Один материал, чтобы править всеми. Напечатанные 3D-руки теперь не отличить от настоящих (и они не портятся)
В Техасе научились делать из одной жижи и броню, и мягкие ткани.
Aggregator
CVE-2025-15510 | NEX-Forms Plugin up to 9.1.8 on WordPress NF5_Export_Forms nex_forms_Id information disclosure
3 months 2 weeks ago
A vulnerability identified as problematic has been detected in NEX-Forms Plugin up to 9.1.8 on WordPress. This affects the function NF5_Export_Forms. The manipulation of the argument nex_forms_Id leads to information disclosure.
This vulnerability is traded as CVE-2025-15510. It is possible to initiate the attack remotely. There is no exploit available.
vuldb.com
CVE-2025-13176 | ESET Inspect Connector up to 2.8.5555 DLL privileges management
3 months 2 weeks ago
A vulnerability categorized as critical has been discovered in ESET Inspect Connector up to 2.8.5555. Affected by this issue is some unknown functionality of the component DLL Handler. Executing a manipulation can lead to improper privilege management.
This vulnerability appears as CVE-2025-13176. The attack requires local access. There is no available exploit.
vuldb.com
CVE-2026-22626 | HIKSEMI HS-AFS-S1H1 5.10.10_Build_251126 Message denial of service
3 months 2 weeks ago
A vulnerability was found in HIKSEMI HS-AFS-S1H1 5.10.10_Build_251126. It has been rated as problematic. Affected by this vulnerability is an unknown functionality of the component Message Handler. Performing a manipulation results in denial of service.
This vulnerability is reported as CVE-2026-22626. The attack is possible to be carried out remotely. No exploit exists.
vuldb.com
CVE-2026-22625 | HIKSEMI HS-AFS-S1H1 5.10.10_Build_251126 Filename information disclosure
3 months 2 weeks ago
A vulnerability was found in HIKSEMI HS-AFS-S1H1 5.10.10_Build_251126. It has been declared as problematic. Affected is an unknown function of the component Filename Handler. Such manipulation leads to information disclosure.
This vulnerability is documented as CVE-2026-22625. The attack can be executed directly on the physical device. There is not any exploit available.
vuldb.com
CVE-2026-22624 | HIKSEMI HS-AFS-S1H1 5.10.10_Build_251126 access control
3 months 2 weeks ago
A vulnerability was found in HIKSEMI HS-AFS-S1H1 5.10.10_Build_251126. It has been classified as critical. This impacts an unknown function. This manipulation causes improper access controls.
This vulnerability is registered as CVE-2026-22624. Remote exploitation of the attack is possible. No exploit is available.
vuldb.com
CVE-2026-22623 | HIKSEMI HS-AFS-S1H1 5.10.10_Build_251126 Message input validation
3 months 2 weeks ago
A vulnerability was found in HIKSEMI HS-AFS-S1H1 5.10.10_Build_251126 and classified as critical. This affects an unknown function of the component Message Handler. The manipulation results in improper input validation.
This vulnerability is cataloged as CVE-2026-22623. The attack may be launched remotely. There is no exploit available.
vuldb.com
CVE-2026-0709 | Hikvision DS-3WAP521-SI Packet privilege escalation
3 months 2 weeks ago
A vulnerability has been found in Hikvision DS-3WAP521-SI, DS-3WAP522-SI, DS-3WAP621E-SI, DS-3WAP622E-SI, DS-3WAP623E-SI and DS-3WAP622G-SI and classified as critical. The impacted element is an unknown function of the component Packet Handler. The manipulation leads to privilege escalation.
This vulnerability is listed as CVE-2026-0709. The attack may be initiated remotely. There is no available exploit.
vuldb.com
CVE-2025-26385 | Johnson Controls Metasys up to 12.0/14.1/17.0/17.1 Application/Data Server command injection (icsa-26-027-04)
3 months 2 weeks ago
A vulnerability, which was classified as critical, was found in Johnson Controls Metasys up to 12.0/14.1/17.0/17.1. The affected element is an unknown function of the component Application/Data Server. Executing a manipulation can lead to command injection.
This vulnerability is tracked as CVE-2025-26385. The attack can be launched remotely. No exploit exists.
You should upgrade the affected component.
vuldb.com
NVIDIA GPU Display Driver Vulnerabilities Allows Code Execution and Privilege Escalation
3 months 2 weeks ago
NVIDIA has issued a critical security update addressing multiple high-severity vulnerabilities in its GPU Display Driver, vGPU software, and HD Audio components. That could enable attackers to execute arbitrary code and escalate privileges on affected systems. The vulnerabilities, disclosed on January 28, 2026, impact Windows and Linux platforms across GeForce, RTX, Quadro, NVS, and Tesla […]
The post NVIDIA GPU Display Driver Vulnerabilities Allows Code Execution and Privilege Escalation appeared first on Cyber Security News.
Abinaya
Pear
3 months 2 weeks ago
You must login to view this content
cohenido
Pear
3 months 2 weeks ago
You must login to view this content
cohenido
Chrome качает что-то за вашей спиной. Google говорит, это не фича, а баг (и нужно скорее обновиться)
3 months 2 weeks ago
В браузере обнаружили ошибку, позволяющую сайтам обходить ограничения безопасности.
威胁情报|Token Vesting 钓鱼投毒分析
3 months 2 weeks ago
本次捕获的攻击活动是一场针对 macOS 平台、结合了社会工程学与多级无文件载荷的定向攻击。
超越 Sora2,Vidu Q3 以 16 秒声画同出开创视频创作新范式
3 months 2 weeks ago
从「抽卡」到「导演」。
Attackers Using Hugging Face Hosting to Deliver Android RAT Payload
3 months 2 weeks ago
A new Android threat campaign has emerged that uses social engineering combined with a legitimate machine learning platform to spread dangerous malware across devices. The attack begins when users see fake security alerts claiming their phones are infected and need protection. These deceptive prompts push users to download a fake security app called TrustBastion, which […]
The post Attackers Using Hugging Face Hosting to Deliver Android RAT Payload appeared first on Cyber Security News.
Tushar Subhra Dutta
Они «зависали» над СССР и слушали всё. США спустя 50 лет рассекретили программу спутников-шпионов JUMPSEAT
3 months 2 weeks ago
Впервые опубликованы фотографии и схемы секретных спутников-шпионов 1970-х годов.
China-Linked UAT-8099 Targets IIS Servers in Asia with BadIIS SEO Malware
3 months 2 weeks ago
Cybersecurity researchers have discovered a new campaign attributed to a China-linked threat actor known as UAT-8099 that took place between late 2025 and early 2026.
The activity, discovered by Cisco Talos, has targeted vulnerable Internet Information Services (IIS) servers located across Asia, but with a specific focus on targets in Thailand and Vietnam. The scale of the campaign is currently
The Hacker News
When real devices become weapons – a new form of low-and-slow attack
3 months 2 weeks ago
In January, our analysts observed an unusual attack pattern at a major European e-commerce provider. It was not a classic DDoS attack with massive traffic volumes. Instead, over several weeks, there was a subtle, recurring increase in load that noticeably slowed down the web shop on Mondays. This case is exemplary of a new generation of attacks in which […]
The post When real devices become weapons – a new form of low-and-slow attack appeared first on Link11.
Lisa Fröhlich
Windows 11 KB5074105 update fixes boot, sign-in, and activation issues
3 months 2 weeks ago
Microsoft has released the KB5074105 preview cumulative update for Windows 11 systems, which includes 32 changes, including fixes for sign-in, boot, and activation issues. [...]
Sergiu Gatlan