Aggregator
Claude for Chrome Vulnerability Lets Attackers Read Gmail, Docs, and Calendar Data
Anthropic’s Claude for Chrome browser extension has two unpatched flaws that allow attackers to read a victim’s Gmail, Google Docs, and Calendar data using just six lines of JavaScript, even after eight subsequent releases. Manifold researchers first reported the issues in May 2026, yet both remain reproducible in the latest v1.0.80, released July 7, 2026. […]
The post Claude for Chrome Vulnerability Lets Attackers Read Gmail, Docs, and Calendar Data appeared first on Cyber Security News.
Progress confirms ShareFile zero-day flaw behind Storage Zone shutdown
«Контекстная бомба» в действии. Всего одна строчка в коде заставляет боевой ИИ отказаться от атаки
Frontier AI: The Genie's Out of the Bottle, but Where's the Rulebook?
北京的一天:一块碑、几位老人、一条胡同
SAP Patches Critical NetWeaver, AppRouter, and Commerce Cloud Vulnerabilities
Langflow Exploited to Build Custom DDoS Gafgyt Botnets
SecWiki News 2026-07-14 Review
更多最新文章,请访问SecWiki
ClickFix's Mushrooming Ecosystem Demands New Defense Tactics
Chaos
You must login to view this content
Submit #856719: zhinianboke xianyu-auto-reply main at or before 04580d6490b4731d0055f29736930d8cc59b60d6 CWE-650 Trusting HTTP Permission Methods on the Server Side [Accepted]
Submit #856716: zhinianboke xianyu-auto-reply main branch at or before commit 04580d6490b4731d0055f29736930d8cc59b60d6 CWE-862 Missing Authorization [Accepted]
Adversarial Tales
Veeam security advisory (AV26-694)
Treasury sanctions First VPN Service, others for abetting ransomware gangs
The designations hit 1VPNS, its alleged Ukrainian administrator and a Belarusian who allegedly sold “cryptors” to disguise ransomware and other malware.
The post Treasury sanctions First VPN Service, others for abetting ransomware gangs appeared first on CyberScoop.
Submit #856634: mastergo-design mastergo-magic-mcp 0.2.0 Improper Access Control [Accepted]
Submit #856633: mastergo-design mastergo-magic-mcp 0.2.0 Server-Side Request Forgery [Accepted]
Submit #856632: mastergo-design mastergo-magic-mcp 0.2.0 Information Disclosure [Accepted]
FortiSandbox Vulnerability Allows Attackers to Access VNC Servers of VMs
Fortinet has disclosed a high-severity vulnerability in FortiSandbox that could allow unauthenticated attackers to access the VNC servers of virtual machines used for malware scanning. Tracked as CVE-2026-59835, the flaw is classified as an Exposure of Resource to Wrong Sphere issue (CWE-668) and carries a CVSSv3 score of 7.7, indicating high severity. The bug allows […]
The post FortiSandbox Vulnerability Allows Attackers to Access VNC Servers of VMs appeared first on Cyber Security News.