Aggregator

A vulnerability was found in go-git up to 5.16.4. It has been classified as problematic. The impacted element is an unknown function. The manipulation leads to improper validation of integrity check value. This vulnerability is uniquely identified as CVE-2026-25934. The attack is possible to be carried out remotely. No exploit exists. Upgrading the affected component is recommended.

A vulnerability was found in libpng up to 1.6.54. It has been rated as critical. Affected is the function png_set_quantize of the component Low-level API. Performing a manipulation results in heap-based buffer overflow. This vulnerability is known as CVE-2026-25646. Remote exploitation of the attack is possible. No exploit is available. Upgrading the affected component is advised.

A vulnerability, which was classified as problematic, was found in CCExtractor up to 183. This affects the function parse_PAT/parse_PMT in the library src/lib_ccx/ts_tables.c of the component MPEG-TS File Parser. Such manipulation leads to out-of-bounds read. This vulnerability is referenced as CVE-2026-2245. The attack can only be performed from a local environment. Furthermore, an exploit is available. It is best practice to apply a patch to resolve this issue.

A vulnerability, which was classified as problematic, has been found in Apache Shiro up to 2.0.6. Affected by this issue is some unknown functionality. Performing a manipulation results in observable timing discrepancy. This vulnerability is identified as CVE-2026-23901. The attack can be initiated remotely. There is not any exploit available. It is advisable to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Apache Shiro up to 2.0.6. This affects an unknown part. Executing a manipulation can lead to authorization bypass. This vulnerability is tracked as CVE-2026-23903. The attack can be launched remotely. No exploit exists. You should upgrade the affected component.

A vulnerability has been found in vrana adminer up to 5.4.1 and classified as problematic. Affected is the function openssl_verify. The manipulation of the argument version[] leads to denial of service. This vulnerability is uniquely identified as CVE-2026-25892. The attack is possible to be carried out remotely. No exploit exists. The affected component should be upgraded.

Рейтинг TIOBE фиксирует усталость индустрии от гегемонии одного решения.

Operation Cyber Guardian was Singapore’s largest and longest running anti-cyber threat law enforcement operation

Attackers are using Pride Month themed phishing emails to target employees worldwide, abusing trusted email platforms like SendGrid to harvest credentials.

生于素食家庭的婴儿在早期可能略微偏瘦，但到两岁时，体重就能赶上杂食家庭的同龄婴儿。以色列内盖夫本-古里安大学的研究人员分析了 2014-2023 年间从以色列国家家庭护理中心收集的 120 万名婴儿的数据，记录了每个婴儿从出生到 24 个月的身长、体重和头围。研究团队将生长数据与婴儿父母报告的饮食类型进行了比较。绝大多数家庭表示他们是杂食家庭，只有 1.2% 的家庭自称是素食者，0.3% 的家庭自称是纯素食者。素食家庭和纯素食家庭中仍然有大约 1.8 万名婴儿。研究人员按照饮食类型将婴儿分为三组。在出生后的 60 天内，三组婴儿的身长、头围以及生长发育受限的发生率都相似。来自无肉家庭（尤其是纯素食家庭）的婴儿体重偏轻的可能性较高。到 2 岁左右，这些差异基本消失，三组幼儿的生长指标趋于一致。研究人员指出，这项研究应该能让人放心，无肉饮食可以支持婴儿早期的健康成长，他同时指出，这些饮食情况是由父母自行报告的，这可能会影响结果的准确性。

Что делать, когда твой интернет превращается в тыкву.

OSSList OSS资源快速分析工具

Enabling Practical Endpoint Control Without Productivity Trade-offs
Removing local admin rights often creates helpdesk and user friction. An identity-first model reduces risk while keeping business operational. Join CyberArk's practical webinar session to learn how identity-first endpoint control replaces standing admin rights with just-in-time access.

2023 and 2024 Ransomware Breaches Affected More Than 2.5M
Michigan-based McLaren Health Care has agreed to pay $14 million to settle consolidated class action litigation involving two ransomware attacks - allegedly by Alphv/BlackCat in 2023 and by Inc Ransom in 2024 - that affected about 2.5 million patients and employees.

AI Elevates CDO Job From Gatekeeper to Data-Driven Change Agent
The chief data officer is being pushed out of the shadows and into the C-suite spotlight with the rise of AI. While the role emerged as one rooted in compliance and risk management, it has evolved to be a business driver, holding the keys to value creation and human-centered transformation.

Security Service Says China-Linked Actor Compromised Vulnerable Network Devices
Norway's security service confirmed it was targeted by the China-linked Salt Typhoon campaign, marking one of Europe’s clearest public acknowledgements that the cyberespionage operation extended beyond U.S. telecom and federal networks into allied infrastructure.

Shadow Aeza International Directed Traffic to Malicious Adtech
A financially motivated threat actor hacked dozens of domain name system resolvers, connecting them to the infrastructure of a Russian bulletproof hosting service sanctioned by the U.S. Department of Treasury for its criminal links, researchers found.