Aggregator

Анонс новых функций Apple Intelligence для вашей повседневной жизни.

A high-severity security flaw in Langflow, an open-source low-code platform to build artificial intelligence (AI) applications, has come under active exploitation in the wild, according to findings from VulnCheck. The vulnerability in question is CVE-2026-5027 (CVSS score: 8.8), a case of path traversal that could allow an attacker to write files to arbitrary locations. "The 'POST /api/v2/

The JDY botnet, a malware network previously associated with Chinese threat actors like Volt Typhoon, has significantly expanded its targeting scope and reconnaissance efforts. [...]

在 Node.js 生态系统发生了一系列严重安全事件之后，npm 管理工具的下一个大版本 v12 将在安全方面进行重大调整：除非明确允许，npm install 不再自动执行依赖项的 preinstall、install、postinstall 脚本。来自 Git、文件和链接依赖项的准备脚本也会以同样的方式被阻止。npm v12 将于 2026 年 7 月推出。

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning about a newly discovered zero-day vulnerability in Google Chromium that is actively being exploited in the wild. The flaw, tracked as CVE-2026-11645, affects the Chromium V8 JavaScript engine and could allow attackers to execute arbitrary code within a browser sandbox. According to […]

The post CISA Warns of Google Chromium 0-Day Vulnerability Exploited in Attacks appeared first on Cyber Security News.

The longer it takes to confirm a threat, the longer the business stays exposed. Slow triage leaves SOC teams stuck between suspicious alerts and clear response decisions, giving malware, phishing attacks, and other threats more time to progress.   For CISOs and security leaders, this is no longer just an analyst productivity issue. It is a […]

The post Slow Triage Is Raising Business Risk. Here’s How SOC Teams Cut Investigation Time  appeared first on Cyber Security News.

Windows systems are impacted by two new Remote Desktop Protocol (RDP) information disclosure vulnerabilities, CVE-2026-42908 and CVE-2026-45639. Both issues were resolved in Microsoft’s security updates released on June 9, 2026. Both flaws stem from out-of-bounds reads in the RDP stack and are rated Important, with a CVSS v3 base score of 7.5. Windows Remote Desktop Protocol Vulnerabilities […]

The post Windows RDP Vulnerabilities Allow Attacker to Expose Sensitive Data appeared first on Cyber Security News.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added three new vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, following reports of active exploitation. The list of vulnerabilities is as follows - CVE-2026-20245 (CVSS score: 7.8) - An improper encoding or escaping of output vulnerability in Cisco Catalyst SD-WAN Manager that could allow an

Модель Anthropic собрала восемь цепочек повышения привилегий в Windows.

天文学家研究一个名为 HD 81809 的特殊双星系统时，发现两颗同时诞生的恒星拥有截然不同的化学组成。一般而言，双星诞生于同一个分子云，因此元素组成通常相当接近。但在 HD 81809 系统中，其中一颗恒星的铁含量明显偏低，而另一颗则拥有接近太阳的金属丰度，两颗恒星的铁元素含量相差约 3.7 倍，远超过一般双星演化模型能解释的范围。天文学家因此怀疑，其中一颗恒星可能曾吞噬自己的行星，改变了表面的化学组成。HD 81809 双星系统距离地球约 113 光年，由两颗类似太阳的 G 型恒星组成。其中主星 HD 81809A 已演化成次巨星，另一颗 HD 81809B 则仍停留在主序星阶段。这个系统年龄约达 100 亿年。除了铁元素异常外，HD 81809B 还具有偏高的锂元素含量。由于低质量老年恒星通常会在演化过程中逐渐耗尽锂元素，因此这种高锂元素含量现象，被视为可能曾发生行星吞噬事件的重要线索。研究人员发现，如果要让 HD 81809B 的金属量提升至目前观测值，恒星必须在近期吞噬约 25 至 75 个地球质量的富金属物质，相当于海王星到土星之间的金属核心总量。

A vulnerability described as critical has been identified in Google Chrome on Android. Affected by this vulnerability is an unknown functionality of the component WebView. Executing a manipulation can lead to use after free. This vulnerability is tracked as CVE-2026-11080. The attack can be launched remotely. No exploit exists. Upgrading the affected component is recommended.

A vulnerability classified as critical has been found in Google Chrome on Android. Affected by this issue is some unknown functionality of the component GPU. The manipulation leads to use after free. This vulnerability is listed as CVE-2026-11082. The attack may be initiated remotely. There is no available exploit. It is recommended to upgrade the affected component.

A vulnerability was found in Google Chrome. It has been declared as problematic. The affected element is an unknown function of the component V8. The manipulation results in out-of-bounds read. This vulnerability is reported as CVE-2026-11075. The attack can be launched remotely. No exploit exists. It is recommended to upgrade the affected component.

A vulnerability categorized as critical has been discovered in Google Chrome. This affects an unknown function of the component WebGL. Such manipulation leads to use after free. This vulnerability is traded as CVE-2026-11073. The attack may be launched remotely. There is no exploit available. It is advisable to upgrade the affected component.

A vulnerability described as problematic has been identified in Google Chrome. Affected by this issue is some unknown functionality of the component Fileystem. The manipulation results in permissive cross-domain policy with untrusted domains. This vulnerability was named CVE-2026-11078. The attack may be performed from remote. There is no available exploit. Upgrading the affected component is recommended.

A vulnerability classified as problematic has been found in Google Chrome. This affects an unknown part of the component Password Manager. This manipulation causes permissive cross-domain policy with untrusted domains. The identification of this vulnerability is CVE-2026-11083. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Google Chrome. This vulnerability affects unknown code of the component Codecs. Such manipulation leads to out-of-bounds write. This vulnerability is referenced as CVE-2026-11079. It is possible to launch the attack remotely. No exploit is available. Upgrading the affected component is advised.