Aggregator

If you’ve been a victim of fraud, you’re likely already a lead on a ‘sucker list’ – and if you’re not careful, your ordeal may be about to get worse.

A vulnerability labeled as critical has been found in Orthanc DICOM Server up to 1.12.10. This vulnerability affects unknown code of the component PAM Image Parser. Executing a manipulation can lead to integer overflow. This vulnerability is registered as CVE-2026-5444. It is possible to launch the attack remotely. No exploit is available.

A vulnerability categorized as problematic has been discovered in mtrojnar osslsigncode up to 2.12. Affected is the function pe_page_hash_calc. Such manipulation of the argument PointerToRawData/SizeOfRawData leads to out-of-bounds read. This vulnerability is referenced as CVE-2026-39856. The attack can only be performed from a local environment. No exploit is available. It is advisable to upgrade the affected component.

A vulnerability has been found in bytecodealliance wasmtime up to 43.0.0 and classified as critical. This vulnerability affects the function wasmtime::Linker of the component API Call Handler. Performing a manipulation results in use after free. This vulnerability is reported as CVE-2026-34983. The attack may be carried out on the physical device. No exploit exists. The affected component should be upgraded.

基于 Memfit AI，解锁代码安全审计新范式

A flaw in EngageLab SDK exposed up to 50M Android users, including 30M crypto wallets, letting apps bypass security and access private data. Microsoft researchers found a critical flaw in EngageSDK that lets apps bypass Android sandbox protections and access private data. The flaw put millions of users, including over 30M crypto wallet installs, at […]

Network monitoring on Linux has long been a gap for users who want per-process visibility into outbound connections. Existing tools either operate at the command line or were designed for server security rather than desktop privacy. Objective Development, the Austrian company behind the macOS firewall utility Little Snitch, released a Linux version of the tool. It is free and, according to the company, will remain so. Architecture choices The kernel component uses eBPF for traffic … More →

The post Little Snitch for Linux shows what your apps are connecting to appeared first on Help Net Security.

A vulnerability was found in Linux Kernel. It has been rated as problematic. This impacts the function perf_event_open of the file kernel/events/core.c. Performing a manipulation results in race condition within a thread. This vulnerability is identified as CVE-2022-1729. The attack can be initiated remotely. There is not any exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in vim. It has been declared as problematic. Affected by this issue is some unknown functionality. Executing a manipulation can lead to null pointer dereference. This vulnerability is tracked as CVE-2022-1725. The attack can be launched remotely. No exploit exists. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in radare2 up to 5.6.x. This impacts an unknown function. This manipulation causes heap-based buffer overflow. The identification of this vulnerability is CVE-2022-1714. The attack can only be executed locally. There is no exploit available. It is advisable to upgrade the affected component.

A vulnerability, which was classified as critical, was found in vim. The affected element is the function grab_file_name of the file vim/vim. The manipulation results in buffer overflow. This vulnerability was named CVE-2022-1720. The attack may be performed from remote. There is no available exploit. You should upgrade the affected component.

The Apiiro CLI brings the Apiiro platform to your terminal and to your AI coding assistants, giving them six native security capabilities: scanning, risk management, remediation, an AI security analyst (via Apiiro Guardian Agent), AI Threat Modeling, and prompt enrichment. It installs in seconds on macOS, Linux, and Windows via brew, direct download, or RPM. Apiiro CLI ships with agent skills, structured capability definitions that AI coding assistants like Claude Code and Cursor can read … More →

The post Apiiro CLI turns AI coding assistants into full-stack security engineers appeared first on Help Net Security.

A vulnerability labeled as problematic has been found in vim. This vulnerability affects the function vim_regexec_string of the file regexp.c. Such manipulation leads to null pointer dereference. This vulnerability is traded as CVE-2022-1674. The attack may be launched remotely. There is no exploit available. The affected component should be upgraded.

Учёные обнаружили скрытый фактор, который влияет на качество отдыха гораздо сильнее.

The cpuid-dot-com website, home to widely used system utilities CPU-Z and HWMonitor, is at the center of an active supply chain security incident. Users downloading HWMonitor 1.63 or CPU-Z ZIPs since early April have reportedly received trojanized installers capable of dropping malicious DLLs, evading antivirus detection through in-memory execution, and establishing connections to attacker-controlled infrastructure. […]

The post CPUID Website Compromised to Deliver Weaponized HWMonitor and CPU-Z Tools appeared first on Cyber Security News.

A vulnerability classified as problematic has been found in OpenStack Skyline up to 5.0.0/6.0.0/7.0.0. The impacted element is an unknown function of the component Console Web Interface. This manipulation causes cross site scripting. This vulnerability appears as CVE-2026-40212. The attack may be initiated remotely. There is no available exploit. It is recommended to upgrade the affected component.

A vulnerability described as critical has been identified in Notepad++ up to 8.9.3. The affected element is an unknown function of the component File Drop Handler. The manipulation results in stack-based buffer overflow. This vulnerability is reported as CVE-2026-5525. The attack requires a local approach. No exploit exists. Upgrading the affected component is recommended.

A vulnerability marked as problematic has been reported in VMware Spring Cloud Gateway up to 4.2.0. Impacted is an unknown function of the component SSL Bundle Configuration Handler. The manipulation leads to cryptographic issues. This vulnerability is documented as CVE-2026-22750. The attack can be initiated remotely. There is not any exploit available. It is suggested to upgrade the affected component.

2024 年12月23日，一个存在了八年的美国政府机构悄然关门，没有告别会，没有新闻发布会，只有美国国WU院