Aggregator

北约在波兰比得哥什举行的网络与虚假信息联合模拟演习结果公布，由乌克兰官员组成的模拟敌方团队全程复刻俄罗斯战时信

Мошенники в 2026 году сменили тактику запугивания на фальшивое доверие.

Menlo Security research warns that as enterprise applications become increasingly browser based, traditional cybersecurity tools leave them vulnerable to cyber threats

MaaS trojan SilabRAT uses HVNC and browser cloning to hijack sessions and steal crypto

Australia's second-largest sugar producer said on Wednesday that it was responding to a cybersecurity incident affecting parts of its operations and had engaged cybersecurity experts and local authorities to investigate the attack and restore its systems safely.

ServiceNow applied a security update after an API access issue exposed customer data, with affected firms notified through direct support cases.

Windows administrators should quickly deploy Microsoft’s June 9, 2026 security updates to fix a newly disclosed zero‑day in the Windows Collaborative Translation Framework (CTFMON), tracked as CVE‑2026‑45586. The flaw allows a local attacker with low privileges to escalate to SYSTEM, making it a valuable post‑exploitation primitive for threat actors. Windows CTF 0-Day Vulnerability CVE‑2026‑45586 is […]

The post Windows Collaborative Translation Framework 0-Day Vulnerability Allows Privilege Escalation appeared first on Cyber Security News.

Fortinet, Ivanti, and SAP have released security updates to address multiple critical security vulnerabilities that could result in arbitrary code execution and information disclosure. The security flaw patched by Fortinet relates to a command injection vulnerability in FortiSandbox, FortiSandbox Cloud, and FortiSandbox PaaS WEB UI. It's tracked as CVE-2026-25089 (CVSS score: 9.1). "An

A vulnerability described as problematic has been identified in Jenkins up to 2.554.x. This affects an unknown function of the component Redirect URL Handler. The manipulation results in open redirect. This vulnerability was named CVE-2026-53437. The attack may be performed from remote. There is no available exploit. Upgrading the affected component is recommended.

A vulnerability classified as critical was found in Jenkins up to 2.554.x. Affected is an unknown function. Such manipulation leads to permission issues. This vulnerability is referenced as CVE-2026-53438. It is possible to launch the attack remotely. No exploit is available. Upgrading the affected component is advised.

A vulnerability, which was classified as critical, was found in Jenkins up to 2.554.x. Affected by this issue is some unknown functionality. Executing a manipulation can lead to permission issues. This vulnerability is tracked as CVE-2026-53439. The attack can be launched remotely. No exploit exists. You should upgrade the affected component.

A vulnerability has been found in Jenkins up to 2.554.x and classified as problematic. This affects an unknown part of the component Servlet Container Handler. The manipulation of the argument from leads to open redirect. This vulnerability is listed as CVE-2026-53440. The attack may be initiated remotely. There is no available exploit. The affected component should be upgraded.

A vulnerability was found in Jenkins up to 2.554.x and classified as critical. This vulnerability affects unknown code of the file config.xml of the component Controller File System Handler. The manipulation results in permission issues. This vulnerability is cataloged as CVE-2026-53442. The attack may be launched remotely. There is no exploit available. It is suggested to upgrade the affected component.

A vulnerability was found in Jenkins up to 2.482/2.554.x. It has been rated as problematic. The affected element is an unknown function of the file config.xml of the component Description Handler. Performing a manipulation results in cross site scripting. This vulnerability is reported as CVE-2026-53441. The attack is possible to be carried out remotely. No exploit exists. Upgrading the affected component is advised.

A vulnerability described as critical has been identified in pipecat-ai pipecat up to 1.1.x. The affected element is an unknown function of the file src/pipecat/runner/run.py of the component HTTP Request Handler. Such manipulation of the argument path leads to path traversal. This vulnerability is documented as CVE-2026-44716. The attack can be executed remotely. There is not any exploit available. Upgrading the affected component is recommended.

A vulnerability was found in nimiq core-rs-albatross up to 1.3.x. It has been classified as problematic. This affects the function Ed25519PublicKey::delinearize of the file keys/src/multisig/mod.rs. Performing a manipulation results in reachable assertion. This vulnerability was named CVE-2026-46542. The attack may be initiated remotely. There is no available exploit. Upgrading the affected component is recommended.

A vulnerability was found in OpenEMR. It has been rated as problematic. Affected is the function multiprintcss_header of the component PUT API. Performing a manipulation results in cross site scripting. This vulnerability was named CVE-2026-46518. The attack may be initiated remotely. There is no available exploit. Upgrading the affected component is advised.

Анонс новых функций Apple Intelligence для вашей повседневной жизни.

A high-severity security flaw in Langflow, an open-source low-code platform to build artificial intelligence (AI) applications, has come under active exploitation in the wild, according to findings from VulnCheck. The vulnerability in question is CVE-2026-5027 (CVSS score: 8.8), a case of path traversal that could allow an attacker to write files to arbitrary locations. "The 'POST /api/v2/

The JDY botnet, a malware network previously associated with Chinese threat actors like Volt Typhoon, has significantly expanded its targeting scope and reconnaissance efforts. [...]