SGLang GGUF 投毒致 RCE 漏洞(CVE-2026-5760)
该漏洞存在于大模型推理引擎 SGLang 中(影响 v0.5.9 及以下版本)。其核心逻辑非常直接:SGLang 在处理 /v1/rerank 请求时,会读取 GGUF 模型文件中的 tokenizer.chat_template 字段,并将其放入一个无沙箱限制的 Jinja2 环境中进行渲染。
Aggregator
Letta AI 最新版未修复漏洞
2 weeks 1 day ago
该漏洞允许攻击者通过 REST API 提供了一个 /v1/tools/run端点,利用任意 payload 在目标服务器上执行任意 Python 代码或系统命令。
DentaQuest data breach exposed info of 2.6 million accounts
2 weeks 1 day ago
A data breach at the dental benefits administrator DentaQuest has reportedly exposed the sensitive data of 2.6 million accounts. [...]
Bill Toulas
Новые биологические часы умеют считать потерянные годы. И подсказывать, как часть из них отыграть назад
2 weeks 1 day ago
Вы думали, что знаете свой возраст — вы знаете только дату рождения.
INC
2 weeks 1 day ago
You must login to view this content
cohenido
Submit #832348: bytedance InfiniStore 0.2.33 Denial of Service [Accepted]
2 weeks 2 days ago
Submit #832348 / VDB-368398
Dem00
Submit #832308: LibreDWG libredwg main branch @0b57303 (latest as of 2026-04-29) Heap-buffer-overflow (Out-of-bounds Heap Write) [Duplicate]
2 weeks 2 days ago
Submit #832308 / VDB-365549
pwn3rd
Submit #832297: LibreDWG libredwg main branch @0b57303 (latest as of 2026-04-29) Heap-buffer-overflow (Out-of-bounds Heap Read) [Duplicate]
2 weeks 2 days ago
Submit #832297 / VDB-365549
pwn3rd
Your AI agent could become your biggest insider threat
2 weeks 2 days ago
New research details how the increasing integration of AI agents into businesses is making it easier than ever for insiders - malicious or otherwise - to put sensitive data at risk.
The post Your AI agent could become your biggest insider threat appeared first on CyberScoop.
djohnson
Russia seeks to label two anti-Kremlin hacker groups as ‘extremist’
2 weeks 2 days ago
The groups have previously claimed responsibility for cyberattacks targeting critical infrastructure and government institutions in Russia and Belarus.
Stock Exchange Executive’s Outlook Account Targeted to Exfiltrate Credentials
2 weeks 2 days ago
A senior executive at a major global stock exchange had their Microsoft Outlook account silently compromised for five straight months, with attackers carefully siphoning emails in small batches to avoid detection. The intrusion ran from October 2025 through at least March 2026, designed entirely around one single goal: stealing the complete contents of one person’s […]
The post Stock Exchange Executive’s Outlook Account Targeted to Exfiltrate Credentials appeared first on Cyber Security News.
Tushar Subhra Dutta
Томас Эдисон считался отцом звукозаписи 150 лет. Историки только что это опровергли
2 weeks 2 days ago
Говорящая машина XVIII века умела смеяться, плакать и петь арии. А не фонограф ли это?
Supreme Court rules FCC fines punishing telecom giants for sharing location data were legal
2 weeks 2 days ago
The Trump administration had backed the FCC’s position and, apart from Justice Clarence Thomas, the high court agreed.
Государство блокирует VPN, но разрешит «Билайну» сделать свой, правильный VPN
2 weeks 2 days ago
VPN, который не надо включать, искать и прятать — мечта или тариф?
iFood Confirms Data Breach Affecting 1.2 Million Users in Brazil
2 weeks 2 days ago
iFood confirms a data breach affecting 1.2 million customers in Brazil, while hackers on BreachForums claim the actual theft is much larger.
Deeba Ahmed
U.S. CISA adds Mirasvit Full Page Cache Warmer flaw to its Known Exploited Vulnerabilities catalog
2 weeks 2 days ago
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Mirasvit Full Page Cache Warmer flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Mirasvit Full Page Cache Warmer flaw, tracked as CVE-2026-45247 (CVSS ver 4.0 score of 9.3), to its Known Exploited Vulnerabilities (KEV) catalog. The CVE-2026-45247 flaw is a […]
Pierluigi Paganini
CISA Warns of critical Magento Cache Warmer RCE flaw Exploited in Attacks
2 weeks 2 days ago
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning about a critical remote code execution vulnerability affecting the Mirasvit Full Page Cache Warmer extension for Magento, tracked as CVE-2026-45247. The flaw, stemming from insecure deserialization of untrusted data, is now being actively exploited in real-world attacks, raising concerns across eCommerce environments […]
The post CISA Warns of critical Magento Cache Warmer RCE flaw Exploited in Attacks appeared first on Cyber Security News.
Abinaya
Cisco Patches CVE-2026-20230 in Unified CM as Exploit Code Goes Public
2 weeks 2 days ago
Cisco has patched a bug in Unified Communications Manager that lets an unauthenticated attacker on the network write files to the box and, from there, climb to root.
It is tracked as CVE-2026-20230, and proof-of-concept exploit code is already public. Cisco's PSIRT says it has not seen the flaw used in attacks yet. The PoC shortens that runway.
The flaw is a server-side request forgery.
The Hacker News
SSRF to Root: Unauthenticated File-Write Flaw in Cisco Unified CM (CVE-2026-20230)
2 weeks 2 days ago
CVE-2026-20230 is an unauthenticated, remote server-side request forgery (SSRF) vulnerability in Cisco Unified Communications Manager (Unified CM) and Unified CM Session Management Edition (Unified CM SME).
Dark Web Informer
Anthropic’s Claude Oceanus-v1-p Opens to Red Team Testing, but Distribution is Compromised
2 weeks 2 days ago
A next-generation Anthropic model has surfaced in restricted testing channels, but early distribution was already compromised before the evaluation formally began. References to claude-oceanus-v1-p began circulating among researchers on June 3, 2026, after the model identifier appeared inside Anthropic’s Claude Console and surfaced through unauthorized API proxy services. The sightings immediately triggered speculation that Anthropic […]
The post Anthropic’s Claude Oceanus-v1-p Opens to Red Team Testing, but Distribution is Compromised appeared first on Cyber Security News.
Guru Baran