Aggregator

On Tuesday, Microsoft patched two zero-day vulnerabilities that let attackers gain SYSTEM privileges on fully patched Windows systems, and a third one that grants access to BitLocker-protected drives. [...]

分享一篇文章。

2026年6月10日（北京时间），微软发布了2026年6月安全更新，共发布了204个CVE的补丁程序，比上月增多了66个。

The researcher Chaotic Eclipse released a PoC for the RoguePlanet Microsoft Defender zero-day, which can grant SYSTEM privileges on fully patched Windows systems. Security researcher Chaotic Eclipse, also known as Nightmare-Eclipse, has published a new proof-of-concept exploit for a RoguePlanet Microsoft Defender zero-day. The flaw relies on a race condition that can provide attackers with […]

供应商遭到未授权访问

速修复

速修复

Microsoft on Tuesday released fixes for a record 206 security vulnerabilities impacting its software portfolio, including three flaws that have been publicly disclosed at the time of release. Of the 206 flaws, 39 are rated Critical, and 167 are rated Important in severity. This includes 63 privilege escalation, 56 remote code execution, 30 information disclosure, 27 spoofing, 20 security

Rubrik has unveiled Autonomous Business Recovery (ABR) for Cloud Applications, the agentic cyber resilience solution that recovers cloud applications from data to network, identity and configurations. The end result is a rebuild of an organization’s Minimum Viable Business (MVB) at machine speed. At a time when powerful AI models collapse the window between vulnerability discovery and exploitation from months to seconds, the imperative to plan in advance for cyber resilience has never been greater. ABR … More →

The post Rubrik launches Autonomous Business Recovery to rebuild cloud applications after cyberattacks appeared first on Help Net Security.

В чем главная проблема диапазона 2,4 ГГц, на котором работают 7 из 10 роутеров в РФ.

Apple is bringing its Private Cloud Compute (PCC) platform to Google Cloud, expanding the infrastructure behind Apple Intelligence to third-party data centers. Introduced in 2024, PCC provides cloud-based processing for AI workloads that exceed the capabilities of on-device models while maintaining Apple’s security and privacy guarantees. The system was originally built on Apple silicon and operated exclusively within Apple’s infrastructure. Building on confidential computing The expansion leaves PCC’s core security model unchanged. The system is … More →

The post Apple extends Private Cloud Compute to third-party data centers appeared first on Help Net Security.

近期360安全大脑监测到多起蔓灵花组织钓鱼网站。诱导用户点击，窃取邮箱账户密码，下载恶意vbs脚本。通过vbs脚本对设备进程控制和窃密。

Miasma蠕虫攻击波及微软73个GitHub仓库，Check Point零日漏洞遭利用部署勒索软件，Linux提权漏洞曝光。

Microsoft’s June 2026 patch Tuesday resolves 206 vulnerabilities, including 3 critical zero-days and severe 9.8 CVSS kernel, network and HTTP.sys flaws.

F5 has introduced new web application and API protection (WAAP) capabilities for its Application Delivery and Security Platform. The company said the updates are intended to address a threat landscape in which AI models can accelerate the time between vulnerability discovery and exploitation, giving attackers faster access to offensive capabilities. The new features expand the AI-powered web application firewall (WAF) functionality in F5 Distributed Cloud Services. “Frontier AI has collapsed the window between discovery and … More →

The post F5 adds AI-powered threat detection and API security for on-premises environments appeared first on Help Net Security.

Days after publishing research on how advanced AI systems could amplify cyber operations in the wrong hands, Anthropic released Claude Fable 5, a Mythos-class model for general use. “Releasing a model this capable comes with risks. Without safeguards, Fable 5’s capabilities in areas like cybersecurity could be misused to cause serious damage,” Anthropic wrote. The company said Mythos-class models possess advanced cybersecurity and research biology capabilities that can provide information and guidance beyond what is … More →

The post Anthropic’s Claude Fable 5 is out for public use, with safeguards for high-risk requests appeared first on Help Net Security.

A vulnerability, which was classified as problematic, was found in brechtvds Easy Image Collage Plugin up to 1.13.6 on WordPress. The affected element is the function update_post_meta. The manipulation results in cross site scripting. This vulnerability is cataloged as CVE-2026-9019. The attack may be launched remotely. There is no exploit available. You should upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in smub aThemes Addons for Elementor Plugin up to 1.1.8 on WordPress. Impacted is an unknown function of the component Posts Timeline Widget. The manipulation leads to cross site scripting. This vulnerability is listed as CVE-2026-8613. The attack may be initiated remotely. There is no available exploit. It is advisable to upgrade the affected component.