Aggregator

2026年5月12日 10:52iOS, 系统资讯01.65K

A vulnerability has been found in D-Link DIR-816 1.10CNB05_R1B011D88210 and classified as critical. Affected by this vulnerability is the function sub_445E7C of the file /goform/formDMZ.cgi. This manipulation causes command injection. The identification of this vulnerability is CVE-2026-8344. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability labeled as problematic has been found in Barebox up to 2026.04.0. Affected by this issue is some unknown functionality of the file efi/loader/pe.c of the component EFI PE Loader. Such manipulation of the argument VirtualAddress/size leads to integer overflow. This vulnerability is uniquely identified as CVE-2026-34963. Local access is required to approach this attack. No exploit exists. The affected component should be upgraded.

A vulnerability classified as critical has been found in HAARG HTTP::Tiny up to 0.092 on Perl. The affected element is an unknown function of the component HTTP Request Handler. Performing a manipulation of the argument Host results in http response splitting. This vulnerability is reported as CVE-2026-7010. The attack is possible to be carried out remotely. No exploit exists. It is recommended to upgrade the affected component.

A vulnerability was found in D-Link DIR-816 1.10CNB05_R1B011D88210. It has been classified as critical. This affects the function portForward. Performing a manipulation of the argument ip_address results in command injection. This vulnerability is identified as CVE-2026-8346. The attack can be initiated remotely. Additionally, an exploit exists.

A vulnerability was found in Sangoma Switchvox up to 8.3. It has been declared as problematic. The impacted element is an unknown function. The manipulation results in cleartext storage of sensitive information. This vulnerability is identified as CVE-2026-45362. The attack is only possible with local access. There is not any exploit available. It is recommended to upgrade the affected component.

OpenAI 正在推出 Daybreak，这是一项专注于在攻击者发现漏洞之前检测并修补它们的AI计划。Daybreak使用三月推出的Codex安全AI智能体，基于一家组织的代码创建威胁模型，聚焦可能的

A significant supply-chain compromise affecting 84 npm package artifacts across the TanStack namespace. The malicious versions, published to the npm registry at approximately 19:20 and 19:26 UTC, contain a suspected credential-stealing payload targeting CI systems, including GitHub Actions. According to Socket, the compromise spans 42 TanStack packages — two malicious versions each including widely used […]

The post 84 TanStack npm Packages Hacked in Ongoing Supply-Chain Attack Targeting CI Credentials appeared first on Cyber Security News.

一名安全研究人员发布了一款名为 GhostLock 的概念验证工具，展示了合法的 Windows 文件 API 如何在攻击中被滥用，从而阻断对本地或 SMB 网络共享中存储文件的访问。   这项技术由以色列航空航天工业公司的金・德瓦什（Kim Dvash）开发，它滥用了 Windows 的 “CreateFileW” API 和文件共享模式，在文件句柄保持活动状态...

error code: 1003

Checkmarx 周末发出警告，其 Jenkins 应用安全测试（AST）插件的恶意版本已在 Jenkins 应用市场发布。   此次入侵由黑客组织 TeamPCP 宣称负责，该组织发起了一系列供应链攻击，包括针对 npm 的 “沙虫”（Shai - Hulud）行动以及对 Trivy 漏洞扫描器的攻击，导致窃取凭证的恶意软件被传播。   Jenkin...

error code: 1003

德国警方成功捣毁了德语网络犯罪市场 “Crimenetwork” 的复活版本，而就在数月前，该平台才首次被关停。这个重生的网站已经吸引了超过 2.2 万名用户和 100 多名卖家，这表明，一旦运营者能够重建基础设施，地下市场恢复的速度有多快。   德国联邦刑事警察局（BKA）发布的公告称：“在 2024 年底被执法部门关停之前，‘Crime...

error code: 1003

身份管理与治理服务提供商 SailPoint 披露了一起涉及其 GitHub 代码库的网络安全事件。   在提交给美国证券交易委员会（SEC）的文件中，该公司透露此次事件发生于 4 月 20 日，且已迅速得到控制。   提交给 SEC 的文件称：“2026 年 4 月 20 日，我们检测到部分 GitHub 代码库遭到未经授权的访问。我们的事件响应团队迅速终止了未授...

error code: 1003

微软投资OpenAI时目标获得920亿美元回报微软公司在其早期对OpenAI公司的大规模投资中，设定了 920亿美元的回报目标。双方这一具有里程碑意义的合作，帮助开启了当前的AI时代。这一目标包含在微