Aggregator

Bitcoin, Ethereum и банковские карты: под угрозой всё.

Cybersecurity researchers are sounding the alarm about a new supply chain attack campaign targeting SAP-related npm Packages with credential-stealing malware. According to reports from Aikido Security, Onapsis, OX Security, SafeDep, Socket, StepSecurity, and Google-owned Wiz, the campaign – calling itself the Mini Shai-Hulud – has affected the following packages associated with

A hacker using the alias "Xorcat" claims to have breached Polymarket using API flaws, but research suggests the leak could be just data scraping incident.

手机取证：从 WhatsApp、Signal 和 Telegram 提取媒体和消息的简单方法在数字调查取证的世

电子数据取证必知的关键技术

Тысячи экспертов проверили на прочность цифровой фундамент цивилизации.

今日暂未更新资讯~
更多最新文章，请访问SecWiki

A critical vulnerability affecting all but the latest versions of cPanel and the WebHost Manager (WHM) dashboard could be exploited to obtain access to the control panel without authentication. [...]

A vulnerability was found in Tubitak Bilgem Pardus OS My Computer up to 0.7.x. It has been declared as critical. This affects an unknown function. Such manipulation leads to os command injection. This vulnerability is referenced as CVE-2026-6849. It is possible to launch the attack remotely. No exploit is available. It is recommended to upgrade the affected component.

The platforms allegedly flouted the bloc’s Digital Services Act (DSA) by “failing to diligently identify, assess and mitigate the risks of minors under 13 years old accessing their services,” the commission said.

A vulnerability was found in Cockpit up to 2.13.5. It has been classified as critical. The impacted element is an unknown function of the component Buckets. This manipulation causes path traversal. The identification of this vulnerability is CVE-2026-38993. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in Tubitak Bilgem Pardus Software Center up to 1.0.2 and classified as critical. The affected element is an unknown function. The manipulation results in path traversal. This vulnerability was named CVE-2026-5166. The attack may be performed from remote. There is no available exploit. It is suggested to upgrade the affected component.

A vulnerability has been found in cPanel and WHM and classified as critical. Impacted is an unknown function. The manipulation leads to missing authentication. This vulnerability is uniquely identified as CVE-2026-41940. The attack is possible to be carried out remotely. No exploit exists. The affected component should be upgraded.

A vulnerability, which was classified as critical, was found in Cockpit up to 2.13.5. This issue affects the function _isFileTypeAllowed of the component Bucket. Executing a manipulation can lead to improper access controls. This vulnerability is handled as CVE-2026-38991. The attack can be executed remotely. There is not any exploit available.

用 Rust 开发的文本编辑器项目 Zed 宣布发布 1.0 版本。开发者表示 1.0 版本并不意味着“完成”或“完美”，而是意味着到达了一个关键点。开发者还宣称 Zed 编辑器是一个 AI 原生编辑器，能并行运行多个 AI 智能体，包括 Claude Agent、Codex、OpenCode，以及 Cursor。AI 构建在编辑器的基础架构之中，而不是附加组件。

Разбираемся, как желание угодить начальству создаёт комфортную среду для профессиональных взломщиков.

2019 年，西班牙网络安全公司 S2GRUPO 的应急响应团队在一次国家级网络间谍行动中，发现了一款前所未见

The emerging ransomware has been deployed against victims of the TeamPCP supply chain attacks, but organizations should think twice before paying for a decryptor.

​追觅要用 AI 撕开家电的边界。

Cursor flaw lets extensions steal API keys and session tokens without user interaction, according to researchers at LayerX