Aggregator

A vulnerability was found in Linux Kernel. It has been rated as problematic. This impacts the function perf_event_open of the file kernel/events/core.c. Performing a manipulation results in race condition within a thread. This vulnerability is identified as CVE-2022-1729. The attack can be initiated remotely. There is not any exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in vim. It has been declared as problematic. Affected by this issue is some unknown functionality. Executing a manipulation can lead to null pointer dereference. This vulnerability is tracked as CVE-2022-1725. The attack can be launched remotely. No exploit exists. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in radare2 up to 5.6.x. This impacts an unknown function. This manipulation causes heap-based buffer overflow. The identification of this vulnerability is CVE-2022-1714. The attack can only be executed locally. There is no exploit available. It is advisable to upgrade the affected component.

A vulnerability, which was classified as critical, was found in vim. The affected element is the function grab_file_name of the file vim/vim. The manipulation results in buffer overflow. This vulnerability was named CVE-2022-1720. The attack may be performed from remote. There is no available exploit. You should upgrade the affected component.

The Apiiro CLI brings the Apiiro platform to your terminal and to your AI coding assistants, giving them six native security capabilities: scanning, risk management, remediation, an AI security analyst (via Apiiro Guardian Agent), AI Threat Modeling, and prompt enrichment. It installs in seconds on macOS, Linux, and Windows via brew, direct download, or RPM. Apiiro CLI ships with agent skills, structured capability definitions that AI coding assistants like Claude Code and Cursor can read … More →

The post Apiiro CLI turns AI coding assistants into full-stack security engineers appeared first on Help Net Security.

A vulnerability labeled as problematic has been found in vim. This vulnerability affects the function vim_regexec_string of the file regexp.c. Such manipulation leads to null pointer dereference. This vulnerability is traded as CVE-2022-1674. The attack may be launched remotely. There is no exploit available. The affected component should be upgraded.

Учёные обнаружили скрытый фактор, который влияет на качество отдыха гораздо сильнее.

The cpuid-dot-com website, home to widely used system utilities CPU-Z and HWMonitor, is at the center of an active supply chain security incident. Users downloading HWMonitor 1.63 or CPU-Z ZIPs since early April have reportedly received trojanized installers capable of dropping malicious DLLs, evading antivirus detection through in-memory execution, and establishing connections to attacker-controlled infrastructure. […]

The post CPUID Website Compromised to Deliver Weaponized HWMonitor and CPU-Z Tools appeared first on Cyber Security News.

A vulnerability classified as problematic has been found in OpenStack Skyline up to 5.0.0/6.0.0/7.0.0. The impacted element is an unknown function of the component Console Web Interface. This manipulation causes cross site scripting. This vulnerability appears as CVE-2026-40212. The attack may be initiated remotely. There is no available exploit. It is recommended to upgrade the affected component.

A vulnerability described as critical has been identified in Notepad++ up to 8.9.3. The affected element is an unknown function of the component File Drop Handler. The manipulation results in stack-based buffer overflow. This vulnerability is reported as CVE-2026-5525. The attack requires a local approach. No exploit exists. Upgrading the affected component is recommended.

A vulnerability marked as problematic has been reported in VMware Spring Cloud Gateway up to 4.2.0. Impacted is an unknown function of the component SSL Bundle Configuration Handler. The manipulation leads to cryptographic issues. This vulnerability is documented as CVE-2026-22750. The attack can be initiated remotely. There is not any exploit available. It is suggested to upgrade the affected component.

2024 年12月23日，一个存在了八年的美国政府机构悄然关门，没有告别会，没有新闻发布会，只有美国国WU院

图片：俄罗斯莫斯科新英国大使馆2026年3月30日，俄罗斯联邦安全局（FSB）以“经济间谍”罪名，宣布驱逐英

大部分人一听到芯片、光刻机、海底电缆，第一反应还是"产业新闻"。谁家发布了新工艺，谁家多卖了几台设备，哪个公司股价涨了跌了。

阿波罗宇航员用于登月的计算机配备了 1-MHz 处理器和 4 kilobytes 可擦除内存，其功能有限，飞船重要的环境和电源控制仍然是通过手动或机电方式实现的。阿尔忒弥斯（Artemis）II 的 Orion 飞船则配备了至今容错能力最强的计算机系统。为了应对太空辐射，飞船配备了两台计算机 Vehicle Management Computers，每台包含两个飞控模块 Flight Control Modules，总共四个 FCM，每个 FCM 配备了一对自检验处理器。八个 CPU 并行运行飞行软件。自检验意味着一旦某个 CPU 因一次辐射事件而出错，系统会立即检测出错误并做出反应。此外系统还使用了三模块冗余内存，每次读取时都能自动纠正单比特错误。网络也采用三重冗余设计，所有网络交换机都采用自检策略。飞船还搭载了一个完全独立的 Backup Flight Software（BFS）系统，它使用不同的硬件，运行不同的操作系统，使用独立开发的简化版飞行软件。这种设计被称为异构冗余。

A vulnerability, which was classified as problematic, was found in Royal Elementor Addons Plugin up to 1.3.70 on WordPress. Affected by this vulnerability is an unknown functionality of the component MailChimp API Key Handler. Such manipulation leads to information disclosure. This vulnerability is listed as CVE-2023-3709. The attack may be performed from remote. There is no available exploit.

A vulnerability was found in Jupiter X Core Plugin up to 2.5.0 on WordPress. It has been classified as problematic. Affected by this issue is some unknown functionality. This manipulation causes information disclosure. This vulnerability appears as CVE-2023-3813. The attack may be initiated remotely. There is no available exploit.

A vulnerability was found in Video Conferencing with Zoom Plugin up to 4.2.1 on WordPress. It has been rated as problematic. The affected element is the function vczapi_encrypt_decrypt. This manipulation causes use of hard-coded cryptographic key . This vulnerability is tracked as CVE-2023-3947. The attack is possible to be carried out remotely. No exploit exists.

A vulnerability was found in ACF Photo Gallery Field Plugin up to 1.9 on WordPress. It has been declared as critical. The impacted element is an unknown function of the component Usermeta Update Handler. Executing a manipulation can lead to improper access controls. This vulnerability appears as CVE-2023-3957. The attack may be performed from remote. There is no available exploit.

A vulnerability was found in InstaWP Connect Plugin up to 0.0.9.18 on WordPress. It has been classified as critical. This issue affects the function events_receiver of the component Setting Handler. Performing a manipulation results in missing authorization. This vulnerability is cataloged as CVE-2023-3956. It is possible to initiate the attack remotely. There is no exploit available.