Aggregator

FutureVision: показываете машине миллион случайных видео — и навсегда забываете про сбои на производстве.

Leading medical technology company Stryker has been hit by a wiper malware attack claimed by Handala, an Iranian-linked and pro-Palestinian hacktivist group. [...]

A vishing-as-a-service platform that helps scammers carry out so-called “press 1” scams is misusing text-to-speech (TTS) capabilities provided by AI voice technology company ElevenLabs, Mirage Security researchers claim. How “press 1” vishing scams work For “press 1” scams, fraudsters spoof phone numbers of trusted institutions (e.g., bank), call up potential victims and try to scare them with pre-recorded messages into sharing sensitive information. When impersonating banks, for example, the fraudsters first play a message that … More →

The post Researchers uncover AI-powered vishing platform appeared first on Help Net Security.

New attack waves from the 'PhantomRaven' supply-chain campaign are hitting the npm registry, with dozens of malicious packages that exfiltrate sensitive data from JavaScript developers. [...]

These are the top threats you should know about this week.

A vulnerability was found in Cisco IOS XR. It has been classified as critical. Affected is an unknown function of the component CLI. Performing a manipulation results in improper access controls. This vulnerability is identified as CVE-2026-20046. The attack is only possible with local access. There is not any exploit available. Upgrading the affected component is recommended.

A vulnerability was found in striae-org striae up to 2.x and classified as problematic. This impacts an unknown function. Such manipulation leads to improper validation of integrity check value. This vulnerability is referenced as CVE-2026-31839. The attack can only be performed from a local environment. No exploit is available. It is suggested to upgrade the affected component.

A vulnerability has been found in Cisco Unified Contact Center Express and classified as problematic. This affects an unknown function of the component Web-based Management Interface. This manipulation causes cross site scripting. The identification of this vulnerability is CVE-2026-20117. It is possible to initiate the attack remotely. There is no exploit available. The affected component should be upgraded.

A vulnerability, which was classified as problematic, was found in opnsense core up to 26.1.3. The impacted element is an unknown function of the component MVC API Endpoint. The manipulation results in cross-site request forgery. This vulnerability was named CVE-2026-30868. The attack may be performed from remote. There is no available exploit. You should upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Neo4j Enterprise edition up to 5.26.21/2026.01.3. The affected element is an unknown function of the component UserInfo Endpoint. The manipulation leads to incorrect authorization. This vulnerability is uniquely identified as CVE-2026-1471. The attack is possible to be carried out remotely. No exploit exists. It is advisable to upgrade the affected component.

A vulnerability classified as critical was found in supabase auth up to 2.184.x. Impacted is an unknown function of the component Token Endpoint. Executing a manipulation can lead to authentication bypass by spoofing. This vulnerability is handled as CVE-2026-31813. The attack can be executed remotely. There is not any exploit available. Upgrading the affected component is advised.

Van Allen Probe A летит на дно океана на 8 лет раньше ожидаемого срока.

BeatBanker Android Trojan spreads via fake Google Play Store pages, using a silent audio loop to stay active while stealing crypto, banking data, and login credentials.

A vulnerability classified as critical has been found in rui314 mold up to 2.40.4. This issue affects the function mold::ObjectFilemold::X86_64::initialize_sections of the file src/input-files.cc of the component Object File Handler. Performing a manipulation results in heap-based buffer overflow. This vulnerability is known as CVE-2026-3994. Attacking locally is a requirement. Furthermore, an exploit is available. The project was informed of the problem early through an issue report but has not responded yet.

via the comic artistry and dry wit of Randall Munroe, creator of XKCD

Permalink

The post Randall Munroe’s XKCD ‘Carbon Dating’ appeared first on Security Boulevard.

A vulnerability described as problematic has been identified in itsourcecode Payroll Management System 1.0. This vulnerability affects unknown code of the file /manage_employee_deductions.php. Such manipulation of the argument ID leads to cross site scripting. This vulnerability is traded as CVE-2026-3993. The attack may be launched remotely. Furthermore, there is an exploit available.