Aggregator

A vulnerability described as problematic has been identified in Hitachi Energy RTU500 CMU up to 12.7.7/13.5.4/13.6.2/13.7.7/13.8.1. Affected by this vulnerability is an unknown functionality. Such manipulation leads to denial of service. This vulnerability is traded as CVE-2026-1773. The attack may be launched remotely. There is no exploit available.

A vulnerability marked as problematic has been reported in Apache Superset up to 5.x. Affected is an unknown function of the component Tag Endpoint. This manipulation causes information disclosure. This vulnerability appears as CVE-2026-23983. The attack may be initiated remotely. There is no available exploit. It is suggested to upgrade the affected component.

A vulnerability labeled as critical has been found in Apache Superset up to 5.x. This impacts an unknown function. The manipulation results in sql injection. This vulnerability is reported as CVE-2026-23980. The attack can be launched remotely. No exploit exists. The affected component should be upgraded.

A vulnerability identified as problematic has been detected in Apache Superset up to 5.x. This affects an unknown function. The manipulation leads to incorrect authorization. This vulnerability is documented as CVE-2026-23982. The attack can be initiated remotely. There is not any exploit available. You should upgrade the affected component.

A vulnerability categorized as critical has been discovered in Apache Superset up to 5.x. The impacted element is an unknown function. Executing a manipulation can lead to incorrect authorization. This vulnerability is registered as CVE-2026-23984. It is possible to launch the attack remotely. No exploit is available. It is advisable to upgrade the affected component.

A vulnerability was found in Apache Superset up to 4.1.1. It has been rated as critical. The affected element is an unknown function. Performing a manipulation results in sql injection. This vulnerability is cataloged as CVE-2026-23969. It is possible to initiate the attack remotely. There is no exploit available. Upgrading the affected component is advised.

A group of attackers has built a fake version of the Huorong Security antivirus website to trick users into downloading ValleyRAT, a Remote Access Trojan (RAT) built on the Winos4.0 framework. The campaign is linked to the Silver Fox APT group, a Chinese-speaking threat actor known for distributing trojanized versions of popular Chinese software. Huorong […]

The post Fake Huorong Download Site Used to Deploy ValleyRAT Backdoor in Targeted Malware Campaign appeared first on Cyber Security News.

A vulnerability was found in Docker Desktop up to 4.61.x on Windows. It has been declared as problematic. Impacted is an unknown function of the file /proc/docker of the component Linux VM. Such manipulation leads to out-of-bounds read. This vulnerability is listed as CVE-2026-2664. The attack must be carried out locally. There is no available exploit. It is recommended to upgrade the affected component.

血液中的一种蛋白质 p-tau217 能显著提高阿尔茨海默病的正确诊断。研究人员追踪了 200 名年龄 50 岁及以上、出现认知症状的新患者，依靠标准临床评估医生对阿尔茨海默病的正确诊断率为 75.5%，结合血液检测结果后正确率提高到 94.5%。p-tau217（Phosphorylated tau）是一种存在于大脑中的天然蛋白质，有助于维持神经元的稳定和健康。当 p-tau217 异常磷酸化，聚成一团，形成缠结破坏脑细胞之间的通讯。随着时间的推移，这种损伤会影响大脑功能，导致阿尔茨海默病等神经退行性疾病。虽然 p-tau217 并非阿尔茨海默病的直接病因，但血液中 p-tau217 水平升高被公认为该病的早期预警信号之一。

Связь будущего вытащили из стерильной лаборатории в грязный город. И вот что получилось.

Microsoft expands Microsoft Sovereign Cloud with new disconnected and AI capabilities that help organizations run critical infrastructure, productivity services and large AI models inside sovereign boundaries while keeping governance and operational continuity across connected and disconnected environments. Sovereign Private Cloud unifies Azure Local, Microsoft 365 Local and Foundry Local, bringing infrastructure, productivity and support for large AI models to any operational boundary. (Source: Microsoft) “Customers can choose the right control posture for each workload, through … More →

The post Microsoft expands Sovereign Cloud security with governance, local productivity and AI appeared first on Help Net Security.

Security researchers have uncovered another supply chain attack targeting developers: 19 typosquatting npm packages published on npmjs.com that steal credentials, infect projects, and propagate themselves across developer environments. The operation, dubbed “SANDWORM_MODE,” represents a (still) rare example of worm-like malware designed to spread through software supply chains rather than traditional end-user systems. New npm worm builds on Shai-Hulud’s playbook After last year’s bombshell appearance of the self-replicating “Shai-Hulud” worm on the official npm registry, the … More →

The post Self-spreading npm malware targets developers in new supply chain attack appeared first on Help Net Security.

Investments in cybersecurity startups took off in 2025 as venture capital firms focused not just on AI-native tech but on talent as well.

SolarWinds has patched four critical Serv-U remote code execution vulnerabilities that could grant attackers root access to unpatched servers. [...]

ReliaQuest claims AI has reduced breakout and exfiltration time to under 10 minutes

Инженер OpenAI потерял $250000 из-за ошибки в коде торгового бота.

如果要回到过去，摧毁一项技术，从而让AI无法统治人类，应该怎么办？

Catalin Dragomir admits to hacking an Oregon government office and selling network access. Read more on the $250k fraud case and his 2026 sentencing.

贪：什么都想要 嗔：什么都看不惯 痴：什么都想不明白 慢：什么都看不起 疑：什么都不相信