Aggregator

Berlin Proposes 3 Month Requirement to Store IP Addresses
The German government says it's unlocked the secret to passing a law that would require internet service providers to keep customer data without running afoul of privacy and security concerns that sunk earlier attempts. Critics say that's impossible

Recent Package Compromises Pushed Software Component Trust to the Security Agenda
Cloudsmith raised a $72 million Series C led by TCV to expand policy enforcement, auditability and real-time package risk analysis as CISOs focus more closely on software supply-chain threats tied to open-source dependencies, AI-assisted development and compromised artifacts.

Also, Europol Cracks DDoS Networks, Mythos Finds Bugs, France Portal Hit
This week, scam compounds. Attackers exploit flaws pre-disclosure. A crackdown on DDoS-for-hire. No Mythos for CISA, yes for Mozilla. France ID portal breach. Israeli and Venezuelan critical infrastructure targeted. Russian hacking in Ukraine. An Apache flaw. A ransomware negotiator aided BlackCat.

智能情报驱动，以AI治理AI。新一代数字供应链安全治理体系再闭环，智能治理“AI 数字员工”！

美国国家标准与技术研究院（NIST）正在调整其对新披露漏洞的分析方式——面对大量积压的数字缺陷，该机构宣布将只对符合特定标准的 CVE 进行详细分析。

UK National Cyber Security Centre (NCSC) warns China-linked hackers use hijacked devices as proxy networks to hide activity and evade detection. UK National Cyber Security Centre (NCSC) and global partners warn that China-linked threat actors now rely on large proxy networks built of hacked consumer devices. Groups control routers, cameras, video recorders, and NAS systems […]

As these systems move from "pilot" to "permanent," are you more concerned about the erosion of the physician-patient relationship or the potential for hidden economic "steering" within the algorithms?

The post The Robot Will See You Now appeared first on Security Boulevard.

В центре нового конфликта оказалась дистилляция, которая позволяет строить конкурентов на ответах чужих систем.

请白帽师傅们在提交报告时恪守本文规范

A major investigation has revealed that sophisticated threat actors are exploiting fundamental vulnerabilities in global mobile networks to track users worldwide. By abusing legacy 3G SS7 and 4G Diameter signaling protocols, hackers are successfully bypassing telecom firewalls to conduct silent, cross-border espionage. The extensive Citizen Lab research uncovered two distinct surveillance threat actors, identified as […]

The post Hackers Abuse SS7 and Diameter Protocols to Track Mobile Users Worldwide appeared first on Cyber Security News.

根据发表在《科学》期刊上的一项研究，心脏持续不断的跳动可能会主动抑制心脏组织中的肿瘤生长。这些组织中的细胞通路会改变癌细胞的基因调控方式，从而阻止其增殖。这些发现揭示了机械力在保护心脏免受癌症侵害方面的作用，并可能为基于机械刺激的新型癌症疗法做好铺垫。在哺乳动物中，心脏癌极为罕见。更重要的是，成年人的心脏自我更新能力有限，心肌细胞的再生率每年约为 1%。人们对这些特征所提出的一种解释是：心脏组织承受着巨大的机械负荷，它必须克服很大的阻力而持续泵血。这种持续的压力似乎会抑制心脏细胞的增殖能力。通过利用基因工程小鼠模型，研究人员发现，即使引入了强力致癌突变，心脏对其也具有显著的抗性。研究发现，组织内的机械力会重塑癌细胞基因组的调节格局，从而影响癌细胞是否能够增殖。Nesprin-2 是这一过程的核心，这是一种将细胞表面的机械信号传递至细胞核的蛋白。作为 LINC 复合物的一个组成部分，Nesprin-2 可感知心脏的机械微环境，并可在功能上改变染色质结构和组蛋白甲基化，从而降低与肿瘤细胞增殖相关的基因活性。当癌细胞中的 Nesprin-2 被沉默后，这些细胞在机械活动的心脏中会重新获得生长能力并形成肿瘤。

A vulnerability marked as critical has been reported in Docker Desktop. The affected element is an unknown function of the component Enhanced Container Isolation. The manipulation leads to Local Privilege Escalation. This vulnerability is documented as CVE-2026-6406. The attack needs to be performed locally. There is not any exploit available. It is suggested to upgrade the affected component.

A vulnerability labeled as problematic has been found in Apache DolphinScheduler up to 3.4.0. Impacted is an unknown function. Executing a manipulation can lead to enforcement of behavioral workflow. This vulnerability is registered as CVE-2026-23902. It is possible to launch the attack remotely. No exploit is available. The affected component should be upgraded.

A vulnerability identified as critical has been detected in Apache DolphinScheduler 3.2.x/3.3.0. This issue affects some unknown processing of the component RPC Handler. Performing a manipulation results in deserialization. This vulnerability is cataloged as CVE-2025-62233. It is possible to initiate the attack remotely. There is no exploit available. You should upgrade the affected component.

A vulnerability categorized as problematic has been discovered in Microsoft Azure IoT Central. This vulnerability affects unknown code. Such manipulation leads to information disclosure. This vulnerability is listed as CVE-2026-21515. The attack may be performed from remote. There is no available exploit.

A vulnerability was found in OpenClaw up to 2026.4.1. It has been rated as problematic. This affects an unknown part of the component pnpm dlx. This manipulation causes time-of-check time-of-use. This vulnerability is tracked as CVE-2026-41360. The attack is restricted to local execution. No exploit exists. Upgrading the affected component is advised.

A vulnerability was found in OpenClaw up to 2026.3.27. It has been declared as critical. Affected by this issue is some unknown functionality of the component IPv6 Address Handler. The manipulation results in incomplete blacklist. This vulnerability is identified as CVE-2026-41361. The attack can be executed remotely. There is not any exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in OpenClaw up to 2026.4.1. It has been classified as critical. Affected by this vulnerability is an unknown functionality of the component Allowlisted Message Handler. The manipulation leads to origin validation error. This vulnerability is referenced as CVE-2026-41358. Remote exploitation of the attack is possible. No exploit is available. Upgrading the affected component is recommended.

A vulnerability was found in OpenClaw up to 2026.3.30 and classified as critical. Affected is an unknown function of the component Websocket Connection Handler. Executing a manipulation can lead to session expiration. The identification of this vulnerability is CVE-2026-41356. The attack may be launched remotely. There is no exploit available. It is suggested to upgrade the affected component.

A vulnerability has been found in wproyal Royal Addons for Elementor Plugin up to 1.7.1056 on WordPress and classified as problematic. This impacts the function render_post_thumbnail of the component Carousel Widget. Performing a manipulation results in cross site scripting. This vulnerability was named CVE-2026-5428. The attack may be initiated remotely. There is no available exploit.