Aggregator

Submit #813253 / VDB-365339

Italian authorities have dismantled a piracy ecosystem centered around the CINEMAGOAL app that provided access to various streaming platforms, including Netflix, Disney+, and Spotify. [...]

A vulnerability was found in yangzongzhuan RuoYi-Vue up to 3.9.2. It has been rated as critical. Impacted is the function FileUploadUtils.upload of the file /common/upload of the component Common Upload Endpoint. Performing a manipulation results in unrestricted upload. This vulnerability is reported as CVE-2026-9374. The attack is possible to be carried out remotely. No exploit exists. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in JeecgBoot 3.9.1. It has been declared as critical. This issue affects some unknown processing of the file /openapi/call/ of the component OpenAPI Endpoint. Such manipulation leads to improper authentication. This vulnerability is documented as CVE-2026-9373. The attack can be executed remotely. There is not any exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

Submit #813252 / VDB-365338

Submit #813251 / VDB-365337

Submit #813250 / VDB-319243

NASA 计划对 JPL 的运营合同进行首次公开竞标。JPL 实验室自 1930 年代成立以来一直由加州理工管理，它与 NASA 的现有合同将于 2028 年到期，届时有可能首次失去对 JPL 的控制。加州理工自去年夏天以来一直为这一可能的过渡做准备，并不为此感到意外。JPL 长期负责火星和其它深空区域的无人探索，它以美国联邦资助研发中心（FFRDC）的形式运营，相对于 NASA 其它机构保持着一定的独立性，如果由非加州理工的机构竞标运营，可能会产生重大影响，因为 JPL 和加州理工之间的关系非常紧密。

Почему после обычного отзыва доступа нельзя расслабляться ещё как минимум полчаса?

Submit #813249 / VDB-347315

A vulnerability was found in ItzCrazyKns Vane up to 1.12.1. It has been classified as critical. This vulnerability affects unknown code of the file src/app/api/providers/route.ts of the component Model Provider API. This manipulation of the argument baseURL causes server-side request forgery. This vulnerability is registered as CVE-2026-9372. Remote exploitation of the attack is possible. Furthermore, an exploit is available. The project was informed of the problem early through an issue report but has not responded yet.

Submit #813248 / VDB-322183

Submit #813211 / VDB-365336

Submit #813210 / VDB-365334

A vulnerability was found in Linux Kernel up to 7.0.9 and classified as critical. This affects the function skb_try_coalesce of the component net. The manipulation results in infinite loop. This vulnerability is cataloged as CVE-2026-43503. The attack must originate from the local network. There is no exploit available. It is suggested to upgrade the affected component.

A vulnerability has been found in ItzCrazyKns Vane up to 1.12.1 and classified as problematic. Affected by this issue is some unknown functionality of the file route.ts of the component API. The manipulation leads to missing authentication. This vulnerability is listed as CVE-2026-9371. The attack may be initiated remotely. In addition, an exploit is available. It is recommended to apply restrictive firewalling. It appears that basic authentication is planned.

Submit #813209 / VDB-365334

Ransomware gangs are shifting from encryption to pure extortion, focusing on stolen data, reputational pressure, and stealthier attacks. Ransomware groups are quietly changing strategy in 2026. Instead of encrypting systems and causing immediate disruption, many attackers are now focusing on pure extortion: stealing sensitive data and threatening to leak it publicly if victims refuse to […]

Why pure extortion is replacing traditional ransomwareRansomwar