The Gentleman
You must login to view this content
Aggregator
The Gentleman
2 weeks 4 days ago
You must login to view this content
cohenido
The Gentleman
2 weeks 4 days ago
You must login to view this content
cohenido
俄罗斯联邦安全局立案调查外国间谍软件植入高官手机事件
2 weeks 4 days ago
俄罗斯联邦安全局(FSB)在2026年6月2日声称,他们发现了一起由西方情报机构和大型科技公司策划的重大网络行
Фотон нельзя разделить пополам? Физики попробовали — и получили бесконечность вместо двух половинок
2 weeks 4 days ago
Да, разрезать не получится — но попытка породила кое-что неожиданное…
Beyond the Zero-Day: See Your Network Like an Attacker | Webinar with HD Moore
2 weeks 4 days ago
Assume the breach. Zero-days keep shipping, AI is writing exploits faster than anyone patches, and "patch everything in time" stopped working years ago. Stop betting the org on winning that race. You don't control which bug lands. You control what it can reach once it does.
That is a question about the shape of your network, and most teams have the shape wrong. HD Moore, creator of Metasploit
The Hacker News
Microsoft 365 Android Apps Let Any App Steal Account Tokens via Leftover Debug Flag
2 weeks 4 days ago
A development flag left switched on in production builds of several Microsoft 365 Android apps disabled the check that limits account-token sharing to trusted Microsoft apps.
Any other app on the same phone could ask for the signed-in user's token and get it, then read email, open files, browse the calendar, and send messages as that user. No password, no login screen, no permission prompt.
The Hacker News
Hackers Use Fake Purchase Orders to Deploy JS.MonoGlyphRAT Targeting US Enterprises
2 weeks 4 days ago
A stealthy new threat is quietly making its way through US businesses, and most traditional security tools are completely missing it. Researchers have uncovered a previously unknown piece of malware that disguises itself as an everyday business document — a purchase order, a quote, or a request for proposal. Once an unsuspecting employee opens the […]
The post Hackers Use Fake Purchase Orders to Deploy JS.MonoGlyphRAT Targeting US Enterprises appeared first on Cyber Security News.
Tushar Subhra Dutta
CVE-2026-47324 | ProjectsAndPrograms school-management-system cross site scripting (6b6fae5)
2 weeks 4 days ago
A vulnerability was found in ProjectsAndPrograms school-management-system and classified as problematic. This affects an unknown function. Executing a manipulation can lead to cross site scripting.
The identification of this vulnerability is CVE-2026-47324. The attack may be launched remotely. There is no exploit available.
It is best practice to apply a patch to resolve this issue.
vuldb.com
CVE-2026-44546 | djangoproject daphne up to 4.2.1 Websocket Handshake splitlines request smuggling
2 weeks 4 days ago
A vulnerability has been found in djangoproject daphne up to 4.2.1 and classified as problematic. The impacted element is the function splitlines of the component Websocket Handshake Handler. Performing a manipulation results in http request smuggling.
This vulnerability was named CVE-2026-44546. The attack may be initiated remotely. There is no available exploit.
The affected component should be upgraded.
vuldb.com
CVE-2026-37460 | FRRouting FRR 10.0/10.6 BGP rfapi_rib.c rfapiRibBi2Ri denial of service (EUVD-2026-34083)
2 weeks 4 days ago
A vulnerability, which was classified as problematic, was found in FRRouting FRR 10.0/10.6. The affected element is the function rfapiRibBi2Ri of the file rfapi_rib.c of the component BGP Handler. Such manipulation leads to denial of service.
This vulnerability is uniquely identified as CVE-2026-37460. The attack can be launched remotely. No exploit exists.
It is advisable to implement a patch to correct this issue.
vuldb.com
Взломали, извинились, починили. Группировка Nova показала чудеса клиентского сервиса.
2 weeks 4 days ago
Киберпреступники исключили партнера из синдиката за атаку на бизнес со штаб-квартирой в СНГ.
Meta 给予员工每次最多 30 分钟退出跟踪
2 weeks 4 days ago
Meta 最近开始在美国员工电脑上安装追踪软件,捕捉员工鼠标移动、点击和按键数据以用于训练 AI 模型,此举是该公司构建能自动执行工作任务的 AI 智能体的大计划的一部分。被称为 Model Capability Initiative(MCI)的工具在公司内部引发了强烈反对,部分员工为此发起了一项请愿活动,已有逾 1500 人签名。有匿名员工认为公司的行为“非常反乌托邦”。根据周二发给员工的一份内部备忘录,Meta 略微后退了一步,允许员工退出跟踪,“每次最长 30 分钟”,员工也可以申请永久退出该跟踪计划。
Microsoft responds to security challenges facing code, AI agents, and models
2 weeks 4 days ago
Microsoft has introduced a series of security tools and capabilities focused on AI-driven vulnerability discovery, AI agents, and AI models. The updates include a multi-agent vulnerability discovery system, new controls for managing and securing AI agents, data protection capabilities, and tools designed to identify potentially vulnerable or compromised AI models before deployment. MDASH targets exploitable vulnerabilities Microsoft expanded the preview of MDASH, a multi-model agentic vulnerability discovery system that now integrates with Microsoft Defender. The … More →
The post Microsoft responds to security challenges facing code, AI agents, and models appeared first on Help Net Security.
Sinisa Markovic
Space Bears
2 weeks 4 days ago
You must login to view this content
cohenido
Akira
2 weeks 4 days ago
You must login to view this content
cohenido
Akira
2 weeks 4 days ago
You must login to view this content
cohenido
Akira
2 weeks 4 days ago
You must login to view this content
cohenido
Five OpenClaw 0-Days let Attackers to Hijack Trusted AI Agent Access
2 weeks 4 days ago
Five zero-day flaws in OpenClaw allowed attackers to bypass trust boundaries and hijack AI agent access across multiple messaging platforms. OpenClaw, which integrates AI agents with services such as Slack, Discord, Microsoft Teams, Matrix, and Telegram, relies heavily on user-defined allowlists to determine who can interact with an agent. This trust model assumes that only […]
The post Five OpenClaw 0-Days let Attackers to Hijack Trusted AI Agent Access appeared first on Cyber Security News.
Abinaya
网络首发 | 安徽大学崔杰教授团队:车内网中基于属性加密的可撤销访问控制机制研究
2 weeks 4 days ago