Aggregator
【工具】一个可以全网搜索用户注册信息的开源工具:Maigret
1 week 1 day ago
仅凭一个用户名,就能在大量站点上查找其账号,并从网页中收集所有可获取的公开信息,为目标人物生成一份档案。无需任何 API 密钥。
Akira
1 week 1 day ago
You must login to view this content
cohenido
ShinyHunters Target Universities in Oracle PeopleSoft Zero-Day Attack
1 week 1 day ago
Google says ShinyHunters exploited Oracle PeopleSoft zero-day to steal data from 100+ organisations, with universities making up most victims.
Deeba Ahmed
Qilin
1 week 1 day ago
You must login to view this content
cohenido
Early Warning Signs of Supply-Chain Attacks Live in the Dark Web
1 week 1 day ago
GitHub access sales, leaked repositories, and stolen API keys can all become supply-chain attack footholds. Flare explores how underground forums expose early signals tied to software supply-chain risk. [...]
Sponsored by Flare
Ransomware Payment Crypto Laundering Platform Taken Out by FBI and Europol
1 week 1 day ago
Domain of dark web money laundering platform AudiA6 seized and suspects arrested in joint operation by the FBI, Europol and others
Google Chrome security advisory (AV26-593)
1 week 1 day ago
Canadian Centre for Cyber Security
工信部印发《“人工智能+信息通信”创新发展实施意见(2026—2028年)》
1 week 1 day ago
国家互联网信息办公室发布《中国个人信息保护报告(2025年)》
1 week 1 day ago
Black X
1 week 1 day ago
You must login to view this content
cohenido
Spring security advisory (AV26-592)
1 week 1 day ago
Canadian Centre for Cyber Security
CVE-2026-46489 | SolidInvoice up to 2.3.16 Company Logo Upload Feature cross site scripting (GHSA-mqwm-r4g8-wf4w / EUVD-2026-36303)
1 week 1 day ago
A vulnerability classified as problematic has been found in SolidInvoice up to 2.3.16. This vulnerability affects unknown code of the component Company Logo Upload Feature. The manipulation leads to cross site scripting.
This vulnerability is traded as CVE-2026-46489. It is possible to initiate the attack remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2026-11847 | IEI Integration Corp iVEC TANK-XM811 up to 1.0.3 path traversal (EUVD-2026-36407)
1 week 1 day ago
A vulnerability classified as critical was found in IEI Integration Corp iVEC TANK-XM811 up to 1.0.3. This impacts an unknown function. The manipulation results in path traversal.
This vulnerability is identified as CVE-2026-11847. The attack can be executed remotely. There is not any exploit available.
Upgrading the affected component is advised.
vuldb.com
CVE-2026-48914 | QEMU virtio-blk Device heap-based overflow (EUVD-2026-36408)
1 week 1 day ago
A vulnerability, which was classified as critical, has been found in QEMU. Affected is an unknown function of the component virtio-blk Device. This manipulation causes heap-based buffer overflow.
This vulnerability is tracked as CVE-2026-48914. The attack is restricted to local execution. No exploit exists.
vuldb.com
CVE-2026-11845 | IEI Integration Corp iVEC TANK-XM811 up to 1.0.3 os command injection (EUVD-2026-36405)
1 week 1 day ago
A vulnerability described as critical has been identified in IEI Integration Corp iVEC TANK-XM811 up to 1.0.3. The impacted element is an unknown function. Executing a manipulation can lead to os command injection.
The identification of this vulnerability is CVE-2026-11845. The attack may be launched remotely. There is no exploit available.
Upgrading the affected component is recommended.
vuldb.com
CVE-2026-11846 | IEI Integration Corp iVEC TANK-XM811 up to 1.0.3 path traversal (EUVD-2026-36406)
1 week 1 day ago
A vulnerability classified as critical has been found in IEI Integration Corp iVEC TANK-XM811 up to 1.0.3. This affects an unknown function. The manipulation leads to path traversal.
This vulnerability is referenced as CVE-2026-11846. Remote exploitation of the attack is possible. No exploit is available.
It is recommended to upgrade the affected component.
vuldb.com
Один день промедления — и взломан весь корпоративный периметр. Критическая уязвимость в Ivanti Sentry за сутки превратилась в массовую атаку
1 week 1 day ago
Ivanti снова не успела предупредить клиентов о том, что их уже взламывают.
400+ Arch Linux AUR Packages Compromised in a Supply Chain Attack Deploying Infostealers
1 week 1 day ago
A massive supply chain attack targeting the Arch User Repository (AUR) has compromised more than 400 community-maintained packages, with attackers injecting malicious build scripts designed to deploy credential-stealing malware and rootkit-style payloads on affected Linux systems. The campaign, dubbed “Atomic Arch” by researchers, was identified around June 11, 2026, and represents one of the most […]
The post 400+ Arch Linux AUR Packages Compromised in a Supply Chain Attack Deploying Infostealers appeared first on Cyber Security News.
Guru Baran
Microsoft Edge security advisory (AV26-591)
1 week 1 day ago
Canadian Centre for Cyber Security