Физика вулканов объяснила, как варить идеальный эспрессо
Уравнение для газов в магме неожиданно точно описало воду в кофейном паке.
Aggregator
New Windows RPC Vulnerability Lets Attackers Escalate Privileges Across All Windows Versions
3 weeks 1 day ago
PhantomRPC, a newly identified architectural vulnerability in Windows Remote Procedure Call (RPC) that enables local privilege escalation to SYSTEM-level access, potentially affecting every version of Windows. The research was presented by Kaspersky application security specialist Haidar Kabibo at Black Hat Asia 2026 on April 24 and details five distinct exploitation paths, none of which have […]
The post New Windows RPC Vulnerability Lets Attackers Escalate Privileges Across All Windows Versions appeared first on Cyber Security News.
Guru Baran
Submit #799571: Ryan Cramer ( https://processwire.com/about/team/ryan/ ) ProcessWire CMS 3.0.255 SSRF ( Server-Side Request Forgery ) [Duplicate]
3 weeks 1 day ago
Submit #799571 / VDB-357848
thepiyushkumarshukla
CISA Warns of Multiple SimpleHelp Vulnerabilities Exploited in Attack
3 weeks 1 day ago
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical alert regarding two actively exploited vulnerabilities in SimpleHelp remote support software. Remote access tools are highly valued targets for cybercriminals because they provide direct pathways into corporate networks. When compromised, these platforms allow threat actors to bypass traditional security perimeters and launch devastating secondary […]
The post CISA Warns of Multiple SimpleHelp Vulnerabilities Exploited in Attack appeared first on Cyber Security News.
Abinaya
Только .ru безопасно. МВД советует не ходить в «заграничные» зоны: там живут хакеры
3 weeks 1 day ago
Ведомство рекомендует проверять отправителя, не открывать сокращенные ссылки и не верить файлам, которые маскируются под фото или документы.
Microsoft rolls out revamped Windows Insider Program
3 weeks 1 day ago
Microsoft says it's rolling out a revamped Windows Insider Program experience as part of the broader plans to address performance and reliability concerns affecting Windows 11. [...]
Mayank Parmar
Роботы научатся чувствовать боль и нежность. Ведь их новую кожу вырастили… из настоящих деревьев
3 weeks 1 day ago
Как настоящие деревья помогают машинам стать чуть более человечными?
Brain Cipher
3 weeks 1 day ago
You must login to view this content
cohenido
CVE-2026-7045 | baomidou dynamic-datasource 2.5.0 StandardEvaluationContext/SpelExpressionParser DsSpelExpressionProcessor.java DsSpelExpressionProcessor#doDetermineDatasource injection (Issue 766)
3 weeks 1 day ago
A vulnerability was found in baomidou dynamic-datasource 2.5.0. It has been classified as critical. Affected by this vulnerability is the function DsSpelExpressionProcessor#doDetermineDatasource of the file dynamic-datasource-spring/src/main/java/com/baomidou/dynamic/datasource/processor/DsSpelExpressionProcessor.java of the component StandardEvaluationContext/SpelExpressionParser. This manipulation causes injection.
This vulnerability appears as CVE-2026-7045. The attack may be initiated remotely. There is no available exploit.
It is recommended to apply a patch to fix this issue.
vuldb.com
Submit #798600: baomidou dynamic-datasource 2.5.0+ SpEL Injection [Accepted]
3 weeks 1 day ago
Submit #798600 / VDB-359624
Winegee
Вместо майнинга — прокси. Рассказываем хакеры скупают б/у смартфоны целыми грузовиками
3 weeks 1 day ago
Infrawatch обнаружила рынок, где мобильные сети становятся товаром для тех, кто хочет скрыть следы.
CVE-2026-7044 | GreenCMS up to 2.3 index.php?m=admin&c=custom&a=themeadd unrestricted upload
3 weeks 1 day ago
A vulnerability was found in GreenCMS up to 2.3 and classified as critical. Affected is the function themeadd of the file /index.php?m=admin&c=custom&a=themeadd. The manipulation results in unrestricted upload. This vulnerability only affects products that are no longer supported by the maintainer.
This vulnerability is reported as CVE-2026-7044. The attack can be launched remotely. Moreover, an exploit is present.
vuldb.com
CVE-2026-7043 | GreenCMS up to 2.3 index.php?m=admin&c=custom&a=pluginadd pluginAddLocal unrestricted upload
3 weeks 1 day ago
A vulnerability has been found in GreenCMS up to 2.3 and classified as critical. This impacts the function pluginAddLocal of the file /index.php?m=admin&c=custom&a=pluginadd. The manipulation leads to unrestricted upload. This vulnerability only affects products that are no longer supported by the maintainer.
This vulnerability is documented as CVE-2026-7043. The attack can be initiated remotely. Additionally, an exploit exists.
vuldb.com
INC
3 weeks 1 day ago
You must login to view this content
cohenido
CVE-2026-7042 | 666ghj MiroFish up to 0.1.2 REST API Endpoint backend/app/__init__.py create_app missing authentication (Issue 487)
3 weeks 1 day ago
A vulnerability, which was classified as critical, was found in 666ghj MiroFish up to 0.1.2. This affects the function create_app of the file backend/app/__init__.py of the component REST API Endpoint. Executing a manipulation can lead to missing authentication.
This vulnerability is registered as CVE-2026-7042. It is possible to launch the attack remotely. Furthermore, an exploit is available.
The project was informed of the problem early through an issue report but has not responded yet.
vuldb.com
Submit #798530: https://github.com/GreenCMS/GreenCMS GreenCMS v2.3 arbitrary file deletion [Accepted]
3 weeks 1 day ago
Submit #798530 / VDB-359623
R21Z20
Qilin
3 weeks 1 day ago
You must login to view this content
cohenido
Submit #798529: https://github.com/GreenCMS/GreenCMS GreenCMS v2.3 arbitrary file deletion [Accepted]
3 weeks 1 day ago
Submit #798529 / VDB-359622
R21Z20
CISA Hunts for Cisco Backdoor Spotted on Federal Network
3 weeks 1 day ago
'Firestarter' Backdoor Can Survive Reboots, Upgrades and Standard Fixes
The Cybersecurity and Infrastructure Security Agency issued an emergency directive warning a newly-discovered Cisco backdoor can survive routine remediation processes, forcing agencies to investigate edge devices that anchor federal firewall and VPN security.
The Cybersecurity and Infrastructure Security Agency issued an emergency directive warning a newly-discovered Cisco backdoor can survive routine remediation processes, forcing agencies to investigate edge devices that anchor federal firewall and VPN security.
Poor Risk Analysis Cost 4 Firms $1.7 Million in HIPAA Fines
3 weeks 1 day ago
HHS OCR Breach Investigators Again Find All-Too-Common Risk Analysis Failures
Faulty or non-existent security risk analyses cost a medical imaging provider, a women's healthcare group, a health plan and a third-party insurance administrator a collective $1.7 million in fines after federal regulators concluded they didn't do enough to prevent ransomware attacks.
Faulty or non-existent security risk analyses cost a medical imaging provider, a women's healthcare group, a health plan and a third-party insurance administrator a collective $1.7 million in fines after federal regulators concluded they didn't do enough to prevent ransomware attacks.