Aggregator

Combined Platform Spans Dependencies, Extensions, Developer Tools
Socket’s acquisition of Secure Annex extends software supply-chain security beyond open-source dependencies into browser and IDE extensions, addressing AI-driven development risks and fragmented visibility across modern developer workflows.

Bipartisan Deal Funds DHS Components After Record 75-Day Shutdown
The House passed a bipartisan bill funding the Department of Homeland Security, ending a 75-day shutdown that forced the Cybersecurity and Infrastructure Security Agency into a reactive posture and disrupted preventive cyber operations, even as workforce losses and proposed cuts threaten long-term resilience.

Tightening Budgets and AI-Enabled Attacks Stretch State Cyber Defenses
State CISO confidence has collapsed, with just 22% saying their data is protected from cyberthreats. The 2026 NASCIO-Deloitte study points to AI-enabled attacks, third-party vendor risk and the worst budget picture in years as states rethink how they defend public data.

Also, HexDex Arrest, Black Axe Crackdown, LeRobot RCE Flaw
This week, election threats resurfaced. A prolific hacker arrested. Black Axe network disrupted. China-linked disinformation targets Tibet. Exploited ScreenConnect and Windows flaws raise alarms. Minecraft gamers hit with stealer malware. A critical AI framework bug enables remote code execution.

☕️ TL;DR近期佳作推荐：[电影] 燃比娃、[电影] 世界的主人、[韩剧] 努力克服自卑的我们、[韩剧] 稻草人、[日剧] 月夜行路：答案在名作中、[英剧] 半个男人、[美剧] 逆转狂篮 第二季、

Submit #804336 / VDB-360536

Submit #804335 / VDB-360533

SonicWall patches three SonicOS flaws in Gen 6, 7 and 8 firewalls. The company released firmware updates to block bypass attacks and unauthorized access. SonicWall released urgent firmware updates to fix three SonicOS vulnerabilities affecting Gen 6, Gen 7, and Gen 8 firewalls. The flaws could allow attackers to bypass security controls, access restricted services, […]

SonicWall patches three SonicOS flaws in Gen 6, 7 and 8 firewalls. Patch them now

New StorybyAssemblyAIbyAssemblyAI@assemblyaiAssemblyAI builds advanced speech language models that

New StorybyAssemblyAIbyAssemblyAI@assemblyaiAssemblyAI builds advanced speech language models that

A China-aligned threat group has been carrying out a carefully planned espionage campaign against government agencies and critical infrastructure across Asia. The group, tracked under the temporary designation SHADOW-EARTH-053, has been active since at least December 2024, quietly targeting organizations in at least eight countries. The campaign uses a combination of malware tools and living-off-the-land […]

The post China-Aligned Attackers Use ShadowPad, IOX Proxy, and WMIC in Multi-Stage Espionage Campaign appeared first on Cyber Security News.

Уязвимости в XAPI ломают иерархию прав.

A vulnerability was found in Open5GS up to 2.7.7 and classified as problematic. The impacted element is the function amf_nudm_sdm_handle_provisioned of the file /src/amf/nudm-handler.c of the component AMF. Executing a manipulation can lead to denial of service. This vulnerability is tracked as CVE-2026-7585. The attack can be launched remotely. Moreover, an exploit is present. The project was informed of the problem early through an issue report but has not responded yet.

Submit #804334 / VDB-360533

New StorybySpeechmaticsbySpeechmatics@speechmaticsSpeechmatics builds world-leading speech technolo

A vulnerability has been found in JS8Call-improved up to 2.3.1 and classified as critical. The affected element is the function grid2deg of the file APRSISClient.cpp. Performing a manipulation results in stack-based buffer overflow. This vulnerability is identified as CVE-2026-42996. The attack can be initiated remotely. There is not any exploit available. The affected component should be upgraded.

A vulnerability, which was classified as critical, was found in Zurich Instruments LabOne Q up to 26.1.1/26.4.0b5. Impacted is an unknown function of the component File Handler. Such manipulation leads to deserialization. This vulnerability is referenced as CVE-2026-7584. It is possible to launch the attack remotely. No exploit is available. You should upgrade the affected component.