Aggregator

CVE-2026-0073: Zero-Click RCE Flaw in Android's Wireless ADB Bypasses Authentication

513 млн лет назад океаны потеряли кислород. С этого началась современная жизнь.

披露了一起正在进行中的大规模供应链攻击

As 5G networks continue to evolve, service providers face a familiar challenge: how to scale services, meet increasingly stringent enterprise expectations, and generate new revenue—without introducing unsustainable operational complexity. Network slicing has emerged as a foundational capability for addressing these...

ESET warns that North Korean hackers compromised a Yanbian gaming site in a supply‑chain attack, trojanizing Windows and Android software to spy on users

A proof-of-concept exploit (PoC) shows how someone with admin privileges can exploit the issue to steal passwords, and thus use them to engage in further malicious activity.

2006 年国际天文联合会（IAU）修正了行星定义，将冥王星降级为矮行星，以与其它八大典行星相区分。此前天文学家在柯伊伯带发现了与冥王星质量相近甚至更大的天体，挑战了其行星地位。现在亿万富翁、NASA 局长 Jared Isaacman 在参议院听证会上表示坚决支持恢复冥王星被剥夺的行星地位，称 NASA“目前正在撰写文件，准备在科学界推动重新审视这一问题”。他的言论被认为是分散了对真正科学问题的关注，而且他支持削减 NASA 预算一半的提议引发了天文学家的抨击。

Последствия такой беспечности проявятся в самый неподходящий момент.

Cambridge, MA, May 5th, 2026, CyberNewswire New right-sized offering brings advanced encryption, easy API integration, and HITRUST-certified compliance to the most underserved segment in healthcare email — with pricing starting at $99/month LuxSci, a leading provider of HIPAA compliant secure healthcare communications, today announced the launch of LuxSci Secure High Volume Email for mid-sized healthcare […]

The post LuxSci Launches Enterprise-Grade HIPAA-Compliant Email Security for Mid-Sized Healthcare Organizations appeared first on Cyber Security News.

The FTC will ban data broker Kochava and its subsidiary, Collective Data Solutions (CDS), from selling location data without consumers' explicit consent to settle charges alleging that it sold precise geolocation data collected from hundreds of millions of mobile devices. [...]

端对端加密消息应用 Signal 正在开发无需手机的独立桌面应用。此前 Signal 桌面应用需要智能手机用于初始设置和管理。Signal Desktop 源代码已经合并了相关补丁，但尚未正式推出。注册 Signal 桌面版仍然需要电话号码，电话号码可以是手机号码也可以是座机号码，功能机或智能手机都可以。未来没有智能手机的用户也能使用 Signal。

Google has revised its Android and Chrome Vulnerability Reward Programs (VRPs), which pay security researchers to report vulnerabilities in Android, Google hardware, and the Chrome browser. The update raises top bounties to $1.5 million and adjusts rewards for lower-complexity reports. The program targets vulnerability classes that automated tools struggle to detect and prioritizes researcher-driven findings. The maximum reward of $1.5 million applies to a zero-click, full-chain compromise of Pixel devices targeting the Titan M2 security … More →

The post Google to pay up to $1.5 million for zero-click Pixel Titan M exploits appeared first on Help Net Security.

A sophisticated China-nexus advanced persistent threat (APT) group has been attributed to attacks targeting government entities in South America since at least late 2024 and government agencies in southeastern Europe in 2025. The activity is being tracked by Cisco Talos under the moniker UAT-8302, with post-exploitation involving the deployment of custom-made malware families that have been put

A dangerous piece of Android stalkerware called Cerberus Anti-theft has been hiding in plain sight on the Google Play Store since October 4, 2023. Sold under the package name com.ssurebrec and marketed as a legitimate anti-theft tool, the app is capable of silently photographing victims, tracking their location, recording audio, and wiping their devices, all without their […]

The post Cerberus Stalkerware on Google Play Leverages Accessibility Abuse and Firebase for Remote Control appeared first on Cyber Security News.

Астрономы впервые прощупали поверхность экзопланеты LHS 3844 b.

MS Edge 浏览器被发现启动时会在内存中明文加载其保存的所有密码。相比下 Chrome 只在需要时解密凭证，没有将所有密码保存在内存中。Edge 和 Chrome 都是基于开源的 Chromium。微软的做法让从内存中抓取重要数据变得更容易，也增加了共享环境下密码泄露的风险。安全研究人员将这一问题报告给了微软，收到的回应是该行为就是这么设计的。研究人员在 GitHub 上发布了概念演示工具 EdgeSavedPasswordsDumper。

Google patched a critical Android flaw (CVE‑2026‑0073) that lets attackers run code remotely without user action. Google released a security update for Android to address a critical remote code execution flaw, tracked as CVE‑2026‑0073, in the System component. The bug allowed attackers to run code as the shell user without needing extra permissions, or any […]

Critical vulnerabilities can exist in open source software your scanners don't check. HeroDevs reveals how EOL software creates blind spots in CVE feeds and SCA tools, and how you can receive a free end-of-life scan for your projects. [...]

Venomous#Helper attackers impersonate the US Social Security Administration to deploy signed RMM software and maintain persistent access across US networks