavailable. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in erzhongxmu JeeWMS up to 141740afb2ba14d441c82a833d0a418d07ca2d69. It has been rated as critical. This vulnerability affects unknown code of the file /base-boot/jmreport/testConnection of the component JimuReport test-connection Endpoint. Performing a manipulation of the argument dbType/dbDriver/dbUrl/dbUsername/dbPassword results in injection. This vulnerability is known as CVE-2026-11457. Remote exploitation of the attack is possible. Furthermore, an exploit is available. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided. The vendor was contacted early about this disclosure but did not respond in any way.

Периметр сломан, алгоритмы неуправляемы, атаки масштабируются… Что делать?

Submit #829131 / VDB-369078