传小米新 SU7 锁单突破 7 万;微信输入法测「隔空发图」功能;豆包二代 AI 手机上半年发布 | 极客早知道
即将超越英伟达,谷歌母公司 Alphabet 市值已达 4.6 万亿美元;谷歌将为 Gemini 投放广告,目前处于准备阶段;苹果 iOS 27 将重心转向 AI,Siri 迎来独立 App 并将深度整合到相机应用中
Aggregator
Quasar Linux (QLNX) – A Silent Foothold in the Supply Chain: Inside a Full-Featured Linux RAT With Rootkit, PAM Backdoor, Credential Harvesting Capabilities
1 week 6 days ago
TrendAI™ Research breaks down Quasar Linux (QLNX), a previously undocumented sophisticated Linux RAT with low detection rates. In this blog, we examine a full-featured Linux threat incorporating a rootkit, a PAM backdoor, credential harvesting, and more, revealing how this malware enables stealthy access, persistence, and potential supply-chain attacks.
Aliakbar Zahravi
[webapps] Traccar GPS Tracking System 6.11.1 - Cross-Site WebSocket Hijacking (CSWSH)
1 week 6 days ago
Traccar GPS Tracking System 6.11.1 - Cross-Site WebSocket Hijacking (CSWSH)
[local] Windows 11 24H2 - Local Privilege Escalation
1 week 6 days ago
Windows 11 24H2 - Local Privilege Escalation
[webapps] MindsDB 25.9.1.1 - Path Traversal
1 week 6 days ago
MindsDB 25.9.1.1 - Path Traversal
[hardware] Linksys E1200 2.0.04 - Authenticated Stack Buffer Overflow (RCE)
1 week 6 days ago
Linksys E1200 2.0.04 - Authenticated Stack Buffer Overflow (RCE)
[local] Linux nf_tables 6.19.3 - Local Privilege Escalation
1 week 6 days ago
Linux nf_tables 6.19.3 - Local Privilege Escalation
[local] Linux Kernel proc_readdir_de() 6.18-rc5 - Local Privilege Escalation
1 week 6 days ago
Linux Kernel proc_readdir_de() 6.18-rc5 - Local Privilege Escalation
Instructure confirms data breach, ShinyHunters claims attack
1 week 6 days ago
Educational tech giant Instructure has confirmed that data was stolen in a cyberattack, with the ShinyHunters extortion gang claiming responsibility. [...]
Lawrence Abrams
ChatGPT advanced account security adds passkeys and hardware keys
1 week 6 days ago
Journalists, elected officials, researchers, and political dissidents have spent years adapting their accounts to phishing-resistant authentication on consumer platforms. ChatGPT now joins that list. OpenAI has introduced Advanced Account Security, an opt-in setting that strips password-based sign-in from ChatGPT and Codex accounts and replaces it with passkeys or physical security keys. What enrollment changes Enrolled accounts use passkeys or hardware security keys for sign-in, with password login disabled. Email and SMS account recovery are removed, … More →
The post ChatGPT advanced account security adds passkeys and hardware keys appeared first on Help Net Security.
Anamarija Pogorelec
Aur0ra
1 week 6 days ago
You must login to view this content
cohenido
CVE-2026-34282 | Oracle Java SE/GraalVM for JDK/GraalVM Enterprise Edition Networking denial of service (Nessus ID 309659 / WID-SEC-2026-1201)
1 week 6 days ago
A vulnerability was found in Oracle Java SE, GraalVM for JDK and GraalVM Enterprise Edition. It has been rated as problematic. This impacts an unknown function of the component Networking. The manipulation leads to denial of service.
This vulnerability is documented as CVE-2026-34282. The attack can be initiated remotely. There is not any exploit available.
Upgrading the affected component is advised.
vuldb.com
CVE-2026-33601 | PowerDNS Recursor up to 5.2.8/5.3.5/5.4.0 zoneToCache null pointer dereference (WID-SEC-2026-1225)
1 week 6 days ago
A vulnerability, which was classified as problematic, was found in PowerDNS Recursor up to 5.2.8/5.3.5/5.4.0. Impacted is the function zoneToCache. The manipulation results in null pointer dereference.
This vulnerability is identified as CVE-2026-33601. The attack can be executed remotely. There is not any exploit available.
You should upgrade the affected component.
vuldb.com
CVE-2026-33600 | PowerDNS Recursor up to 5.2.8/5.3.5/5.4.0 null pointer dereference (WID-SEC-2026-1225)
1 week 6 days ago
A vulnerability was found in PowerDNS Recursor up to 5.2.8/5.3.5/5.4.0. It has been declared as problematic. This impacts an unknown function. Executing a manipulation can lead to null pointer dereference.
This vulnerability is registered as CVE-2026-33600. It is possible to launch the attack remotely. No exploit is available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2022-24729 | CKEditor4 up to 4.17.x Dialog Plugin resource consumption (GHSA-f6rf-9m92-x2hh / EUVD-2022-29580)
1 week 6 days ago
A vulnerability, which was classified as problematic, has been found in CKEditor4 up to 4.17.x. This affects an unknown part of the component Dialog Plugin. The manipulation leads to resource consumption.
This vulnerability is traded as CVE-2022-24729. It is possible to initiate the attack remotely. There is no exploit available.
It is advisable to upgrade the affected component.
vuldb.com
CVE-2022-24695 | Bluetooth Core up to 5.3 Non-Discoverable Mode information disclosure (EUVD-2022-29562 / Nessus ID 260192)
1 week 6 days ago
A vulnerability identified as problematic has been detected in Bluetooth Core up to 5.3. Affected by this issue is some unknown functionality of the component Non-Discoverable Mode. The manipulation leads to information disclosure.
This vulnerability is documented as CVE-2022-24695. The attack requires being on the local network. There is not any exploit available.
vuldb.com
CVE-2022-24675 | Google Go up to 1.8.0/1.17.8 encoding-pem stack-based overflow (EUVD-2022-29547 / Nessus ID 211345)
1 week 6 days ago
A vulnerability was found in Google Go up to 1.8.0/1.17.8 and classified as critical. This affects an unknown part of the component encoding-pem. Executing a manipulation can lead to stack-based buffer overflow.
The identification of this vulnerability is CVE-2022-24675. The attack needs to be done within the local network. There is no exploit available.
It is suggested to upgrade the affected component.
vuldb.com
CVE-2022-24673 | Canon imageCLASS MF644Cdw 10.02 SLP stack-based overflow (ZDI-22-515 / EUVD-2022-29545)
1 week 6 days ago
A vulnerability has been found in Canon imageCLASS MF644Cdw 10.02 and classified as critical. Affected by this vulnerability is an unknown functionality of the component SLP Handler. The manipulation leads to stack-based buffer overflow.
This vulnerability is listed as CVE-2022-24673. The attack must be carried out from within the local network. There is no available exploit.
vuldb.com
CVE-2022-24674 | Canon imageCLASS MF644Cdw 10.02 Privet API stack-based overflow (ZDI-22-516 / EUVD-2022-29546)
1 week 6 days ago
A vulnerability was found in Canon imageCLASS MF644Cdw 10.02. It has been rated as critical. This issue affects some unknown processing of the component Privet API. Performing a manipulation results in stack-based buffer overflow.
This vulnerability is reported as CVE-2022-24674. The attacker must have access to the local network to execute the attack. No exploit exists.
vuldb.com
CVE-2022-24672 | Canon imageCLASS MF644Cdw 10.02 CADM Service heap-based overflow (ZDI-22-514 / EUVD-2022-29544)
1 week 6 days ago
A vulnerability described as critical has been identified in Canon imageCLASS MF644Cdw 10.02. This impacts an unknown function of the component CADM Service. Such manipulation leads to heap-based buffer overflow.
This vulnerability is uniquely identified as CVE-2022-24672. The attack can only be initiated within the local network. No exploit exists.
vuldb.com