Aggregator

A vulnerability was found in Linux Kernel up to 6.19.5 and classified as critical. The affected element is an unknown function of the component media. Such manipulation leads to divide by zero. This vulnerability is referenced as CVE-2026-43182. The attack needs to be initiated within the local network. No exploit is available. It is suggested to upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 6.12.74/6.18.15/6.19.5 and classified as critical. Impacted is the function ipu6_pci_probe of the component media. This manipulation causes memory leak. The identification of this vulnerability is CVE-2026-43177. The attack needs to be done within the local network. There is no exploit available. The affected component should be upgraded.

A vulnerability, which was classified as critical, was found in Linux Kernel up to 6.12.74/6.18.15/6.19.5. This issue affects the function roundup_pow_of_two of the component buddy. The manipulation results in allocation of resources. This vulnerability was named CVE-2026-43169. The attack needs to be approached within the local network. There is no available exploit. You should upgrade the affected component.

负责评选奥斯卡奖的美国电影艺术与科学学院宣布，只有人类表演和人类创作的剧本才有资格获得奥斯卡奖提名。奥斯卡奖不会全面禁止 AI 工具的使用，但将根据人类是否在创意作品中仍然扮演核心角色去评判电影。电影艺术与科学学院表示，如果电影制作人在作品中使用了 AI 工具，此类工具既不会帮助也不会损害其获得提名的机会。这是电影学院首次明确奖项只颁发给人类的表演和人类创作的剧本。

Iran-linked APT MuddyWater used ransomware-style tactics to mask espionage, combining phishing, credential theft, data exfiltration, and extortion without encryption. A newly discovered cyber intrusion attributed to the Iran-linked APT MuddyWater (aka SeedWorm, TEMP.Zagros, Mango Sandstorm, TA450, and Static Kitten) reveals how state-sponsored attackers are increasingly leveraging ransomware tactics to disguise espionage operations. The campaign, uncovered by security researchers at Rapid7, blended […]

Currently trending CVE - Hype Score: 1 - The Mentoring plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.2.8. This is due to the plugin not properly restricting the roles that users can register with in the mentoring_process_registration() function. This makes it ...

Currently trending CVE - Hype Score: 2 - Double Free and possible RCE vulnerability in Apache HTTP Server with the HTTP/2 protocol. This issue affects Apache HTTP Server: 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue.

Currently trending CVE - Hype Score: 1 - In the Linux kernel, the following vulnerability has been resolved: fs/proc: fix uaf in proc_readdir_de() Pde is erased from subdir rbtree through rb_erase(), but not set the node to EMPTY, which may result in uaf access. We should use RB_CLEAR_NODE() set the erased node to ...

Currently trending CVE - Hype Score: 1 - A path traversal vulnerability affecting the Windows version of WinRAR allows the attackers to execute arbitrary code by crafting malicious archive files. This vulnerability was exploited in the wild and was discovered by Anton Cherepanov, Peter Košinár, and Peter Strýček ...

Grok понял шифровку, Bankrbot понял буквально, токены ушли.

Backups don't fail because they're missing, they fail because attackers destroy them first. Acronis explains how ransomware targets backup systems before encryption, leaving no path to recovery. [...]

根据发表在《Nature Climate Change》期刊上的一项研究，微塑料——尤其是深色的——可能通过吸收更多的热量加剧全球暖化。复旦大学的研究团队分析了不同颜色和大小的微塑料与光的相互作用，发现黑色、黄色、蓝色和红色微塑料颗粒吸收光的能力远胜于白色颗粒，其中黑色和彩色颗粒对光的吸收水平比无色颗粒高 76 倍。他们还发现，不同大小的颗粒以不同强度吸收光，且随着老化而改变吸收光的方式。研究人员估计悬浮在大气中的微塑料对全球变暖的贡献约为黑碳的六分之一，黑碳主要来源于化石燃料的燃烧。虽然微塑料并非暖化的主要来源，但对暖化的影响也绝不是微不足道的。研究人员粗略估计全球一年的微塑料排放量所造成的影响，大约相当于 200 座燃煤电厂运行一年。

近期，深信服千里目安全技术中心监测到一起针对广受欢迎的虚拟光驱软件DAEMON TOOLS的大规模供应链投毒攻击。

2026年5月6日，深瞳漏洞实验室监测到一则Android System组件存在绕过认证漏洞的信息，漏洞编号：CVE-2026-0073，漏洞威胁等级：高危。

2026年5月6日，深瞳漏洞实验室监测到一则Ollama组件存在越界读取漏洞的信息，漏洞编号：CVE-2026-7482，漏洞威胁等级：高危。