Aggregator

By Niall Browne, CEO and Founder, AIBoundShadow AI is accelerating alongside artificial in

俄罗斯副总理、俄总统驻远东联邦区全权代表尤里·特鲁特涅夫表示，俄中两国应该继续相互转让技术，因为此能为两国在现代世界中的发展创造机遇。第十届俄中博览会于5月17日至21日在中国哈尔滨举行，俄罗斯联邦1

A critical Windows privilege escalation zero-day vulnerability dubbed “MiniPlasma” has emerged with a public proof-of-concept exploit that allows attackers to achieve SYSTEM-level privileges on fully patched Windows systems. Security researcher Nightmare-Eclipse released the weaponized exploit on GitHub on May 13, 2026, claiming that Microsoft either failed to patch or silently rolled back the fix for […]

The post New Windows ‘MiniPlasma’ Zero-Day Let Attackers Gain SYSTEM Access – PoC Released appeared first on Cyber Security News.

Enterprises deploying LLMs have spent the past two years building defenses around a reasonable assumption: malicious behavior leaves a trace in the input. Scan for suspicious tokens, filter unusual characters, watch for prompt injection patterns. New research from Microsoft and the Institute of Science Tokyo demonstrates that this defensive posture has a blind spot, and the cost of that blind spot could be measured in leaked proprietary data and regulatory exposure. The attack, called MetaBackdoor, … More →

The post The AI backdoor your security stack is not built to see appeared first on Help Net Security.

Люди массово генерируют своё освобождение — и делятся им с друзьями в WhatsApp. Так выглядит отчаяние.

In recent weeks, we pointed Mythos and other security-focused LLMs at live code across critical parts of our infrastructure. We share what we observed, the models’ strengths and weaknesses, and what the work around them needs to look like before any of it can scale.

The Pwn2Own Berlin 2026 hacking contest has concluded, with security researchers collecting

A vulnerability, which was classified as problematic, was found in Linux Kernel up to 6.1.166/6.6.129/6.12.77/6.18.18/6.19.8. This issue affects the function inode_owner_or_capable. Such manipulation leads to privilege escalation. This vulnerability is listed as CVE-2026-43361. The attack must be carried out from within the local network. There is no available exploit. You should upgrade the affected component.

A vulnerability classified as critical was found in Linux Kernel up to 6.18.18/6.19.8. Impacted is an unknown function. Such manipulation leads to missing initialization of a variable. This vulnerability is referenced as CVE-2026-43352. The attack needs to be initiated within the local network. No exploit is available. Upgrading the affected component is advised.

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 6.12.77/6.18.18/6.19.8. The affected element is the function set_samp_freq of the component iio. Performing a manipulation results in divide by zero. This vulnerability is identified as CVE-2026-43354. The attack can only be performed from the local network. There is not any exploit available. It is advisable to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Linux Kernel up to 5.10.252/6.1.166/6.6.129/6.18.18/6.19.8. The impacted element is the function pm_runtime_put_autosuspend of the component iio. Executing a manipulation can lead to improper update of reference count. This vulnerability is tracked as CVE-2026-43355. The attack is only possible within the local network. No exploit exists. You should upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.19.8. It has been rated as critical. The impacted element is the function pm_runtime_get_sync of the component iio. This manipulation of the argument return causes unchecked return value. This vulnerability is registered as CVE-2026-43357. The attack requires access to the local network. No exploit is available. Upgrading the affected component is advised.

A vulnerability identified as critical has been detected in Linux Kernel up to 6.18.18/6.19.8. This impacts the function hci_dma_dequeue_xfer. Performing a manipulation results in deserialization. This vulnerability is reported as CVE-2026-43353. The attacker must have access to the local network to execute the attack. No exploit exists. You should upgrade the affected component.

A vulnerability labeled as critical has been found in Linux Kernel up to 6.1.166/6.6.129/6.12.77/6.18.18/6.19.8. Affected is an unknown function. Executing a manipulation can lead to integer underflow. This vulnerability appears as CVE-2026-43359. The attacker needs to be present on the local network. There is no available exploit. The affected component should be upgraded.

A vulnerability classified as critical was found in Linux Kernel up to 6.1.166/6.6.129/6.12.77/6.18.18/6.19.8. This affects an unknown part of the component btrfs. The manipulation results in out-of-bounds read. This vulnerability is identified as CVE-2026-43360. The attack can only be performed from the local network. There is not any exploit available. Upgrading the affected component is advised.

据阿联酋阿布扎比媒体办公室消息，韩国企业和机构参与建设和运营的阿联酋阿布扎比巴拉卡核电站当地时间17日遭到一架无人机袭击后起火。据介绍，宰夫拉地区的巴拉卡核电站外围一台发电机遭到无人机袭击后起火，有关

The Pwn2Own Berlin 2026 hacking contest has concluded, with security researchers collecting $1,298,250 in rewards after exploiting 47 zero-day flaws. [...]

Penetration testing has usually required weeks of manual work, specialized tooling, and teams with narrow skill sets. Lyrie, an open-source autonomous security agent built by OTT Cybersecurity, compresses that process into a command line tool and publishes the entire codebase. The project reached version 3.1.0 this month. The release adds XChaCha20-Poly1305 memory encryption for sensitive threat data, seven new proof-of-concept generators covering prompt injection, auth bypass, CSRF, open redirect, race conditions, secret exposure, and cross-site … More →

The post Lyrie: Open-source autonomous pentesting agent appeared first on Help Net Security.

A vulnerability, which was classified as critical, was found in Linux Kernel up to 6.18.24/7.0.1. Affected by this vulnerability is the function f2fs_finish_read_bio of the component f2fs. Executing a manipulation can lead to uninitialized resource. This vulnerability appears as CVE-2026-43349. The attacker needs to be present on the local network. There is no available exploit. You should upgrade the affected component.