Aggregator

这是一起针对 SAP CAP（Cloud Application Programming Model）和 Cloud MTA（Multi-Target Application）生态的精准 npm 供应链攻击。攻击者通过劫持/污染 SAP 官方维护的 npm 包，在安装阶段注入恶意引导程序，最终执行高度混淆凭证窃取与自传播框架。

Austrian and Albanian authorities dismantled a criminal ring accused of running a large-scale cryptocurrency investment fraud operation that caused estimated losses of over €50 million ($58.5 million) to victims worldwide. [...]

Как пройдёт День Победы в столице в 2026 году.

根据发表在《People and Nature》期刊上的一项研究，欧洲大山雀和其它 36 种鸟更惧怕女性，原因未知。研究显示，在鸟儿飞走前男性能比女性多靠近大约一米距离。无论男女衣着，是否长发，身高如何，以何种方式接近鸟，这种现象始终存在。鸟类或许能辨别人类的性别，但具体机制并不清楚。研究人员观察了生活在五个欧洲国家城市中心的鸟类，其中包括已知一见到人类就会飞走的鸟类如喜鹊，以及倾向于稍迟才飞走的鸟类如鸽子。对女性表现出过度恐惧的反应在不同鸟类中间是一致的。研究人员猜测鸟可能通过气味或步态辨别性别。

A vulnerability was found in UTT HiPER 1250GW up to 3.2.7-210907-180535. It has been declared as critical. Impacted is the function strcpy of the file route/goform/ConfigAdvideo. The manipulation of the argument Profile results in buffer overflow. This vulnerability is identified as CVE-2026-7420. The attack can be executed remotely. Additionally, an exploit exists.

A vulnerability was found in UTT HiPER 1250GW up to 3.2.7-210907-180535. It has been classified as critical. This issue affects the function strcpy of the file route/goform/formTaskEdit_ap. The manipulation of the argument Profile leads to buffer overflow. This vulnerability is referenced as CVE-2026-7419. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

A vulnerability was found in UTT HiPER 1250GW up to 3.2.7-210907-180535 and classified as critical. This vulnerability affects the function strcpy of the file route/goform/NTP. Executing a manipulation of the argument Profile can lead to buffer overflow. The identification of this vulnerability is CVE-2026-7418. The attack may be launched remotely. Furthermore, there is an exploit available.

Global study shows targeted internet censorship worldwide, with Russia leading; VPNs, news, and adult content are most frequently blocked categories. The Global Internet Censorship Index 2026 offers a clear view of how governments around the world control online access. Researchers tested 74 popular websites across 53 countries using residential proxies to simulate real users. After […]

A vulnerability has been found in Algovate xhs-mcp 0.8.11 and classified as critical. This affects the function xhs_publish_content of the file src/server/mcp.server.ts of the component MCP Interface. Performing a manipulation of the argument media_paths results in server-side request forgery. This vulnerability was named CVE-2026-7417. The attack may be initiated remotely. In addition, an exploit is available. The project was informed of the problem early through an issue report but has not responded yet.

A vulnerability, which was classified as problematic, was found in Jenkins HTML Publisher Plugin up to 427. Affected by this issue is some unknown functionality. Such manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2026-42524. The attack can be launched remotely. No exploit exists.

Swiss and German law enforcement have arrested 10 suspected members of the Nigerian criminal network Black Axe, including a regional leader believed to oversee operations in Southern Europe.

Submit #803997 / VDB-360157

Submit #803994 / VDB-360156

Submit #803993 / VDB-360155

A vulnerability, which was classified as problematic, has been found in Jenkins GitHub Plugin up to 1.46.0. Affected by this vulnerability is an unknown functionality. This manipulation causes cross site scripting. This vulnerability is handled as CVE-2026-42523. The attack can be initiated remotely. There is not any exploit available.

A vulnerability classified as critical was found in Jenkins GitHub Branch Source Plugin up to 1967.vdea_d580c1a_b_a_. Affected is an unknown function. The manipulation results in permission issues. This vulnerability is known as CVE-2026-42522. It is possible to launch the attack remotely. No exploit is available.

A vulnerability classified as critical has been found in Jenkins Script Security Plugin up to 1399.ve6a_66547f6e1. This impacts an unknown function. The manipulation leads to permission issues. This vulnerability is traded as CVE-2026-42519. It is possible to initiate the attack remotely. There is no exploit available.

Submit #803991 / VDB-360154

A vulnerability described as critical has been identified in Jenkins Matrix Authorization Strategy Plugin up to 3.2.9. This affects an unknown function of the component Configuration Handler. Executing a manipulation can lead to permission issues. This vulnerability appears as CVE-2026-42521. The attack may be performed from remote. There is no available exploit.

A vulnerability marked as critical has been reported in Jenkins Credentials Binding Plugin up to 719.v80e905ef14eb_. The impacted element is an unknown function. Performing a manipulation results in privilege escalation. This vulnerability is reported as CVE-2026-42520. The attack is possible to be carried out remotely. No exploit exists.