Aggregator

Новая работа пока не обгоняет лучшие классические методы, но уже показывает путь к более точным расчетам белков, материалов и лекарственных молекул.

A newly disclosed remote access trojan (RAT) is quietly turning a built-in Windows feature into a credential-harvesting weapon, and what makes it particularly worrying is that it never has to touch your phone to steal codes meant for it.

A vulnerability described as critical has been identified in Linux Kernel up to 6.12.79/6.18.20/6.19.10. Affected is the function xfs_attri_recover_work of the component xfs. Such manipulation leads to privilege escalation. This vulnerability is traded as CVE-2026-43063. Access to the local network is required for this attack to succeed. There is no exploit available. Upgrading the affected component is recommended.

A vulnerability labeled as critical has been found in Linux Kernel up to 6.19.9. This affects the function dmaengine_terminate_async. The manipulation results in deserialization. This vulnerability is reported as CVE-2026-43061. The attacker must have access to the local network to execute the attack. No exploit exists. The affected component should be upgraded.

A vulnerability marked as critical has been reported in Linux Kernel up to 6.19.9. This impacts the function l2cap_ecred_reconf_rsp of the component Bluetooth. This manipulation causes type confusion. This vulnerability appears as CVE-2026-43062. The attacker needs to be present on the local network. There is no available exploit. It is suggested to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.12.77/6.18.19/6.19.9. It has been rated as critical. Impacted is the function mgmt_pending_valid of the component Bluetooth. Performing a manipulation results in use after free. This vulnerability is cataloged as CVE-2026-43059. The attack must originate from the local network. There is no exploit available. Upgrading the affected component is advised.

A vulnerability identified as critical has been detected in Linux Kernel up to 6.19.9. The impacted element is an unknown function of the component netfilter. The manipulation leads to privilege escalation. This vulnerability is documented as CVE-2026-43060. The attack requires being on the local network. There is not any exploit available. You should upgrade the affected component.

A critical vulnerability in the popular Node.js sandboxing library vm2 allows escaping the sandbox and executing arbitrary code on the host system. [...]

«Полный круг = 2π — это абсурд, и мы докажем».

A newly discovered threat is turning a built-in Microsoft feature into a powerful spying tool. Security researchers have found a remote access tool called CloudZ that works alongside a custom plugin named Pheno to silently intercept SMS messages and one-time passwords (OTPs) from mobile phones, all without ever touching the phone itself. The attack exploits […]

The post CloudZ RAT Abuses Microsoft Phone Link to Steal SMS OTPs and Mobile Notifications appeared first on Cyber Security News.

These are the top threats you should know about this week.

Cisco patched a Crosswork Network Controller and Network Services Orchestrator denial-of-service vulnerability that requires manually rebooting targeted systems for recovery. [...]

A new and previously undocumented Linux threat has emerged, targeting software developers in a way that could put entire supply chains at risk. Named Quasar Linux, or QLNX, this malware operates as a full-featured remote access trojan built specifically for Linux systems. It combines stealth techniques with targeted credential theft, making it one of the […]

The post QLNX Targets Developers With Credential Theft Designed for Supply Chain Compromise appeared first on Cyber Security News.

Три тонны груза, ноль взрывов, один конкурент.

ShinyHunters breached Instructure and Vimeo, exposing millions of student and user records through direct and supply chain attacks.

The initiative, named CI Fortify, focuses on isolation and recovery efforts that would see critical infrastructure organizations proactively disconnect from third-party dependencies and find ways to operate without reliable telecommunications and internet.

A Latvian national operating out of Moscow was sentenced to 102 months in federal prison for his central role in a sprawling Russian ransomware syndicate. Deniss Zolotarjovs, 35, served as a primary extortionist and negotiator for a highly organized cybercriminal network that attacked over 54 companies worldwide. The United States Justice Department announced the sentencing, […]

The post Member of Prolific Russian Ransomware Group Sentenced to 102 Months in Prison appeared first on Cyber Security News.