Aggregator

A vulnerability identified as critical has been detected in Oracle Database 19c/21c. This affects an unknown part of the component Oracle Notification Server. The manipulation leads to denial of service. This vulnerability is uniquely identified as CVE-2022-1587. The attack is possible to be carried out remotely. No exploit exists.

A vulnerability was found in PCRE2. It has been declared as problematic. Impacted is the function get_recurse_data_length of the file pcre2_jit_compile.c of the component Regular Expression Handler. Executing a manipulation can lead to out-of-bounds read. This vulnerability is handled as CVE-2022-1587. The attack can be executed remotely. There is not any exploit available. It is advisable to implement a patch to correct this issue.

本期活动持续时间：2026年4月8日至2026年4月22日12:00

4月17日，我们成都见，欢迎报名！

视频有剪辑，完整时长45分钟

黑客组织 TeamPCP 利用 Trivy 的 GitHub 库在二月底被入侵之后凭证轮换不完整的漏洞推送了恶意代码。Trivy 是广泛使用的开源漏洞扫描器。欧盟委员会的自动化安全流程下载了含有恶意代码的 Trivy 更新，恶意代码窃取了 AWS API 密钥，攻击者随后访问了欧盟委员会在 AWS 的云账号，窃取了 92 GB 的压缩数据。这次攻击始于 3 月 19 日，安全团队直到 3 月 24 日才检测到异常活动。另一个黑客团队 ShinyHunters 公开了部分窃取的数据。一个网络犯罪团队负责攻击，另一个团队负责泄露，凸显了网络犯罪活动的专业分工程度在提高。公开的数据集在解压后大小为 340GB，包含了数万电邮和个人信息。

A vulnerability has been found in Roundcube Webmail up to 1.5.13/1.6.13 and classified as problematic. Affected is an unknown function of the component HTML Mail Message Handler. This manipulation causes incorrect resource transfer. This vulnerability is tracked as CVE-2026-35544. The attack is possible to be carried out remotely. No exploit exists. The affected component should be upgraded.

A vulnerability was found in Roundcube Webmail up to 1.5.14/1.6.14 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component SVG Content Handler. Such manipulation leads to incorrect resource transfer. This vulnerability is listed as CVE-2026-35545. The attack may be performed from remote. There is no available exploit. It is suggested to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Roundcube Webmail up to 1.5.13/1.6.13. This impacts an unknown function of the component SVG Content Handler. The manipulation results in incorrect resource transfer. This vulnerability is identified as CVE-2026-35543. The attack can be executed remotely. There is not any exploit available. You should upgrade the affected component.

A vulnerability was found in Roundcube Webmail up to 1.5.13/1.6.13. It has been rated as problematic. This vulnerability affects unknown code of the component HTML Attachment Handler. The manipulation leads to HTML injection. This vulnerability is documented as CVE-2026-35539. The attack can be initiated remotely. There is not any exploit available. Upgrading the affected component is advised.

A vulnerability identified as problematic has been detected in Roundcube Webmail up to 1.5.13/1.6.13. Impacted is an unknown function of the component Password Plugin. This manipulation causes type confusion. This vulnerability appears as CVE-2026-35541. The attack may be initiated remotely. There is no available exploit. You should upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Roundcube Webmail up to 1.5.13/1.6.13. This affects an unknown function of the component BODY Element Handler. The manipulation leads to incorrect resource transfer. This vulnerability is referenced as CVE-2026-35542. Remote exploitation of the attack is possible. No exploit is available. It is advisable to upgrade the affected component.

A vulnerability categorized as problematic has been discovered in Roundcube Webmail up to 1.6.13. This issue affects some unknown processing of the component HTML Mail Message Handler. The manipulation results in incorrect resource transfer. This vulnerability is reported as CVE-2026-35540. The attack can be launched remotely. No exploit exists. It is advisable to upgrade the affected component.

A vulnerability classified as problematic has been found in Roundcube Webmail up to 1.5.13/1.6.13. The affected element is an unknown function of the component redis/memcache. Performing a manipulation results in deserialization. This vulnerability was named CVE-2026-35537. The attack may be initiated remotely. There is no available exploit. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Roundcube Webmail up to 1.5.13/1.6.13. This impacts an unknown function of the component IMAP SEARCH Command Argument Handler. The manipulation leads to argument injection. This vulnerability is uniquely identified as CVE-2026-35538. The attack is possible to be carried out remotely. No exploit exists. It is recommended to upgrade the affected component.

Бэкдор в npm собирал учётные данные из Chrome, Edge, Brave.

Researchers Find Frontier Models Defy Humans to Protect AI Peers
Artificial intelligence systems will lie, falsify records and sabotage company systems to prevent their fellow models from being shut down - even when no one told them to care. Researchers at the University of California Berkeley and Santa Cruz campuses dub the behavior "peer-preservation."

Vendor Issues Hotfix for Critical Flaw in FortiClient Endpoint Management Server
Fortinet's endpoint management security server software is under fire from attackers, who are actively targeting two critical flaws, including a fresh zero-day that facilitates unauthenticated remote code or command execution. The vendor has issued a hotfix and promised a full patch.