Aggregator

A vulnerability marked as problematic has been reported in WPFunnels Mail Mint Plugin up to 1.19.5 on WordPress. Affected by this vulnerability is an unknown functionality. The manipulation leads to exposure of sensitive system information to an unauthorized control sphere. This vulnerability is documented as CVE-2026-27349. The attack can be initiated remotely. There is not any exploit available.

A vulnerability labeled as problematic has been found in Mattermost. Affected is an unknown function. Executing a manipulation can lead to cross-site request forgery. This vulnerability is registered as CVE-2026-22880. It is possible to launch the attack remotely. No exploit is available. The affected component should be upgraded.

A vulnerability identified as critical has been detected in FreeBSD. This impacts an unknown function. Performing a manipulation results in out-of-bounds write. This vulnerability is cataloged as CVE-2026-45253. It is possible to initiate the attack remotely. There is no exploit available. Applying a patch is the recommended action to fix this issue.

A vulnerability categorized as critical has been discovered in Gmission Web Fax up to 3.0. This affects an unknown function. Such manipulation leads to unrestricted upload. This vulnerability is listed as CVE-2026-9157. The attack may be performed from remote. There is no available exploit. It is advisable to upgrade the affected component.

A vulnerability was found in FreeBSD. It has been rated as critical. The impacted element is an unknown function of the component Fusefs Kernel Module. This manipulation causes heap-based buffer overflow. This vulnerability is tracked as CVE-2026-45252. The attack is only possible within the local network. No exploit exists. To fix this issue, it is recommended to deploy a patch.

Google рассекретила уязвимость в Chromium раньше, чем успела её исправить.

A vulnerability was found in Honeywell International Control Network Module up to 110.2. It has been declared as critical. The affected element is an unknown function of the component Web Interface. The manipulation results in command injection. This vulnerability is identified as CVE-2026-5433. The attack can be executed remotely. There is not any exploit available.

NASA 局长 Jared Isaacman 表示他预计中国将在 2027 年执行载人绕月飞行任务，他正以此为由要求修改阿尔忒弥斯计划，加快美国重返月球的步伐。Isaacman 称，下次全世界观看宇航员绕月飞行时——很可能是 2027 年的某个时候——他们将是中国宇航员，美国将不再是唯一能将人类送入月球环境的国家。中国尚未公布月球载人飞行的时间表。迄今所有载人绕月飞行、轨道飞行或登月任务均由 NASA 执行：包括 1968-1972 年间的九次阿波罗计划以及今年四月的阿尔忒弥斯 2 号任务。

Consider a cached access key on a single Windows machine. It got there the way most cached credentials do - a user logged in, and the key stored itself automatically. Standard AWS behavior. No one misconfigured anything or violated a policy. Yet that single key, which was easily accessible to a minor-league attacker, could have opened a path to some 98% of entities in the company's cloud

GitHub confirmed a significant security breach on May 18, 2026, after attackers leveraged a weaponized Visual Studio Code extension to compromise an employee’s device and exfiltrate data from the company’s internal source code repositories. The attack was detected and contained on Monday, May 18, when GitHub’s security team identified suspicious activity on an employee endpoint. […]

The post GitHub Internal Repositories Breached Via Weaponized VS Code Extension appeared first on Cyber Security News.

Learn how the complex Drupal SQLi vulnerability (CVE-2026-9082) exploits PostgreSQL environments and its data theft risks — and how to ensure you’re protected.

ЦБ выпустил инструкцию для банков.

Despite Internet Explorer’s retirement, hackers are abusing the legacy MSHTA utility in stealthy fileless malware attacks targeting Windows users.

Microsoft закрыла любимую схему мошенников.

360携手麒麟软件、统信 筑牢信创安全防护体系！

定向攻击国内企事业单位员工，尤其 HR、行政及全员

看雪论坛作者ID：S1nyer

考证直接加积分60，最高补贴3250元

As AI expands the attack surface and alert fatigue grows, cyber exposure management offers a clearer path to understanding where risk truly concentrates and how to reduce it before a crisis hits.

The post The readiness paradox: Why a false sense of cyber confidence is becoming a liability appeared first on CyberScoop.