Aggregator

CVE-2026-23941 | Erlang OTP RFC 9112 httpd_request.erl Content-Length request smuggling (Nessus ID 302363 / WID-SEC-2026-0721)

Vuldb Updates
3 weeks 6 days ago
A vulnerability described as problematic has been identified in Erlang OTP. Affected by this issue is some unknown functionality in the library lib/inets/src/http_server/httpd_request.erl of the component RFC 9112. Executing a manipulation of the argument Content-Length can lead to http request smuggling. The identification of this vulnerability is CVE-2026-23941. The attack may be launched remotely. There is no exploit available. Upgrading the affected component is recommended.
vuldb.com

CVE-2026-23943 | Erlang OTP ssh_transport.erl data amplification (Nessus ID 302364 / WID-SEC-2026-0721)

Vuldb Updates
3 weeks 6 days ago
A vulnerability classified as problematic has been found in Erlang OTP. This affects an unknown part in the library lib/ssh/src/ssh_transport.erl. The manipulation leads to highly compressed data. This vulnerability is referenced as CVE-2026-23943. Remote exploitation of the attack is possible. No exploit is available. It is recommended to upgrade the affected component.
vuldb.com

Authorities Have Taken Down “First VPN” Used in Ransomware Attacks

Cyber Security News
3 weeks 6 days ago

In a major international law enforcement success, authorities from seven countries dismantled First VPN, a criminal virtual private network linked to global cybercrime, during a coordinated operation on May 19 and 20, 2026. Dubbed Operation Saffron, the joint action was led by French and Dutch authorities and supported by Europol and Eurojust, resulting in the […]

The post Authorities Have Taken Down “First VPN” Used in Ransomware Attacks appeared first on Cyber Security News.

Guru Baran

Mini Shai-Hulud Compromises @antv npm Packages to Steal CI/CD Credentials

Cyber Security News
3 weeks 6 days ago

A new and sophisticated supply chain attack has been uncovered, targeting one of the most trusted corners of the open-source software world. Dubbed “Mini Shai-Hulud,” this campaign went after the @antv npm package ecosystem, a collection of widely used data visualization libraries powering dashboards and applications for developers globally. The attack was quiet, precise, and […]

The post Mini Shai-Hulud Compromises @antv npm Packages to Steal CI/CD Credentials appeared first on Cyber Security News.

Tushar Subhra Dutta

Microsoft open-sources tools for designing and testing AI agents

Help Net Security
3 weeks 6 days ago

Microsoft has open-sourced two tools aimed at bringing security discipline to AI agent development: Clarity, a structured design review tool, and RAMPART, a continuous testing framework. The release comes from Microsoft’s AI Red Team, the company’s internal unit that stress-tests its own AI systems, and both tools have been used internally before being open-sourced. RAMPART: A test harness RAMPART is built on top of PyRIT, Microsoft’s existing open-source red-teaming library, and is designed to slot … More →

The post Microsoft open-sources tools for designing and testing AI agents appeared first on Help Net Security.

Zeljka Zorz

Managed ad