Aggregator

A vulnerability classified as problematic was found in Water-Melon Melon up to 9df9292. This issue affects some unknown processing of the component HTTP. Such manipulation leads to resource consumption. This vulnerability is traded as CVE-2025-71031. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability classified as critical has been found in AlistGo alist up to 3.56.x. This vulnerability affects unknown code. This manipulation causes path traversal. This vulnerability appears as CVE-2026-25161. The attack may be initiated remotely. There is no available exploit. It is recommended to upgrade the affected component.

A vulnerability described as critical has been identified in chainguard-dev melange up to 0.40.2. This affects an unknown part of the file pkg/build/pipelines/patch.yaml of the component Configuration Handler. The manipulation results in os command injection. This vulnerability is reported as CVE-2026-25143. The attack requires a local approach. No exploit exists. Upgrading the affected component is recommended.

A vulnerability marked as problematic has been reported in apollographql apollo-server up to 3.13.0/4.12.x/5.3.x. Affected by this issue is some unknown functionality. The manipulation of the argument startStandaloneServer leads to inefficient regular expression complexity. This vulnerability is documented as CVE-2026-23897. The attack can be initiated remotely. There is not any exploit available. It is suggested to upgrade the affected component.

NYT 关注了去年引发广泛热议的被称为“中国版 N 号房”事件的 Telegram 偷拍群组 MaskPark。报道称：借助 Telegram 的匿名性、隐藏摄像头的普及和中国在线支付应用程序的便利性，中国女性和女孩偷拍影像的庞大交易正蓬勃发展。人们分享和交易女友、妻子、亲戚和熟人的照片和视频——这种做法在中文被称为“偷拍出卖”。他们还交换陌生人的此类视频。贩卖者常宣称这些影像来自隐蔽摄像头和手机拍摄，或者是黑入监控系统获取的。其中大量涉及偷拍女性裙底的内容，即所谓的“裙底偷拍”。

AI smart glasses are the latest addition to fashion, and they include a camera, a microphone, AI, and privacy risks. After Google Glass failed to gain traction more than a decade ago, the category is seeing renewed interest as companies redesign the technology to look like ordinary eyewear. Meta and privacy The most popular model on the market comes from a partnership between Ray-Ban and Meta, combining mainstream fashion with a company known for privacy … More →

The post Smart glasses are back, privacy issues included appeared first on Help Net Security.

Почему ручные проверки и «накликивание» тормозят бизнес, и как SGRC-подход создает стратегическую безопасность.

因内存和固态硬盘短缺，Valve 将 Steam Machine、Steam Frame 和 Steam Controller 的发售时间从 2026 年第一季度推迟到上半年（实际上就是第二季度）。因 AI 热，内存和固态硬盘供不应求，价格飙升。Valve 表示，不断上涨的零部件价格和有限的供应迫使其重新评估发货计划和定价策略。Valve 此前曾表示，Steam Machine 将定位为入门级 PC。

A vulnerability labeled as problematic has been found in NanoMQ MQTT Broker 0.24.6. Affected by this vulnerability is the function strchr of the component Subscription Handler. Executing a manipulation can lead to null pointer dereference. This vulnerability is registered as CVE-2025-68699. It is possible to launch the attack remotely. No exploit is available. The affected component should be upgraded.

A vulnerability identified as problematic has been detected in Navidrome up to 0.59.x. Affected is an unknown function of the file /rest/getCoverArt. Performing a manipulation of the argument size results in resource consumption. This vulnerability is cataloged as CVE-2026-25579. It is possible to initiate the attack remotely. There is no exploit available. You should upgrade the affected component.

A new, critical security vulnerability has been disclosed in the n8n workflow automation platform that, if successfully exploited, could result in the execution of arbitrary system commands. The flaw, tracked as CVE-2026-25049 (CVSS score: 9.4), is the result of inadequate sanitization that bypasses safeguards put in place to address CVE-2025-68613 (CVSS score: 9.9), another critical defect that

癌症是全世界疾病和死亡的主因。WHO 国际癌症研究所的研究人员分析了 2022 年 185 个国家 36 种不同癌症的病例数据，纳入了 30 种已知的、可改变的癌症风险因素如吸烟、饮酒和感染，估算了与每种风险因素直接相关的病例比例。研究人员认为逾三分之一新癌症病例是可预防的。2022 年全球新增癌症病例共 1870 万例。其中约 38%（即 710 万例）可归因于可避免因素。吸烟是导致癌症的首因，约占可预防病例的 15%，其次是感染（10%）和饮酒（3%）。肺癌、胃癌和宫颈癌占可预防癌症病例的半数。

省去碎片化信息筛选时间，1篇GET网安厂商近期关键动作！

南京众智维信息科技有限公司宣布完成数千万B2轮融资。

研究人员在40天的监测中，于蜜罐系统上记录到超3.5万次攻击会话，由此发现这起大规模网络犯罪活动。

Email remains a primary entry point for attackers, and security teams continue to manage high volumes of malicious messages that change form across campaigns. Attackers generate large numbers of messages with small variations in wording, structure, and delivery paths. AI systems now sit at the center of this activity, supporting generation, testing, and rollout of phishing campaigns. The Cofense research documents this environment as it exists across enterprise inboxes, with one malicious email identified on … More →

The post AI is driving a new kind of phishing at scale appeared first on Help Net Security.

Даже бдительный админ может не знать о надвигающейся угрозе. Спасибо, CISA.

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Xingyu Wang' was reported to the affected vendor on: 2026-02-05, 50 days ago. The vendor is given until 2026-06-05 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Michael DePlante (@izobashi) of TrendAI Zero Day Initiative' was reported to the affected vendor on: 2026-02-05, 52 days ago. The vendor is given until 2026-06-05 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 7.8 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by ' Bobby Gould (@bobbygould5) and Michael DePlante (@izobashi) of TrendAI Zero Day Initiative' was reported to the affected vendor on: 2026-02-05, 52 days ago. The vendor is given until 2026-06-05 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.