Aggregator
日本最大的出租车运营商因遭网络攻击被迫关闭系统
2 days 14 hours ago
速修复
ServiceNow 严重漏洞导致远程攻击者执行恶意代码
2 days 14 hours ago
速修复
日本最大的出租车运营商因遭网络攻击被迫关闭系统
2 days 14 hours ago
环境异常 当前环境异常,完成验证后即可继续访问。 去验证
ServiceNow 严重漏洞导致远程攻击者执行恶意代码
2 days 14 hours ago
环境异常 当前环境异常,完成验证后即可继续访问。 去验证
US sanctions VPN, malware providers for enabling ransomware attacks
2 days 14 hours ago
The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) sanctioned two individuals and one entity for enabling ransomware attacks against U.S. organizations. [...]
Sergiu Gatlan
国产卡万亿参数模型发布背后,美团的 AI 人才决心
2 days 14 hours ago
但「和现有业务结合」并非美团做大模型的唯一出发点。
VPN для тех, кому нечего скрывать (кроме вымогательского ПО). Спецслужбы ликвидировали сервис 1VPNS
2 days 14 hours ago
Минфин США обвинил владельца 1VPNS в помощи вымогателям, атаковавшим больницы и города.
Millions of Microsoft Entra Accounts Targeted in OAuth Client ID Spoofing Campaigns
2 days 14 hours ago
Proofpoint details how attackers spoof OAuth client IDs to probe Microsoft Entra accounts, test credentials and bypass common sign-in detections at cloud scale.
Waqas
社区速递 149 | 派友热议睡眠数据化、观穹 6×24 望远镜与 RG Rotate 旋转屏掌机
2 days 14 hours ago
除了首页时间流和侧栏的精选展位,少数派 Matrix 社区还有很多优秀内容因条件所限无法得到有效曝光,因此我们决定重启 Matrix 周报,并在此基础上添加更多社区内容、作者投稿新玩意呈现给大家。上周
The inside job that cost ransomware victims millions
2 days 14 hours ago
When a ransomware crew locks up your servers, the outside negotiator you hire has to know eve
CVE-2026-31447 | Linux Kernel up to 6.19.10 ext4 s_first_data_block privilege escalation (Nessus ID 313522 / WID-SEC-2026-1252)
2 days 14 hours ago
A vulnerability has been found in Linux Kernel up to 6.19.10 and classified as critical. Affected is the function s_first_data_block of the component ext4. The manipulation leads to privilege escalation.
This vulnerability is uniquely identified as CVE-2026-31447. The attack can only be initiated within the local network. No exploit exists.
The affected component should be upgraded.
vuldb.com
CVE-2026-31445 | Linux Kernel up to 6.18.20/6.19.10 damon_call null pointer dereference (Nessus ID 310613 / WID-SEC-2026-1252)
2 days 14 hours ago
A vulnerability classified as critical has been found in Linux Kernel up to 6.18.20/6.19.10. Affected by this vulnerability is the function damon_call. Performing a manipulation results in null pointer dereference.
This vulnerability is known as CVE-2026-31445. Access to the local network is required for this attack. No exploit is available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2026-31446 | Linux Kernel up to 6.19.10 mb_groups ext4_unregister_sysfs use after free (Nessus ID 313522 / WID-SEC-2026-1252)
2 days 14 hours ago
A vulnerability classified as critical was found in Linux Kernel up to 6.19.10. Affected by this issue is the function ext4_unregister_sysfs of the file /proc/fs/ext4/xx/mb_groups. Executing a manipulation can lead to use after free.
This vulnerability is handled as CVE-2026-31446. The attack can only be done within the local network. There is not any exploit available.
Upgrading the affected component is advised.
vuldb.com
CVE-2026-31444 | Linux Kernel up to 6.6.130/6.12.79/6.18.20/6.19.10 smb_grant_oplock use after free (Nessus ID 310603 / WID-SEC-2026-1252)
2 days 14 hours ago
A vulnerability, which was classified as critical, was found in Linux Kernel up to 6.6.130/6.12.79/6.18.20/6.19.10. This impacts the function smb_grant_oplock. Executing a manipulation can lead to use after free.
This vulnerability is handled as CVE-2026-31444. The attack can only be done within the local network. There is not any exploit available.
You should upgrade the affected component.
vuldb.com
CVE-2026-31443 | Linux Kernel up to 6.18.20/6.19.10 dmaengine denial of service (WID-SEC-2026-1252)
2 days 14 hours ago
A vulnerability, which was classified as critical, has been found in Linux Kernel up to 6.18.20/6.19.10. This affects an unknown function of the component dmaengine. Performing a manipulation results in denial of service.
This vulnerability is known as CVE-2026-31443. Access to the local network is required for this attack. No exploit is available.
It is advisable to upgrade the affected component.
vuldb.com
CVE-2026-15685 | Ollama 0.7.1 Download Blob downloadBlob array index (WID-SEC-2026-2298)
2 days 14 hours ago
A vulnerability identified as problematic has been detected in Ollama 0.7.1. This affects the function downloadBlob of the component Download Blob. Performing a manipulation results in improper validation of array index.
This vulnerability is reported as CVE-2026-15685. The attack is possible to be carried out remotely. No exploit exists.
vuldb.com
CVE-2026-46625 | js-cookie JavaScript Cookie up to 3.0.6 assign prototype pollution (GHSA-qjx8-664m-686j / EUVD-2026-36154)
2 days 14 hours ago
A vulnerability has been found in js-cookie JavaScript Cookie up to 3.0.6 and classified as problematic. This issue affects the function assign. Performing a manipulation results in improperly controlled modification of object prototype attributes.
This vulnerability is known as CVE-2026-46625. Remote exploitation of the attack is possible. No exploit is available.
The affected component should be upgraded.
vuldb.com
UK charges five persons linked to fraud platform behind more than a million scam calls
2 days 14 hours ago
Five people have been charged in the UK following a National Crime Agency (NCA) investigation into Russian Coms, a caller ID spoofing service used by fraudsters. Ayoub Sehailia, 28, Zakkaria Sehailia, 30, Usman Din, 30, Denis Ozmus, 29, and Fadila Salem, 53, all of London, are charged with offences that include conspiracy to supply articles for use in fraud, transferring and converting criminal property, and, for Zakkaria Sehailia, failing to comply with a notice to … More →
The post UK charges five persons linked to fraud platform behind more than a million scam calls appeared first on Help Net Security.
Sinisa Markovic
CVE-2026-59939
2 days 14 hours ago
Currently trending CVE - Hype Score: 1 - httplib2 is a comprehensive HTTP client library for Python. Prior to 0.32.0, httplib2 performs unbounded decompression of HTTP response bodies encoded with Content-Encoding: gzip or deflate in _decompressContent in httplib2/init.py, allowing a malicious or compromised HTTP ...