Aggregator

A vulnerability identified as critical has been detected in Samsung Devices. This affects an unknown part of the component Font Settings. This manipulation causes improper verification of cryptographic signature. The identification of this vulnerability is CVE-2026-20989. It is feasible to perform the attack on the physical device. There is no exploit available. It is recommended to apply a patch to fix this issue.

In this Help Net Security interview, Packsize CSO Troy Rydman breaks down the biggest vulnerabilities in smart factory environments today, from IoT devices and legacy systems to human error. He explains how unmanaged devices, from sensors to robotic components, often go unpatched and become entry points for attackers. Legacy infrastructure is frequently overlooked as organizations move to cloud and SaaS platforms, leaving outdated systems exposed. Employees remain a persistent weak point, not because of negligence, … More →

The post What smart factories keep getting wrong about cybersecurity appeared first on Help Net Security.

A vulnerability categorized as critical has been discovered in Samsung Smart Switch 3.7.64.10/3.7.66.6/3.7.67.2/3.7.68.6. Affected by this issue is some unknown functionality. The manipulation results in path traversal. This vulnerability was named CVE-2026-21005. The attack needs to be approached within the local network. There is no available exploit. It is advisable to upgrade the affected component.

A vulnerability was found in Samsung Smart Switch 3.7.64.10/3.7.66.6/3.7.67.2/3.7.68.6. It has been rated as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to improper authentication. This vulnerability is uniquely identified as CVE-2026-21004. The attack can only be initiated within the local network. No exploit exists. Upgrading the affected component is advised.

A vulnerability was found in Samsung Smart Switch 3.7.64.10/3.7.66.6/3.7.67.2/3.7.68.6. It has been declared as critical. Affected is an unknown function. Executing a manipulation can lead to authentication bypass by capture-replay. This vulnerability is handled as CVE-2026-20999. The attack can be executed remotely. There is not any exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Samsung Smart Switch 3.7.64.10/3.7.66.6/3.7.67.2/3.7.68.6. It has been classified as critical. This impacts an unknown function. Performing a manipulation results in improper authentication. This vulnerability is known as CVE-2026-20998. Remote exploitation of the attack is possible. No exploit is available. Upgrading the affected component is recommended.

A vulnerability was found in Samsung Smart Switch 3.7.64.10/3.7.66.6/3.7.67.2/3.7.68.6 and classified as problematic. This affects an unknown function. Such manipulation leads to improper verification of cryptographic signature. This vulnerability is traded as CVE-2026-20997. The attack may be launched remotely. There is no exploit available. It is suggested to upgrade the affected component.

嗯，用户让我帮忙总结一下这篇文章的内容，控制在100字以内，而且不需要用“文章内容总结”或者“这篇文章”这样的开头。直接写描述就行。 首先，我需要仔细阅读文章内容。文章提到谷歌公司计划将Gemini网络应用程序扩展到香港用户。Gemini是一个结合了文字、图像、语音和数据处理能力的人工智能聊天机器人，之前香港的个人账户无法直接登录。现在谷歌宣布逐步扩展到全港用户，并且之后还会覆盖移动应用程序。通过Gemini，用户可以处理日常事务，生成图像、音乐等多媒体内容。不过，谷歌没有说明这次开放的人工智能模型是否是最新版本。 接下来，我要提取关键信息：谷歌扩展Gemini到香港，功能包括处理文字、图像、语音和数据，生成多媒体内容，但未说明是否为最新版本。 然后，按照要求控制在100字以内。我需要简洁明了地表达这些要点。 最后，确保开头不使用特定的模板语句，直接描述内容即可。 谷歌计划将Gemini网络应用逐步扩展至香港用户，该AI工具可处理文字、图像、语音和数据，并生成多媒体内容。

A vulnerability categorized as critical has been discovered in FreeRDP up to 3.23.x. This vulnerability affects the function bitmap_cache_put. Such manipulation of the argument cells[] leads to out-of-bounds write. This vulnerability is uniquely identified as CVE-2026-29775. The attack can be launched remotely. No exploit exists. It is advisable to upgrade the affected component.

A vulnerability identified as critical has been detected in FreeRDP up to 3.23.x. This issue affects some unknown processing of the file libfreerdp/codec/dsp.c. Performing a manipulation of the argument size_t results in integer underflow. This vulnerability was named CVE-2026-31883. The attack may be initiated remotely. There is no available exploit. You should upgrade the affected component.

A vulnerability marked as problematic has been reported in FreeRDP up to 3.23.x. The affected element is an unknown function. The manipulation of the argument step_index leads to out-of-bounds read. This vulnerability is referenced as CVE-2026-31885. Remote exploitation of the attack is possible. No exploit is available. It is suggested to upgrade the affected component.

A vulnerability was found in FreeRDP up to 3.23.x. It has been declared as problematic. Affected by this issue is the function freerdp_bitmap_decompress_planar. The manipulation results in out-of-bounds read. This vulnerability is known as CVE-2026-31897. It is possible to launch the attack remotely. No exploit is available. It is recommended to upgrade the affected component.

A vulnerability was found in FreeRDP up to 3.23.x. It has been classified as problematic. Affected by this vulnerability is an unknown functionality of the file libfreerdp/codec/dsp.c. The manipulation of the argument nBlockAlign leads to divide by zero. This vulnerability is traded as CVE-2026-31884. It is possible to initiate the attack remotely. There is no exploit available. Upgrading the affected component is recommended.

A vulnerability described as problematic has been identified in Erlang OTP. Affected by this issue is some unknown functionality in the library lib/inets/src/http_server/httpd_request.erl of the component RFC 9112. Executing a manipulation of the argument Content-Length can lead to http request smuggling. The identification of this vulnerability is CVE-2026-23941. The attack may be launched remotely. There is no exploit available. Upgrading the affected component is recommended.

A vulnerability classified as problematic has been found in Erlang OTP. This affects an unknown part in the library lib/ssh/src/ssh_transport.erl. The manipulation leads to highly compressed data. This vulnerability is referenced as CVE-2026-23943. Remote exploitation of the attack is possible. No exploit is available.

A vulnerability, which was classified as critical, was found in Erlang OTP. Impacted is an unknown function in the library lib/ssh/src/ssh_sftpd.erl of the component ssh_sftpd. Such manipulation leads to path traversal. This vulnerability is listed as CVE-2026-23942. The attack may be performed from remote. There is no available exploit.

安全公司 Aikido Security 的研究人员报告了对 GitHub 等平台发动的新供应链攻击。攻击者使用不可见的 Unicode 字符上传了 151 个恶意包，这些字符在编辑器等界面对人眼不可见，但能被机器阅读，并能执行其恶意指令。安全研究人员将该组织命名为 Glassworm，认为攻击者使用大模型生成了不同项目的软件包。不可见字符使用 Public Use Areas(aka Public Use Access)渲染，是 Unicode 标准中用于定义表情符号、旗帜等特殊字符的私有字符代码点。当输入计算机时，这些代码点的输出对人类完全不可见，只能看到空白或空行，但对 JavaScript 解释器而言，这些代码点会被转换为可执行代码。

AI 编程智能体时代的安全挑战