Aggregator

И это не баг, а фича аэродинамики.

Chinese hackers took control of a target organization's authentication stack and maintained persistence for 10 years, with full visibility into the administrative activity. [...]

Google 起诉了一家提供“诈骗即服务”的中国组织 Outsider Enterprise。该组织在 Telegram 上运营，向想要搞诈骗活动的人提供一整套模板，如使用 Google Gemini 创建模仿 Google、YouTube，以及纽约 E-ZPass 等政府机构网站的教程。Android 用户收到的逾 250 万条诈骗短信与 Outsider Enterprise 相关，其中约 5.5 万条短信发送在上月的两周内。Google 追踪到 9000 个虚假网站和 100 万网址与该诈骗网络相关。目前没人知道 Outsider Enterprise 幕后运营者的身份，Google 此举旨在扰乱 Outsider Enterprise 的运营。

A new open-source bug bounty hunting toolkit called BugHunter, built on top of Anthropic’s Claude Code and now extended to support free AI providers like Ollama and Groq, is gaining traction in the security research community for automating the full vulnerability discovery and reporting pipeline. Developed by security researcher Shuvon Md Shariar Shanaz and hosted […]

The post BugHunter – Bug Bounty Toolkit Powered by Claude and Free AI Providers appeared first on Cyber Security News.

Splunk has released security updates to address a critical security flaw in Splunk Enterprise that could be exploited to conduct unauthenticated file operations and even remote code execution. The vulnerability, tracked as CVE-2026-20253, is rated 9.8 on the CVSS scoring system. "In Splunk Enterprise versions below 10.2.4 and 10.0.7, an unauthenticated user could create or truncate arbitrary

Vulnerability / Enterprise SoftwareSplunk has released security updates to address a critical se

Пользователи получили письма о новых правилах хранения картинок и аудиозаписей.

UT Dallas陈明明助理教授课题组招生啦！

Anthropic 周五发表声明，它收到美国政府的命令，政府以国家安全理由下令禁止外国公民访问其最先进的 AI 模型。该指令适用于所有外国公民，无论他们是身处美国境内还是境外，Anthropic 的外籍员工也包含在内。为确保合格，它只能对所有用户暂停访问 Fable 5 和 Mythos 5 模型。Anthropic 其它模型的访问不受影响。亚马逊云服务 AWS 周五晚间表示，Anthropic 已要求其禁止“所有地区所有用户”对相关模型的访问。Anthropic 公司的多位核心成员，包括联合创始人 Chris Olah、研究员 Andrej Karpathy 和哲学家 Amanda Askell 均出生于美国境外。

Currently trending CVE - Hype Score: 1 - Out-of-bounds read in Windows RDP allows an unauthorized attacker to disclose information over a network.

Currently trending CVE - Hype Score: 1 - Out-of-bounds read in Windows RDP allows an unauthorized attacker to disclose information over a network.

Под зачистку попало 15-20 тысяч доменов — и это только начало.

A vulnerability categorized as problematic has been discovered in ladela Online Scheduling and Appointment Booking System Plugin up to 27.2 on WordPress. Impacted is an unknown function of the component setting Handler. Such manipulation leads to cross site scripting. This vulnerability is documented as CVE-2026-5513. The attack can be executed remotely. There is not any exploit available.

A vulnerability was found in Store Locator Plugin up to 1.6.8 on WordPress. It has been rated as problematic. This issue affects some unknown processing. This manipulation causes cross site scripting. This vulnerability is registered as CVE-2026-9061. Remote exploitation of the attack is possible. No exploit is available. Upgrading the affected component is advised.

A vulnerability was found in codesupplyco Canvas Plugin up to 2.5.2 on WordPress. It has been declared as problematic. This vulnerability affects unknown code. The manipulation of the argument day results in cross site scripting. This vulnerability is cataloged as CVE-2026-9629. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Softaculous Page Builder Plugin up to 2.0.9 on WordPress. It has been classified as problematic. This affects an unknown part. The manipulation leads to cross site scripting. This vulnerability is listed as CVE-2026-3297. The attack may be initiated remotely. There is no available exploit.

A vulnerability was found in Google MCP Toolbox for Databases up to 0.24.x and classified as critical. Affected by this issue is some unknown functionality. Executing a manipulation can lead to origin validation error. This vulnerability is tracked as CVE-2026-11624. The attack can be launched remotely. No exploit exists. It is suggested to upgrade the affected component.

A vulnerability has been found in fooplugins Photo Gallery by FooGallery Plugin up to 3.1.31 on WordPress and classified as problematic. Affected by this vulnerability is the function foogallery_sanitize_javascript of the component Shortcode Handler. Performing a manipulation results in cross site scripting. This vulnerability is identified as CVE-2026-9134. The attack can be initiated remotely. There is not any exploit available. The affected component should be upgraded.

A vulnerability, which was classified as problematic, was found in john-dagelmore GPTranslate Plugin up to 2.31 on WordPress. Affected is an unknown function of the file /wp-json/gptranslate/v1/request of the component Deterministically Derived API Key Handler. Such manipulation of the argument gptApiKey leads to cross site scripting. This vulnerability is referenced as CVE-2026-9109. It is possible to launch the attack remotely. No exploit is available. You should upgrade the affected component.