Aggregator

Тегеран достал из рукава свой главный козырь, который пробьет любую ПРО.

Ubuntu flaw CVE-2026-3888 lets attackers gain root via a systemd timing exploit, affecting Desktop 24.04+ with high severity. Qualys researchers found a high-severity flaw, tracked as CVE-2026-3888 (CVSS score of 7.8), in Ubuntu Desktop 24.04+, which allows attackers to exploit a systemd cleanup timing issue to escalate privileges to root and potentially take full control […]

Apple is delivering small security updates, called Background Security Improvements, starting with iOS 26.1, iPadOS 26.1, and macOS 26.1. Apple describes Background Security Improvements as lightweight security releases for components such as Safari, the WebKit framework, and other system libraries, delivered through ongoing patches between software updates. “In rare instances of compatibility issues, Background Security Improvements may be temporarily removed and then enhanced in a subsequent software update,” the company noted. Users can manage Background … More →

The post Apple starts issuing lightweight security updates between software releases appeared first on Help Net Security.

VIAVI Solutions has announced its Observer Threat Forensics solution with an advanced retrospective analysis capability. The industry is shifting away from siloed network and security operations teams to a converged NetSecOps structure to close critical gaps in incident responses and strengthen resilience. Designed to increase visibility across operational teams, Observer Threat Forensics helps organizations identify potential vulnerabilities including post-detection analyses of a breach, the intrusion point and the exposed data. Observer Threat Forensics is built … More →

The post VIAVI advances NetSecOps with unified threat forensics and retrospective analysis appeared first on Help Net Security.

The Vidar 2.0 infostealers is deployed through fake free game cheats on GitHub and Reddit

A vulnerability, which was classified as problematic, has been found in Bee Content Design Befree SDK up to 3.46.x. Affected by this vulnerability is an unknown functionality of the component Content Security Policy Handler. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-12518. The attack is possible to be carried out remotely. No exploit exists. It is advisable to upgrade the affected component.

Одно подключение = полный контроль.

3月2日，全球开源界迎来历史性拐点——AI代理框架OpenClaw仅用4个月时间，在GitHub平台星标数突破25万，正式超越开源前端框架React和开源系统内核Linux，成为GitHub有史以来获星最多的软件项目。

最高人民法院3月18日发布人民法院审理涉未成年人民事案件工作指引。

习近平总书记强调，数据基础制度建设事关国家发展和安全大局，要统筹推进数据产权、流通交易、收益分配、安全治理，加快构建数据基础制度体系。

《网络安全法》此次修改远不止于法律文本的更新，更是对近年来网络发展与安全实践中所遇到的突出问题的制度性回应，集中体现了在数智时代背景下我国对于“数字文明”这一重大课题的价值取向与路径选择。

A vulnerability classified as critical was found in Linux Kernel up to 6.19.3. Affected is the function ib_create_send_mad. Executing a manipulation can lead to out-of-bounds read. This vulnerability is handled as CVE-2026-23243. The attack can only be done within the local network. There is not any exploit available. Upgrading the affected component is advised.

A vulnerability classified as critical has been found in Linux Kernel up to 6.18.16/6.19.6/7.0-rc1. This impacts the function mmap of the component perf. Performing a manipulation results in use after free. This vulnerability is known as CVE-2026-23248. Access to the local network is required for this attack. No exploit is available. It is recommended to upgrade the affected component.

一年一度的两会，是观察国家政策走向的重要窗口。2026年政府工作报告已经新鲜出炉，其中关于网络安全的表述，字字千钧。今天，我们就来深度拆解这份报告背后的安全信号。本次报告明确提出：“健全数据要素基础制度，强化数据安全与个人信息保护，完...

一年一度的两会，是观察国家政策走向的重要窗口。2026年政府工作报告已经新鲜出炉，其中关于网络安全的表述，字字千钧。今天，我们就来深度拆解这份报告背后的安全信号。本次报告明确提出：“健全数据要素基础制度，强化数据安全与个人信息保护，完...

一年一度的两会，是观察国家政策走向的重要窗口。2026年政府工作报告已经新鲜出炉，其中关于网络安全的表述，字字千钧。今天，我们就来深度拆解这份报告背后的安全信号。本次报告明确提出：“健全数据要素基础制度，强化数据安全与个人信息保护，完...

A vulnerability described as critical has been identified in Linux Kernel up to 6.12.76/6.18.16/6.19.6/7.0-rc1. This affects the function ieee80211_ml_reconfiguration of the component wifi. Such manipulation of the argument link_id leads to out-of-bounds read. This vulnerability is traded as CVE-2026-23246. Access to the local network is required for this attack to succeed. There is no exploit available. Upgrading the affected component is recommended.

A vulnerability marked as critical has been reported in Linux Kernel up to 6.19.3. The impacted element is the function siw_get_hdr of the component RDMA. This manipulation causes null pointer dereference. This vulnerability appears as CVE-2026-23242. The attacker needs to be present on the local network. There is no available exploit. It is suggested to upgrade the affected component.

A vulnerability labeled as critical has been found in Linux Kernel up to 6.19.5. The affected element is the function run_unpack of the component ntfs3. The manipulation results in denial of service. This vulnerability is reported as CVE-2025-71265. The attacker must have access to the local network to execute the attack. No exploit exists. The affected component should be upgraded.

A vulnerability identified as problematic has been detected in Linux Kernel up to 6.18.16/6.19.6/7.0-rc2. Impacted is the function siphash of the component tcp. The manipulation leads to algorithm downgrade. This vulnerability is documented as CVE-2026-23247. The attack can be initiated remotely. There is not any exploit available. You should upgrade the affected component.