Aggregator

A vulnerability, which was classified as critical, has been found in GStreamer. Affected is an unknown function of the component JPEG Parser. Performing a manipulation results in heap-based buffer overflow. This vulnerability was named CVE-2026-3082. The attack may be initiated remotely. There is no available exploit. It is recommended to apply a patch to fix this issue.

A vulnerability, which was classified as critical, was found in GStreamer. Affected by this vulnerability is an unknown functionality of the component rtpqdm2depay. Executing a manipulation can lead to out-of-bounds write. The identification of this vulnerability is CVE-2026-3083. The attack may be launched remotely. There is no exploit available. Applying a patch is advised to resolve this issue.

A vulnerability has been found in GStreamer 266 and classified as critical. Affected by this issue is some unknown functionality of the component H.266 Codec Parser. The manipulation leads to integer underflow. This vulnerability is referenced as CVE-2026-3084. Remote exploitation of the attack is possible. No exploit is available. It is suggested to install a patch to address this issue.

A vulnerability was found in GStreamer and classified as critical. This affects an unknown part of the component rtpqdm2depay. The manipulation results in heap-based buffer overflow. This vulnerability is identified as CVE-2026-3085. The attack can be executed remotely. There is not any exploit available. A patch should be applied to remediate this issue.

A vulnerability was found in GStreamer. It has been classified as critical. This vulnerability affects unknown code of the component H.266 Codec Parser. This manipulation causes out-of-bounds write. This vulnerability is tracked as CVE-2026-3086. The attack is possible to be carried out remotely. No exploit exists. To fix this issue, it is recommended to deploy a patch.

A vulnerability classified as problematic has been found in Wakyma Application Web. Affected by this issue is some unknown functionality of the file /centro/equipo/empleado of the component Endpoint. Performing a manipulation results in improper neutralization of special elements in data query logic. This vulnerability is identified as CVE-2026-3021. The attack can be initiated remotely. There is not any exploit available.

A vulnerability classified as problematic was found in Wakyma Application Web. This affects an unknown part of the file /hospitalization/generate-hospitalization-summary of the component Endpoint. Executing a manipulation can lead to improper neutralization of special elements in data query logic. This vulnerability is tracked as CVE-2026-3022. The attack can be launched remotely. No exploit exists.

A vulnerability, which was classified as problematic, has been found in Wakyma Application Web. This vulnerability affects unknown code of the file /pets/print-tags of the component Endpoint. The manipulation leads to improper neutralization of special elements in data query logic. This vulnerability is listed as CVE-2026-3023. The attack may be initiated remotely. There is no available exploit.

A vulnerability, which was classified as problematic, was found in Wakyma Application Web. This issue affects some unknown processing of the file /configuracion/agenda/modelo-formulario-evento of the component Endpoint. The manipulation results in cross site scripting. This vulnerability is cataloged as CVE-2026-3024. The attack may be launched remotely. There is no exploit available.

A vulnerability has been found in libexpat up to 2.7.4 and classified as problematic. This affects the function setContext. The manipulation leads to null pointer dereference. This vulnerability is documented as CVE-2026-32778. The attack needs to be performed locally. There is not any exploit available. The affected component should be upgraded.

9 月造出能独立做科研的 AI 实习生，这次可能不是画饼。

嗯，用户让我帮忙总结一下这篇文章的内容，控制在100字以内，而且不需要用“文章内容总结”或者“这篇文章”这样的开头。好的，我先仔细读一下原文。 这篇文章主要讲的是微软在Windows 11上撤回了一些AI功能，特别是Copilot的接入点。微软表示会减少Copilot在照片、小组件、记事本和截图工具中的集成。他们更注重将AI应用到真正有用的地方，并且还提到了任务栏的位置调整功能。 现在我需要把这些信息浓缩到100字以内。首先，明确微软做了什么：撤回AI功能，减少Copilot的接入点。然后提到具体的应用有哪些被影响了。最后，说明微软的目标是让AI更有意义，并且还有任务栏调整的功能。 可能的结构是：微软减少Windows 11中的AI功能，包括Copilot在某些应用中的集成，专注于真正有用的地方，并推出任务栏位置调整功能。 检查一下字数，确保不超过限制。嗯，这样应该可以了。 微软减少Windows 11中AI功能Copilot的接入点，从照片、小组件等应用开始，专注于真正有用的人工智能体验，并计划推出任务栏位置调整功能。

No Arrests, But Virtual Servers, IP Addresses Seized and Residencies Searched
U.S. authorities seized KimWolf - the attack infrastructure responsible for the largest distributed denial of service attack yet recorded in an international police operation that swept up servers underpinning four botnets.

Contec and Epsimed Monitors Containing 'Backdoors' Are at the Center of Order
Texas Gov. Abbott has ordered agencies to review foreign-made connected medical devices - especially those from Chinese manufacturers - used in state-owned facilities for cybersecurity issues that could pose security and privacy risks to patients and healthcare infrastructure.

Also: CISA Protocol Concerns, AI Agents Push Past Cybersecurity Controls
In this week's panel, four ISMG editors unpacked the cyber dimensions of the Stryker attack amid the escalating Iran-Israel-U.S. tensions, the growing controversy around CISA leadership and alleged protocol breaches, and a new set of concerns related to AI agents bypassing security controls.

New Handala Site Is Also Available
U.S. federal agents seized four web domains associated with Iranian hacking operations days after a threat actor going by Handala posted screenshots it said came from inside the IT systems of medical device manufacturer Stryker. The registrars used to create them are located in the United States.

A vulnerability, which was classified as critical, has been found in doobidoo mcp-memory-service up to 10.25.0. Impacted is an unknown function of the component HTTP Dashboard. The manipulation leads to permissive cross-domain policy with untrusted domains. This vulnerability is referenced as CVE-2026-33010. Remote exploitation of the attack is possible. No exploit is available. It is advisable to upgrade the affected component.

A vulnerability was found in MariaDB Server up to 11.4.9/11.8.5/12.2.1. It has been classified as critical. This impacts the function JSON_SCHEMA_VALID. Performing a manipulation results in heap-based buffer overflow. This vulnerability is cataloged as CVE-2026-32710. It is possible to initiate the attack remotely. There is no exploit available. Upgrading the affected component is recommended.

A vulnerability classified as critical was found in GenericMappingTools gmt up to 6.6.0. This issue affects the function gmt_remote_dataset_id of the file src/gmt_remote.c. Executing a manipulation can lead to stack-based buffer overflow. The identification of this vulnerability is CVE-2026-33147. The attack can only be executed locally. There is no exploit available. A patch should be applied to remediate this issue.

A vulnerability, which was classified as critical, was found in GPAC. The affected element is the function gf_xml_parse_bit_sequence_bs of the file utils/xml_bin_custom.c of the component MP4Box. The manipulation results in out-of-bounds write. This vulnerability is identified as CVE-2026-33144. The attack can be executed remotely. There is not any exploit available. It is advisable to implement a patch to correct this issue.