Aggregator

Космос без паузы: новый обзор LSST покажет, как меняется небо в перемотке.

A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Attackers exploit Funnel Builder bug to inject e-skimmers into e-stores Pwn2Own Berlin 2026, Day Three: DEVCORE […]

Attackers are exploiting a critical flaw in the WordPress Funnel Builder plugin to inject skimming code into WooCommerce checkout pages. A critical vulnerability in the WordPress Funnel Builder plugin is being actively exploited to inject malicious JavaScript into WooCommerce checkout pages, according to Sansec researchers. Funnel Builder by FunnelKit is a checkout and upsell plugin […]

Name: NDIAS Automotive/IoT CTF (an NDIAS Automotive/IoT CTF event.)
Date: May 15, 2026, 9 a.m. — 17 May 2026, 09:00 UTC  [add to calendar]
Format: Jeopardy
On-line
Offical URL: https://ctf.ndias.jp/
Rating weight: 25.00
Event organizers: cartagaitai

本文从应用层、内核层、静态、动态四大维度，系统剖析 EDR 终端对抗技术的原理、实现与检测策略，为红蓝双方提供

Sovereign Tech Fund выделил рекордную сумму на безопасность и независимый Linux.

A newly disclosed security flaw impacting NGINX Plus and NGINX Open has come under active exploitation in the wild, days after its public disclosure, according to VulnCheck. The vulnerability, tracked as CVE-2026-42945 (CVSS score: 9.2), is a heap buffer overflow in ngx_http_rewrite_module affecting NGINX versions 0.6.27 through 1.30.0. According to AI-native security company depthfirst, the

Scammers are mailing fake Ledger phishing letters to users in Italy with QR codes that trick crypto wallet users into revealing seed phrases.

Сначала казалось, что новые технологии просто экономят время, но последствия оказались куда плачевнее.

AI 漏洞挖掘开始交付"工程化结果" 从音频解码到工业 CAD，从车端 CAN 帧到企业 Java 中间件——这一次，AI 红队没有靠"灵感"。

AI 漏洞挖掘开始交付"工程化结果" 从音频解码到工业 CAD，从车端 CAN 帧到企业 Java 中间件——这一次，AI 红队没有靠"灵感"。

AI 漏洞挖掘开始交付"工程化结果" 从音频解码到工业 CAD，从车端 CAN 帧到企业 Java 中间件——这一次，AI 红队没有靠"灵感"。

A vulnerability has been found in Tencent WeKnora up to 0.3.6 and classified as critical. Affected by this issue is the function getKnowledgeBaseForInitialization of the file internal/handler/initialization.go of the component Config API Endpoint. The manipulation of the argument kbId leads to authorization bypass. This vulnerability is traded as CVE-2026-8786. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

Submit #812172 / VDB-364410

Grafana says hackers stole its source code after accessing a GitHub token, but no customer data or systems were affected.

A vulnerability, which was classified as critical, was found in projectworlds hospital-management-system-in-php 1.0. Affected by this vulnerability is the function getAllPatientDetail of the file update_info.php of the component GET Parameter Handler. Executing a manipulation of the argument appointment_no can lead to sql injection. This vulnerability appears as CVE-2026-8785. The attack may be performed from remote. In addition, an exploit is available. The project was informed of the problem early through an issue report but has not responded yet.

A vulnerability, which was classified as critical, has been found in npitre cramfs-tools up to 2.2. Affected is the function change_file_status of the file cramfsck.c. Performing a manipulation results in symlink following. This vulnerability is reported as CVE-2026-8784. The attack requires a local approach. Moreover, an exploit is present. It is recommended to apply a patch to fix this issue.

Submit #812138 / VDB-201910