Aggregator

A vulnerability marked as problematic has been reported in py-pdf pypdf up to 6.7.4. Impacted is an unknown function. The manipulation of the argument ASCIIHexDecode leads to inefficient algorithmic complexity. This vulnerability is traded as CVE-2026-28804. It is possible to initiate the attack remotely. There is no exploit available. It is suggested to upgrade the affected component.

A vulnerability was found in Google Android 14/15/16. It has been rated as problematic. Affected by this issue is the function setHideSensitive of the file ExpandableNotificationRow.java. This manipulation causes information disclosure. This vulnerability is handled as CVE-2026-0012. It is possible to launch the attack on the local host. There is not any exploit available. It is suggested to install a patch to address this issue.

A vulnerability, which was classified as problematic, has been found in Google Android 14/15/16/16-qpr2. This impacts the function isPackageNullOrSystem of the file AppOpsService.java. Performing a manipulation results in denial of service. This vulnerability is cataloged as CVE-2026-0014. The attack must be initiated from a local position. There is no exploit available. It is suggested to install a patch to address this issue.

A vulnerability, which was classified as problematic, was found in Google Android 14/15/16/16-qpr2. Affected is an unknown function of the file AppOpsService.java. Executing a manipulation can lead to denial of service. This vulnerability is registered as CVE-2026-0015. The attack needs to be launched locally. No exploit is available. A patch should be applied to remediate this issue.

A vulnerability has been found in Google Android 14/15/16/16-qpr2 and classified as problematic. Affected by this vulnerability is the function enableSystemPackageLPw of the file Settings.java. The manipulation leads to protection mechanism failure. This vulnerability is documented as CVE-2026-0011. The attack needs to be performed locally. There is not any exploit available. To fix this issue, it is recommended to deploy a patch.

A vulnerability was found in Google Android 14/15/16 and classified as critical. Affected by this issue is the function onTransact of the file IDrmManagerService.cpp. The manipulation results in out-of-bounds write. This vulnerability is reported as CVE-2026-0010. The attack requires a local approach. No exploit exists. It is advisable to implement a patch to correct this issue.

A vulnerability was found in Google Android 16/16-qpr2. It has been declared as problematic. This vulnerability affects the function onChange of the file BiometricService.java. Such manipulation leads to improper authorization. This vulnerability is traded as CVE-2026-0017. An attack has to be approached locally. There is no exploit available. It is best practice to apply a patch to resolve this issue.

A vulnerability was found in Google Android 14/15/16. It has been classified as problematic. Impacted is the function setupLayout of the file PickActivity.java. Performing a manipulation results in unintended intermediary. This vulnerability is reported as CVE-2026-0013. The attack requires a local approach. No exploit exists. To fix this issue, it is recommended to deploy a patch.

A vulnerability described as critical has been identified in freescout-help-desk freescout up to 1.8.206. Affected by this vulnerability is the function sanitizeUploadedFileName of the component .htaccess Handler. The manipulation results in unrestricted upload. This vulnerability is reported as CVE-2026-28289. The attack can be launched remotely. No exploit exists. Upgrading the affected component is recommended.

A vulnerability, which was classified as critical, has been found in QwikDev qwik up to 1.19.0. This impacts the function require of the component HTTP Request Handler. This manipulation causes deserialization. This vulnerability appears as CVE-2026-27971. The attack may be initiated remotely. There is no available exploit. It is advisable to upgrade the affected component.

A vulnerability was found in OpenText Filr up to 25.1.2 and classified as critical. Affected by this issue is some unknown functionality. Executing a manipulation can lead to missing authorization. This vulnerability is handled as CVE-2026-3266. The attack can be executed remotely. There is not any exploit available.

A vulnerability categorized as critical has been discovered in Google Android 14/15/16. This affects the function writeToParcel of the file WindowInfo.cpp. Such manipulation leads to permission issues. This vulnerability is uniquely identified as CVE-2026-0007. Local access is required to approach this attack. No exploit exists. A patch should be applied to remediate this issue.

作者：知道创宇积极防御实验室 完整的 OpenClaw 安全实践 Skill、自动化审计工具已在 GitHub 开源。项目地址：https://github.com/knownsec/openclaw-security 一、背景说明 随着 AI Agent 技术的快速演进，具备自动化决策与自主执行能力的开源框架正逐步进入真实业务场景与生产环境。相较于传统应用系统，这类框架不仅承担数据处理与接...

As cryptocurrency adoption continues to grow, so do the tactics used by cybercriminals to exploit users. One of the emerging threats in the blockchain ecosystem is address poisoning — a subtle yet highly deceptive attack designed to trick users into sending funds to fraudulent wallet addresses. Unlike traditional hacking methods that rely on breaching systems, […]

The post What Is Address Poisoning first appeared on StrongBox IT.

The post What Is Address Poisoning appeared first on Security Boulevard.

日本厚生劳动省以附带条件和限期的方式批准制造和销售使用诱导多能干细胞（iPS 细胞）的再生医疗产品。此次获批的是用于重度心力衰竭的 ReHeart 和用于帕金森病的 Amchepry。此次批准在 iPS 细胞实际应用于再生医疗方面开创了全球先河。ReHeart 预计价格在 1000 万日元（约合人民币 44 万元）以上，Amchepry 价格也不菲。此次批准期限为 7 年，如果能通过治疗确认有效性，就将转为无条件批准。ReHeart 用于血管堵塞导致血液难以到达心脏的“缺血性心肌病”引发的重度心力衰竭。它的原理是将来自他人 iP S细胞的心肌细胞培育成薄膜状并贴在心脏表面，使之生成新的血管。该药由源于大阪大学的初创企业“Cuorips”（东京）研发。Amchepry 的对象是脑内释放神经传导物质多巴胺的神经细胞减少引发身体僵硬及手足颤抖的“帕金森病”。原理是将他人的iPS细胞培育成释放多巴胺的神经前体细胞，并移植到头部。这可能有助于根治。它由住友制药（大阪市）研发。

Cisco has issued a stark admonition regarding sustained cyber offensives wherein malicious actors are actively exploiting vulnerabilities within

The post Network Decapitation: Cisco Warns of Active SD-WAN Zero-Day Exploits and Chained Attacks appeared first on Penetration Testing Tools.

An international law enforcement operation has successfully dismantled Tycoon 2FA, one of the most formidable phishing-as-a-service platforms in

The post The Fall of a Phishing Giant: How International Law Enforcement Crushed the Tycoon 2FA Empire appeared first on Penetration Testing Tools.

Artificial intelligence tools are now a core part of everyday workflows — from browsers that summarize web pages to automated agents that help users make decisions online. As these tools become more capable, attackers are learning how to turn them against the very people they are designed to serve. A method called indirect prompt injection […]

The post Hackers Can Use Indirect Prompt Injection Allows Adversaries to Manipulate AI Agents with Content appeared first on Cyber Security News.

3月16 - 19日，NVIDIA初创加速计划将携手创业生态合作伙伴、优秀会员企业代表及创投联盟资深投资人在GTC 2026上带来全新会议特辑。会议包含3场针对中国创业者的精彩演讲。特辑内容将围绕中国创业生态格局、前沿技术趋势、2025年中国AI市场前景，以及重点行业投资方向等议题展开，全景呈现当前AI创业、前沿技术领域的热门话题。GTC现场还将设置Inception Startup Pavilion创业企业展区、投资人AI Day、创业公司和投资机构路演等环节。

За что взломщики возненавидели администрацию торрент-трекера YggTorrent.