Aggregator

CVE-2026-28732 | Mattermost up to 10.11.13/11.4.3/11.5.1 Command Update API authorization (EUVD-2026-30760)

VulDB Recent Entries
4 weeks 1 day ago
A vulnerability was found in Mattermost up to 10.11.13/11.4.3/11.5.1 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Command Update API. The manipulation results in incorrect authorization. This vulnerability is reported as CVE-2026-28732. The attack can be launched remotely. No exploit exists. It is suggested to upgrade the affected component.
vuldb.com

派评 | 近期值得关注的 App

不安全
4 weeks 1 day ago
欢迎收看本期《派评》。你可以通过文章目录快速跳转到你感兴趣的内容。如果发现了其它感兴趣的 App 或者关注的话题,也欢迎在评论区和我们讨论。AIDA:一站式日历和待办规划工具平台:iOS、iPadOS

北极野火释放封存的古老碳汇

Solidot
4 weeks 1 day ago
北极气候严寒,植物生长缓慢,动植物残体长期以泥炭等形式在土壤中不断堆积,历经数百年乃至数千年持续累积。这使得北极及周边北方林区土壤长期扮演碳汇角色,持续吸收大气中的二氧化碳。如今北极地区火灾规模不断扩大、发生频次持续攀升,这一平衡格局正在被打破。为探明实际情况,研究团队在多处近期过火区域采集土壤岩芯样本开展研究。样本分析显示,在多数区域,地表植被快速燃烧后,会引燃土壤深层的老旧有机质并发生阴燃,进而释放大量黑碳与二氧化碳。黑碳能够吸收太阳热能,直接加剧大气升温。此外,在寒冷地区,黑碳沉降至冰雪表面会使其颜色加深、吸热变强,从而加速冰雪非正常消融。越靠近北极腹地,远古碳的外泄风险越高,这是因为北极土壤层更薄,有机质大多富集于浅层地表。

Four Malicious npm Packages Steal SSH Keys, Cloud Credentials, and Crypto Wallets

Cyber Security News
4 weeks 1 day ago

Four malicious npm packages capable of stealing SSH keys, cloud credentials, cryptocurrency wallets, and environment variables, while one variant quietly transforms infected machines into a DDoS botnet. The campaign appears to be the work of a single threat actor deploying multiple infostealer variants simultaneously through a coordinated typosquatting operation targeting Axios users. The four packages […]

The post Four Malicious npm Packages Steal SSH Keys, Cloud Credentials, and Crypto Wallets appeared first on Cyber Security News.

Guru Baran

Managed ad