Aggregator

A vulnerability labeled as critical has been found in Linux Kernel up to 5.4.228/5.10.162/5.15.85/6.0.15/6.1.1. Affected by this issue is the function find_dup_cset_node_entry. Such manipulation leads to null pointer dereference. This vulnerability is listed as CVE-2022-50875. The attack must be carried out from within the local network. There is no available exploit. The affected component should be upgraded.

A vulnerability has been found in Linux Kernel up to 6.0.2 and classified as critical. This affects the function musb_gadget_queue of the file musb_gadget.c. Performing a manipulation results in out-of-bounds read. This vulnerability is known as CVE-2022-50876. Access to the local network is required for this attack. No exploit is available. The affected component should be upgraded.

Две вспышки X-класса за 7 часов…

Биологи нашли в шерсти утконоса полые меланосомы, которых раньше не видели ни у одного млекопитающего

The GlassWorm supply chain attack targeting the Open VSX marketplace has escalated with the discovery of 73 new “sleeper” extensions. Identified in April 2026, this cluster marks a dangerous shift in how threat actors distribute malware to software developers. This activity follows a major wave discovered in March 2026, where researchers documented 72 malicious Open […]

The post 73 Open VSX Sleeper Extensions Linked to GlassWorm Activate New Malware Campaign appeared first on Cyber Security News.

A critical zero-day vulnerability in the Litecoin network was actively exploited to launch a denial-of-service (DoS) attack, temporarily disrupting operations across major mining pools before developers issued a full patch. Security researchers confirmed the flaw allowed threat actors to inject an invalid MWEB (MimbleWimble Extension Block) transaction into unpatched nodes, triggering a cascade of network […]

The post Litecoin Zero-Day Vulnerability Exploited in DoS Attack, Disrupts Major Mining Pools appeared first on Cyber Security News.

Рассказываем, почему масштабный переезд на другой язык пошёл не по плану.

Also: Embedded AI in Pharmaceutical Sector, the Story Behind Apple's CEO Change
In this week's panel, four ISMG editors examine what’s really behind Apple's CEO transition, how pharmaceutical giants are racing to embed artificial intelligence across core operations, and why AI-driven threats are forcing a rethink of how quickly defenders can respond.

Похоже, даже киберкриминалу необходим удобный интерфейс.

倒计时2天！第三届“长城杯”网数智安全大赛（防护赛）总决赛即将开赛

视频｜第三届“长城杯”网数智安全大赛（防护赛）决赛即将启幕

A vulnerability classified as critical was found in liyupi yu-picture up to a053632c41340152bf75b66b3c543d129123d8ec. This impacts the function PageRequest of the file yu-picture-backend/src/main/java/com/yupi/yupicturebackend/service/impl/PictureServiceImpl.java of the component MyBatis-Plus. Executing a manipulation of the argument sortField can lead to sql injection. This vulnerability is tracked as CVE-2026-7060. The attack can be launched remotely. Moreover, an exploit is present. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. Applying a patch is advised to resolve this issue. The project was informed of the problem early through a pull request but has not reacted yet.

Submit #798612 / VDB-359633

A vulnerability classified as critical has been found in 666ghj MiroFish up to 0.1.2. This affects the function get_simulation_posts of the file backend/app/api/simulation.py of the component Query Parameter Handler. Performing a manipulation of the argument Platform results in path traversal. This vulnerability is identified as CVE-2026-7059. The attack can be initiated remotely. Additionally, an exploit exists.

A vulnerability described as critical has been identified in 666ghj MiroFish up to 0.1.2. The impacted element is the function SimulationIPCClient.send_command of the file backend/app/services/simulation_ipc.py of the component Inter-Process Communication. Such manipulation leads to command injection. This vulnerability is referenced as CVE-2026-7058. It is possible to launch the attack remotely. Furthermore, an exploit is available. The project was informed of the problem early through an issue report but has not responded yet.

Submit #798605 / VDB-359632

Submit #798603 / VDB-359631

A vulnerability marked as critical has been reported in Tenda F456 1.0.0.5. The affected element is an unknown function of the file /goform/setcfm of the component httpd. This manipulation of the argument funcname/funcpara1 causes buffer overflow. The identification of this vulnerability is CVE-2026-7057. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability labeled as critical has been found in Tenda F456 1.0.0.5. Impacted is the function fromSafeUrlFilter of the file /goform/SafeUrlFilter of the component httpd. The manipulation of the argument page results in buffer overflow. This vulnerability was named CVE-2026-7056. The attack may be performed from remote. In addition, an exploit is available.

A vulnerability identified as critical has been detected in Tenda F456 1.0.0.5. This issue affects the function fromVirtualSer of the file /goform/VirtualSer of the component httpd. The manipulation of the argument menufacturer/Go leads to buffer overflow. This vulnerability is uniquely identified as CVE-2026-7055. The attack is possible to be carried out remotely. Moreover, an exploit is present.