Aggregator

A CVSS score 7.5 AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Zeeshan Shaikh (@bugzzzhunter)' was reported to the affected vendor on: 2026-03-03, 39 days ago. The vendor is given until 2026-07-01 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 7.5 AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Peikai Li' was reported to the affected vendor on: 2026-03-03, 39 days ago. The vendor is given until 2026-07-01 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 7.6 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L severity vulnerability discovered by 'kaijieguigui' was reported to the affected vendor on: 2026-03-03, 39 days ago. The vendor is given until 2026-07-01 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 7.3 AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Xavier DANEST' was reported to the affected vendor on: 2026-03-03, 13 days ago. The vendor is given until 2026-07-01 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A new information-stealing malware called AuraStealer has been making its presence felt across the cybersecurity landscape since mid-2025. Developed and actively maintained by a group of Russian-speaking individuals, the malware first appeared on underground hacker forums in July 2025, shortly after the disruption of the Lumma stealer infrastructure left a notable gap in the infostealer […]

The post Threat Actors Deploy ‘AuraStealer’ Infostealer with 48 C2 Domains and Active Campaigns appeared first on Cyber Security News.

A vulnerability was found in HP VVX, Edge E and Trio 8300. It has been declared as problematic. This impacts an unknown function of the component SIP Service. The manipulation results in use of hard-coded cryptographic key . This vulnerability is reported as CVE-2026-0754. The attack requires a local approach. No exploit exists. It is recommended to upgrade the affected component.

A vulnerability was found in Amazon AWS-LC up to 1.68.x. It has been classified as critical. This affects the function PKCS7_verify. The manipulation leads to improper certificate validation. This vulnerability is documented as CVE-2026-3336. The attack can be initiated remotely. There is not any exploit available. Upgrading the affected component is recommended.

A vulnerability was found in Amazon AWS-LC up to 1.68.x and classified as problematic. The impacted element is the function PKCS7_verify. Executing a manipulation can lead to improper verification of cryptographic signature. This vulnerability is registered as CVE-2026-3338. It is possible to launch the attack remotely. No exploit is available. It is suggested to upgrade the affected component.

A vulnerability has been found in ModelScope ms-agent up to 1.6.0rc1 and classified as critical. The affected element is an unknown function. Performing a manipulation results in code injection. This vulnerability is cataloged as CVE-2026-2256. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in Gallagher Command Centre Server up to 9.00. Impacted is an unknown function of the component Morpho. Such manipulation leads to improper locking. This vulnerability is listed as CVE-2026-20757. The attack must be carried out locally. There is no available exploit. You should upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Amazon AWS-LC and AWS-LC-FIPS up to 1.68.x. This issue affects the function EVP_aes_128_ccm/EVP_aes_192_ccm/EVP_aes_256_ccm of the component EVP CIPHER API. This manipulation causes observable timing discrepancy. This vulnerability is tracked as CVE-2026-3337. The attack is possible to be carried out remotely. No exploit exists. It is advisable to upgrade the affected component.

A vulnerability classified as problematic was found in Gallagher Command Centre Mobile Client up to 9.40.122 on Android/iOS. This vulnerability affects unknown code of the component Session Token Handler. The manipulation results in cleartext storage of sensitive information. This vulnerability is identified as CVE-2025-47147. The attack is only possible with local access. There is not any exploit available. Upgrading the affected component is advised.

好的，用户让我帮忙总结一篇英文文章，控制在100字以内，而且不需要特定的开头。首先，我需要理解文章的内容。看起来这篇文章讲述的是作者在深夜浏览暗网论坛时，偶然发现了一个安全漏洞，并通过自己的好奇心和一些技术手段，成功找到了一个严重的安全问题，最终获得了漏洞赏金。 接下来，我需要提取关键信息：时间、地点、事件、结果。作者是在凌晨两点左右发现的线索，利用威胁情报和侦察技术发现了配置错误的缓存，导致内部敏感数据泄露。结果是一个美丽的漏洞赏金发现。 然后，我要确保总结控制在100字以内，并且直接描述内容，不使用“文章内容总结”之类的开头。所以我会用简洁的语言概括事件的过程和结果。 最后，检查一下有没有遗漏的重要信息，并确保语言流畅自然。 深夜浏览暗网论坛时发现线索,通过威胁情报和侦察技术,利用配置错误的缓存,意外发现内部敏感数据泄露,最终收获人生最美妙的漏洞赏金经历。

在去年发生多起与移动电源相关的飞机起火事故后，日本计划从 4 月中旬起禁止乘客在飞机上使用移动电源/充电宝。日本国土交通省发布了《民用航空条例》修订版征求意见稿。在日本，移动电源被分类为备用电池，被禁止托运。随身行李中的移动电池则禁止超过 160 瓦时，超过 100 瓦时只能携带两块，低于 100 瓦时的不受限制。新修订的规定限制乘客最多能携带包括充电宝在内的两块电池，禁止在机上充电，建议乘客不要使用充电宝。日本航空公司则可能一步到位，直接禁止乘客使用充电宝。

2026年2月28日，美国和以色列对伊朗发起的联合打击行动，离不开精准情报的支撑，尤其是猎杀哈梅内伊等一众高管的定点清除行动，更离不开人力情报、地理空间情报、信号技术情报、网络情报等各类情报工作的高效运用。

重点给大家推荐一个伊朗实时开源情报监测网站-伊朗观察。

Специалисты раскрыли мошенническую сеть Genisys, заразившую 25 миллионов Android-устройств.

嗯，用户让我用中文总结一篇文章，控制在一百字以内，而且不需要特定的开头。首先，我需要理解文章内容。文章讲的是Netflix撤回收购华纳兄弟探索公司的出价，然后派拉蒙天空之舞介入收购了该公司。首席执行官大卫·埃里森宣布合并Paramount+和HBO Max为一个统一平台，并提到他们将投资创意引擎，保持HBO的创意愿景和院线上映计划。 接下来，我要把重点提炼出来：Netflix撤回收购，派拉蒙收购，合并流媒体平台，投资创意，保持HBO不变。然后把这些信息浓缩成一句话，不超过一百字。 可能会这样组织：“Netflix撤回对华纳兄弟探索的收购后，派拉蒙天空之舞完成收购，并计划合并Paramount+与HBO Max为统一平台。CEO埃里森承诺投资创意引擎，并保持HBO的创意愿景和院线上映计划。” 检查一下字数是否在限制内，并且是否涵盖了所有关键点。看起来没问题。 Netflix撤回对华纳兄弟探索的收购后，派拉蒙天空之舞完成收购，并计划合并Paramount+与HBO Max为统一平台。CEO埃里森承诺投资创意引擎，并保持HBO的创意愿景和院线上映计划。

Online security is built through routine decisions made across devices and accounts. People choose how to create passwords, how often to reuse them, and how much effort to invest in protecting personal data. The National Cybersecurity Alliance and CybSafe’s Oh, Behave! The Cybersecurity Attitudes and Behaviors Report: 2021–2025 follows those patterns over five years, drawing on responses from more than 24,000 adults and documenting how attitudes and behaviors shift over time. “Five years of data … More →

The post 5 years of shifting cybersecurity behavior appeared first on Help Net Security.

嗯，用户让我帮忙总结一篇文章，控制在一百个字以内，而且不需要特定的开头。首先，我需要仔细阅读文章内容，抓住主要信息。 文章讲的是Operation Epic Fury之后，伊朗相关威胁行为者可能进行网络反击。关键点包括他们针对关键基础设施和机会目标，涉及IRGC和MOIS等组织。建议修补已知漏洞，并准备好应对DDoS和僵尸网络活动。 接下来，我需要把这些要点浓缩到100字以内。要确保涵盖伊朗的反击行动、涉及的组织以及建议的措施。同时，语言要简洁明了。 可能的结构是：Operation Epic Fury后，伊朗威胁行为者可能反击关键基础设施和机会目标，涉及IRGC和MOIS等组织。建议修补漏洞并准备应对DDoS和僵尸网络活动。 检查字数是否在限制内，并确保信息准确传达。 Operation Epic Fury后，伊朗相关威胁行为者可能对关键基础设施和机会目标发起网络反击。涉及伊斯兰革命卫队(IRGC)和情报与安全部(MOIS)等组织。建议修复已知漏洞并准备应对DDoS和僵尸网络攻击。