Aggregator

乌克兰-俄罗斯战场持续消耗战叠加乌方超远程无人机打击升级；以色列持续对黎巴嫩和加沙实施精准清除行动；马里萨赫勒局势骤然恶化、俄罗斯准军事力量介入明确化；美伊围绕核协议谈判陷入僵局、美军强化全球海上封锁；网络威胁保持高位活跃态势。

Видеохостинг привлек полицию к расследованию кражи информации клиентов.

A vulnerability, which was classified as critical, has been found in Acronis DeviceLock DLP on Windows. This vulnerability affects unknown code. Performing a manipulation results in uncontrolled search path. This vulnerability is known as CVE-2026-25852. Attacking locally is a requirement. No exploit is available. It is advisable to upgrade the affected component.

A vulnerability classified as critical was found in Totolink N200RE V5. This affects the function formMapDelDevice. Such manipulation of the argument macstr/bandstr leads to command injection. This vulnerability is traded as CVE-2026-36841. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as critical has been found in Totolink A3002RU V3 up to 3.0.0-B20220304.1804. Affected by this issue is the function formMapDelDevice. This manipulation of the argument Hostname causes buffer overflow. This vulnerability appears as CVE-2026-36837. The attack may be initiated remotely. There is no available exploit.

A vulnerability described as critical has been identified in Acronis DeviceLock DLP and Cyber Protect Cloud Agent on Windows. Affected by this vulnerability is an unknown functionality. The manipulation results in write-what-where condition. This vulnerability is reported as CVE-2026-41952. The attack requires a local approach. No exploit exists. Upgrading the affected component is recommended.

A vulnerability marked as critical has been reported in Acronis DeviceLock DLP and Cyber Protect Cloud Agent on Windows. Affected is an unknown function. The manipulation leads to out-of-bounds write. This vulnerability is documented as CVE-2026-41220. The attack needs to be performed locally. There is not any exploit available. It is suggested to upgrade the affected component.

A vulnerability labeled as critical has been found in HMBRAND Text::CSV_XS up to 1.61 on Perl. This impacts the function after_parse/before_print/on_error. Executing a manipulation can lead to expired pointer dereference. This vulnerability is registered as CVE-2026-7111. It is possible to launch the attack remotely. No exploit is available. The affected component should be upgraded.

A vulnerability identified as critical has been detected in Tubitak Bilgem Pardus Software Center 1.0.2. This affects an unknown function. Performing a manipulation results in improper privilege management. This vulnerability is cataloged as CVE-2026-5141. It is possible to initiate the attack remotely. There is no exploit available. You should upgrade the affected component.

A vulnerability categorized as critical has been discovered in Tubitak Bilgem Pardus About up to 1.2.0. The impacted element is an unknown function. Such manipulation leads to link following. This vulnerability is listed as CVE-2026-5161. The attack may be performed from remote. There is no available exploit. It is advisable to upgrade the affected component.

A vulnerability was found in Cockpit up to 2.13.5. It has been rated as critical. The affected element is an unknown function of the component Endpoint. This manipulation of the argument func causes privilege escalation. This vulnerability is tracked as CVE-2026-38992. The attack is possible to be carried out remotely. No exploit exists.

Cybersecurity researchers have discovered malicious code in an npm package after a malicious package as a dependency to the project by Anthropic's Claude Opus large language model (LLM). The package in question is "@validate-sdk/v2," which is listed on npm as a utility software development kit (SDK) for hashing, validation, encoding/decoding, and secure random generation. However, its real

这是一起针对 SAP CAP（Cloud Application Programming Model）和 Cloud MTA（Multi-Target Application）生态的精准 npm 供应链攻击。攻击者通过劫持/污染 SAP 官方维护的 npm 包，在安装阶段注入恶意引导程序，最终执行高度混淆凭证窃取与自传播框架。

Austrian and Albanian authorities dismantled a criminal ring accused of running a large-scale cryptocurrency investment fraud operation that caused estimated losses of over €50 million ($58.5 million) to victims worldwide. [...]

Как пройдёт День Победы в столице в 2026 году.

根据发表在《People and Nature》期刊上的一项研究，欧洲大山雀和其它 36 种鸟更惧怕女性，原因未知。研究显示，在鸟儿飞走前男性能比女性多靠近大约一米距离。无论男女衣着，是否长发，身高如何，以何种方式接近鸟，这种现象始终存在。鸟类或许能辨别人类的性别，但具体机制并不清楚。研究人员观察了生活在五个欧洲国家城市中心的鸟类，其中包括已知一见到人类就会飞走的鸟类如喜鹊，以及倾向于稍迟才飞走的鸟类如鸽子。对女性表现出过度恐惧的反应在不同鸟类中间是一致的。研究人员猜测鸟可能通过气味或步态辨别性别。

A vulnerability was found in UTT HiPER 1250GW up to 3.2.7-210907-180535. It has been declared as critical. Impacted is the function strcpy of the file route/goform/ConfigAdvideo. The manipulation of the argument Profile results in buffer overflow. This vulnerability is identified as CVE-2026-7420. The attack can be executed remotely. Additionally, an exploit exists.

A vulnerability was found in UTT HiPER 1250GW up to 3.2.7-210907-180535. It has been classified as critical. This issue affects the function strcpy of the file route/goform/formTaskEdit_ap. The manipulation of the argument Profile leads to buffer overflow. This vulnerability is referenced as CVE-2026-7419. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

A vulnerability was found in UTT HiPER 1250GW up to 3.2.7-210907-180535 and classified as critical. This vulnerability affects the function strcpy of the file route/goform/NTP. Executing a manipulation of the argument Profile can lead to buffer overflow. The identification of this vulnerability is CVE-2026-7418. The attack may be launched remotely. Furthermore, there is an exploit available.