Aggregator

DigiCert revokes 60 code signing certificates after hackers used a malicious support chat attachment to sign the Zhong Stealer malware.

Критическая ошибка в цепочке доверия заставила сервис срочно отключить выдачу и откатиться к корню Generation X.

A vulnerability classified as problematic was found in bettercap up to 2.41.5. Affected by this issue is some unknown functionality of the file modules/mysql_server/mysql_server.go of the component MySQL Server. Executing a manipulation can lead to integer coercion error. This vulnerability is tracked as CVE-2026-8276. The attack can be launched remotely. Moreover, an exploit is present. It is advisable to implement a patch to correct this issue.

A vulnerability classified as problematic has been found in bettercap up to 2.41.5. Affected by this vulnerability is the function ippReadChunkedBody of the file modules/zerogod/zerogod_ipp_primitives.go of the component zerogod IPP Service. Performing a manipulation results in integer coercion error. This vulnerability is identified as CVE-2026-8275. The attack can be initiated remotely. Additionally, an exploit exists. To fix this issue, it is recommended to deploy a patch.

German law enforcement has dismantled the relaunched version of the criminal online marketplace "Crimenetwork" and arrested its alleged operator on the Spanish island of Mallorca, the Federal Criminal Police Office (BKA) and the Frankfurt Public Prosecutor's Office's cybercrime unit (ZIT) announced on May 8, 2026.

Submit #811163 / VDB-362573

Submit #811145 / VDB-362572

A vulnerability described as critical has been identified in npitre cramfs-tools up to 2.1. Affected is the function do_directory of the file cramfsck.c of the component Directory Handler. Such manipulation leads to path traversal. This vulnerability is referenced as CVE-2026-8274. The attack can only be performed from a local environment. Furthermore, an exploit is available. Upgrading the affected component is recommended.

这次不幸中的万幸的是，特务逮捕老蒲下手下得早了一点。

cPanel fixed three flaws that could allow file reads, code execution, and privilege escalation. No active exploitation has been reported yet. cPanel has released security updates to fix three vulnerabilities affecting cPanel & WHM that could allow attackers to read files, execute code, or escalate privileges on vulnerable systems. Below are the descriptions for these […]

A vulnerability marked as critical has been reported in D-Link DNS-320 2.06B01. This impacts the function cgi_set_host/cgi_set_ntp/cgi_fan_control/cgi_merge_user of the file /cgi-bin/system_mgr.cgi. This manipulation causes os command injection. The identification of this vulnerability is CVE-2026-8273. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability labeled as critical has been found in D-Link DNS-320 2.06B01. This affects the function delete/rename/copy/move/chmod/chown of the file /cgi-bin/webfile_mgr.cgi. The manipulation results in os command injection. This vulnerability was named CVE-2026-8272. The attack may be performed from remote. In addition, an exploit is available.

A vulnerability identified as critical has been detected in D-Link DNS-320 2.06B01. The impacted element is the function cgi_speed/cgi_dhcpd_lease/cgi_ddns/cgi_set_ip/cgi_upnp_del/cgi_dhcpd/cgi_upnp_add/cgi_upnp_edit of the file /cgi-bin/network_mgr.cgi. The manipulation leads to os command injection. This vulnerability is uniquely identified as CVE-2026-8271. The attack is possible to be carried out remotely. Moreover, an exploit is present.

Submit #810864 / VDB-362571

SecWiki周刊（第635期) by ourren

VoIP号码生态系统和黑产利用现状 by ourren

Maven 智能系统：美军 AI 作战平台的运作逻辑 by ourren

Marketplaces: RAY的私有Claude Code插件 by ourren

再论漏洞发现与分析工作的人机分工 by ourren

第二届智能渗透挑战赛答辩材料 by ourren

awesome-llm-supply-chain-security by ourren

更多最新文章，请访问SecWiki

Submit #810082 / VDB-362570

Submit #810079 / VDB-362569

Submit #810078 / VDB-362568

地理位置开源情报（OSINT）是现代调查方法论的关键组成部分，它专注于从公开数据中提取可操作的信息，以确定个人、实体或事件的地理位置。本质上，它利用散布在数字领域的大量信息，从社交媒体平台到卫星图像库，来揭示目标对象的空间维度。

A vulnerability categorized as problematic has been discovered in Open5GS up to 2.7.7. The affected element is the function ogs_nas_parse_qos_rules of the component SMF. Executing a manipulation can lead to denial of service. This vulnerability is handled as CVE-2026-8270. The attack can be executed remotely. Additionally, an exploit exists. The project was informed of the problem early through an issue report but has not responded yet.