Aggregator

A misconfigured server linked to the carding marketplace Jerry’s Store exposed 345,000 stolen credit cards after an AI coding error caused a major security flaw.

Submit #804417 / VDB-360358

Author, Creator & Presenter: Xenia Mountrouidou, Principal Cyber Data Scientist At Expel

Our thanks to [un]prompted for publishing their Creators, Authors and Presenter’s outstanding [un]prompted 2026 AI Security Practitioner content on the Organizations' YouTube Channel.

Permalink

The post [un]prompted 2026 – Traditional ML vs. LLMs: Who Can Classifv Better? appeared first on Security Boulevard.

A new phishing kit named Bluekit offers more than 40 templates targeting popular services and includes basic AI features for generating campaign drafts. [...]

heap是赛后复现，2.23太长时间没有做已经是很生疏了

Submit #804404 / VDB-360357

Submit #804377 / VDB-360119

Submit #804340 / VDB-360356

Компания уверяет, что библиотека игр останется доступной даже без связи.

New Linux 'copy_fail' LPE gives root on all major distros. Mitigate before patching.

The post CVE-2026-31431 (Copy Fail): Linux Kernel LPE appeared first on Security Boulevard.

A vulnerability was found in Totolink A8000RU 7.1cu.643_b20200521. It has been rated as critical. This issue affects the function Vulnerability of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument proto leads to os command injection. This vulnerability is listed as CVE-2026-7538. The attack may be initiated remotely. In addition, an exploit is available.

本文分析了在 No RELRO 和 Partial RELRO 保护下，通过栈溢出漏洞伪造_DYNAMIC、重定位表及符号表实现 ret2dlresolve 攻击的方法。文章详细阐述了修改字符串表地址与构造虚假重定位项两种利用链，成功绕过限制执行 system 函数获取 Shell。

Linux flaw CVE‑2026‑31431, ‘Copy Fail,’ lets any local user write four bytes into page cache files, enabling easy escalation to root on major distros. Xint Code researchers warn of a serious Linux flaw, tracked as CVE-2026-31431 (CVSS score of 7.8), dubbed Copy Fail. It lets any local, unprivileged user write four controlled bytes into the […]

Submit #804321 / VDB-360354

A vulnerability was found in Open5GS up to 2.7.7. It has been declared as problematic. This vulnerability affects the function bsf_sess_add_by_ip_address of the file /nbsf-management/v1/pcfBindings of the component BSF. Executing a manipulation of the argument ipv4Addr can lead to denial of service. This vulnerability is tracked as CVE-2026-7536. The attack can be launched remotely. Moreover, an exploit is present. The project was informed of the problem early through an issue report but has not responded yet.

A vulnerability was found in Open5GS up to 2.7.7. It has been classified as problematic. This affects the function amf_namf_comm_handle_registration_status_update_request in the library /lib/app/ogs-init.c of the file /namf-comm/v1/ue-contexts/{ueContextId}/transfer-update. Performing a manipulation of the argument ueContextId results in denial of service. This vulnerability is identified as CVE-2026-7535. The attack can be initiated remotely. Additionally, an exploit exists. The project was informed of the problem early through an issue report but has not responded yet.

Submit #804303 / VDB-360352

A vulnerability was found in Halo 2.22.14 and classified as critical. Affected by this issue is some unknown functionality of the file /themes/-/install-from-uri of the component GET Handler. Such manipulation leads to server-side request forgery. This vulnerability is referenced as CVE-2026-36758. It is possible to launch the attack remotely. No exploit is available.

A vulnerability has been found in halo 2.22.14 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /plugins/-/install-from-uri of the component GET Handler. This manipulation causes server-side request forgery. The identification of this vulnerability is CVE-2026-36756. It is possible to initiate the attack remotely. There is no exploit available.