Aggregator
CVE-2026-46521 | ImageMagick up to 6.9.13-47/7.1.2-22 MIFF Encoder buffer size (GHSA-jcqp-6r6f-3mfx / Nessus ID 322918)
New DirtyClone Linux Vulnerability Allows Attackers to Gain Root Access Via Cloned Packets
A new Linux kernel local privilege escalation vulnerability, dubbed “DirtyClone” (CVE-2026-43503), that allows unprivileged local users to gain full root access by manipulating cloned network packets through the XFRM/IPsec subsystem, all without leaving a trace in kernel logs or audit records. DirtyClone is a high-severity variant in the DirtyFrag vulnerability family, a class of Linux […]
The post New DirtyClone Linux Vulnerability Allows Attackers to Gain Root Access Via Cloned Packets appeared first on Cyber Security News.
Chinese APT CL-STA-1062 Expands Attacks on Southeast Asian Critical Infrastructure With Custom Malware
Древняя марсианская жизнь могла оставить след. Хорошие новости: ровер Perseverance только что на него наткнулся
CVE-2026-46520 | ImageMagick up to 6.9.13-47/7.1.2-22 Digital Image Parser heap-based overflow (GHSA-36wm-hprc-mcf5 / Nessus ID 322918)
CVE-2026-45031 | ImageMagick up to 6.9.13-46/7.1.2-21 PSD Decoder resource consumption (GHSA-cwpj-h54c-xjpx / Nessus ID 322918)
CVE-2026-45359 | ImageMagick up to 6.9.13-47/7.1.2-21 Digital Image Parser out-of-bounds (GHSA-vhrh-72hq-w8m7 / Nessus ID 322918)
CVE-2026-45664 | ImageMagick up to 6.9.13-46/7.1.2-21 Digital Image Parser resource consumption (GHSA-g5mf-wqq5-vwg6 / Nessus ID 322918)
CVE-2026-45624 | ImageMagick up to 6.9.13-46/7.1.2-21 Digital Image Parser out-of-bounds (GHSA-pfvh-m9xv-8966 / Nessus ID 322918)
CVE-2026-42326 | ImageMagick up to 6.9.13-46/7.1.2-21 IPTC Output File out-of-bounds (GHSA-7wff-wpr6-vmhm / Nessus ID 322918)
Amazon Q Vulnerability Let Attackers Execute Code and Access Sensitive Cloud Environments
A high-severity vulnerability in the Amazon Q Developer Extension for Visual Studio Code (VS Code), Amazon’s AI-powered coding assistant. Tracked as CVE-2026-12957 and CVE-2026-12958 and disclosed by Wiz Research, the flaws allowed attackers to achieve arbitrary code execution and cloud credential theft simply by having a developer open a malicious repository. The root cause was […]
The post Amazon Q Vulnerability Let Attackers Execute Code and Access Sensitive Cloud Environments appeared first on Cyber Security News.
New Initiative Tackles Security for End-of-Life Open Source Software
24 тысячи фиктивных кошельков и 30 млрд рублей за рубежом: МВД раскрыло крупнейшую Qiwi-схему
Alleged GOV.CO Colombia Leak Claims 4.3 Million Records, but the Posted Sample Is German Taxpayer Data
从赞美美德到歌颂堕落
Chinese-Speaking APT Deploys New TinyRCT Backdoor in Southeast Asia Campaign
CVE-2026-34908
Durango State Education Department Allegedly Breached, Exposing Records of Thousands of Primary School Children
New Linux pedit COW Exploit Allows Attackers to Gain System Root Access
A newly disclosed Linux kernel vulnerability combining a Copy-on-Write (COW) page-cache corruption flaw with the net/sched subsystem’s act_pedit component is enabling unprivileged local attackers to escalate privileges to full root access on several major Linux distributions. The exploit, dubbed packet_edit_meme, has been verified in June 2026 against actively maintained enterprise and consumer kernels. The root […]
The post New Linux pedit COW Exploit Allows Attackers to Gain System Root Access appeared first on Cyber Security News.