Aggregator

Жизнь по ту сторону закона привела к жестокому финалу.

ThreatFabric finds new TrickMo Android banking trojan variant routing C2 through The Open Network

The privilege escalation vulnerability, which is similar to other Linux flaws like Copy Fail and Dirty Pipe, may already be under limited exploitation.

Name: Midnight Sun CTF 2026 Quals (an Midnight Sun CTF event.)
Date: May 10, 2026, 1 p.m. — 11 May 2026, 13:00 UTC  [add to calendar]
Format: Jeopardy
On-line
Offical URL: https://play.midnightsunctf.com/
Rating weight: 48.17
Event organizers: HackingForSoju

在 AI 的浪潮面前，过去积累的用户、流量、收入和利润，都变得没那么重要；重要的是，你有没有未来。

A vulnerability was found in WSO2 API Control Plane, Universal Gateway, Traffic Manager, API Manager, Carbon API Management Implementation and Carbon API Manager Rest API Utility. It has been declared as critical. Affected is an unknown function of the component Gateway API. The manipulation results in preservation of permissions. This vulnerability is reported as CVE-2025-8325. The attack can be launched remotely. No exploit exists. It is recommended to upgrade the affected component.

A vulnerability described as problematic has been identified in Dell ECS and ObjectScale. Impacted is an unknown function. The manipulation results in csv injection. This vulnerability was named CVE-2026-35157. The attack may be performed from remote. There is no available exploit. Upgrading the affected component is recommended.

A vulnerability classified as problematic has been found in WSO2 Identity Server and Carbon MagicLink Authenticator Module. The affected element is an unknown function of the component Magic Link/Pass Key. This manipulation causes incorrect authorization. The identification of this vulnerability is CVE-2025-10908. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in ATutor 2.2.4. It has been classified as problematic. This impacts an unknown function of the component URL Handler. The manipulation leads to cross site scripting. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is documented as CVE-2026-6956. The attack can be initiated remotely. There is not any exploit available.

A vulnerability categorized as problematic has been discovered in WSO2 Identity Server and Carbon MagicLink Authenticator Module. Affected by this issue is some unknown functionality. Such manipulation leads to resource consumption. This vulnerability is traded as CVE-2025-10470. The attack may be launched remotely. There is no exploit available. It is advisable to upgrade the affected component.

A vulnerability classified as critical was found in WSO2 API Manager, Universal Gateway, Traffic Manager, API Control Plane, Carbon API Gateway and Carbon API Management Implementation. The impacted element is an unknown function of the component Webhook API. Such manipulation leads to injection. This vulnerability is referenced as CVE-2025-8154. It is possible to launch the attack remotely. No exploit is available. Upgrading the affected component is advised.

A vulnerability has been found in GROWI up to 7.5.0 and classified as critical. Affected is an unknown function. The manipulation leads to path traversal. This vulnerability is listed as CVE-2026-41951. The attack may be initiated remotely. There is no available exploit.

A vulnerability was found in ATutor 2.2.4 and classified as problematic. This affects an unknown function of the file /install/upgrade.php of the component URL Handler. Executing a manipulation can lead to cross site scripting. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is registered as CVE-2026-6909. It is possible to launch the attack remotely. No exploit is available.

A vulnerability identified as problematic has been detected in WSO2 Identity Server and Conditional Authentication User and Roles Related Functions. This affects an unknown part of the component Organization Context Handler. Performing a manipulation results in missing initialization of a variable. This vulnerability is known as CVE-2025-9973. Access to the local network is required for this attack. No exploit is available. You should upgrade the affected component.

A vulnerability, which was classified as critical, was found in Dell ECS and ObjectScale. This impacts an unknown function. Executing a manipulation can lead to hard-coded credentials. This vulnerability is tracked as CVE-2026-40636. The attack can be launched remotely. No exploit exists. You should upgrade the affected component.

Gartner 副总裁 Douglas Toombs 认为完全拥有自主权的主权云在中美之外不太可能实现。他称只有美国和中国拥有主权云所需的所有技术。即使 AWS Outposts、Azure Local 或 Oracle Dedicated Cloud Regions 之类的本地云服务也需要与母公司通信。他认为欧洲的主权云的尝试不会成功，并引用了波士顿咨询集团的“三四法则（The Rule of Three and Four）”：一个稳定的竞争市场中的主要竞争对手的数量永远不会超过三个，其中最大的竞争对手的市场份额不会超过最小竞争对手的四倍。他预测云市场将围绕 AWS、Google 和微软三家公司稳定下来。

开源情报（OSINT）在2026年面临着一个简单的问题：越来越难以看清网络上正在发生的事情，也越来越难以证实自己发现的信息。