Aggregator

今日暂未更新资讯~
更多最新文章，请访问SecWiki

一艘挂荷兰旗帜的探险游轮MV Hondius号载着150人，从阿根廷南部的乌斯怀亚出发，横渡南大西洋。4月6日至28日，船上乘客开始生病。随后迅速发展为肺炎、急性呼吸窘迫综合征（ARDS）和休克。这些都是重症汉坦病毒肺综合症的典型特征。

两周前，Mozilla 宣布借助 Claude Mythos Preview 和其他 AI 模型，在 Fire

On Thursday, dozens of students took to social media to say they saw a message from a cybercriminal group as they navigated through Canvas, an educational platform created by Instructure that hosts teaching materials, tests, readings and more.

A threat actor is selling a 243 million record dataset attributed to credilink.com.br, described in the post as a Brazilian credit information and risk analysis provider serving financial institutions and retailers.

Обычная сессия в браузере открывала лишние данные военной платформы.

根据发表在 PNAS 期刊上的一项研究，人类历史上首次男性生育力低于女性。研究人员利用了联合国的 World Population Prospects 报告，发现人类男性生育力低于女性的转折点发生在 2024 年，这一转折是人口中男性比例上升驱动的。全球人口中男性比例不断上升，原因是部分国家选择性堕胎（主要是堕女胎）、男性死亡率下降以及每年出生的男孩数量显著多于女孩。历史上男性人口过剩通常在他们达到生育年龄前就消失了，但现代社会改变了这一状况。研究还表明，男性生育力低于女性的转变在不同地区发生的时间存在差异：大洋洲、南美洲和亚洲的转变发生在近期，而撒哈拉以南非洲则可能要到 2100 年，多数欧洲和北美国家的转变发生在几十年前。研究人员警告男性过多以及无子女男性增加会给社会带来挑战，他们建议加强女性社会地位，遏制选择性堕胎，为男性提供稳定的工作。

A threat actor claims to have leaked a database from LDLC, a major French retailer of computers, components, smartphones, and gaming/audio/TV equipment, releasing 1,504,635 records for free under the hashtag #freebreach3d.

Cybersecurity researchers have discovered fraudulent apps on the official Google Play Store for Android that falsely claimed to offer access to call histories for any phone number, only to trick users into joining a subscription that provided fake data and incurred financial loss. The 28 apps have collectively racked up more than 7.3 million downloads, with one of them alone accounting for over

A threat actor is advertising what they describe as a US banking / premium credit client dataset tied to communitychoicecu.com, releasing a 1M+ record sample with full card numbers, names, issuing banks, and addresses.

Военные инженеры променяли умную электронику на… обычные железки?

A vulnerability marked as critical has been reported in mauriciopoppe math-codegen up to 0.4.2. The impacted element is the function cg.parse of the component Mathematical Expression Handler. This manipulation causes code injection. The identification of this vulnerability is CVE-2026-41507. It is possible to initiate the attack remotely. There is no exploit available. It is suggested to upgrade the affected component.

A vulnerability labeled as problematic has been found in go-git up to 5.17.x/6.0.0-alpha.1. The affected element is an unknown function. The manipulation results in insufficiently protected credentials. This vulnerability was named CVE-2026-41506. The attack may be performed from remote. There is no available exploit. The affected component should be upgraded.

A vulnerability identified as critical has been detected in SEPPmail Secure Email Gateway 15.0.1. Impacted is an unknown function. The manipulation leads to improper neutralization of directives in dynamically evaluated code. This vulnerability is uniquely identified as CVE-2026-44128. The attack is possible to be carried out remotely. No exploit exists. You should upgrade the affected component.

A vulnerability categorized as critical has been discovered in SEPPmail Secure Email Gateway up to 15.0.3. This issue affects some unknown processing. Executing a manipulation can lead to missing authorization. This vulnerability is handled as CVE-2026-44125. The attack can be executed remotely. There is not any exploit available. It is advisable to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.12.74/6.18.15/6.19.5. It has been rated as critical. This vulnerability affects unknown code. Performing a manipulation results in privilege escalation. This vulnerability is known as CVE-2026-43320. Access to the local network is required for this attack. No exploit is available. Upgrading the affected component is advised.

A vulnerability was found in 0din-ai ai-scanner up to 1.4.0. It has been declared as critical. This affects the function BrowserAutomation::PlaywrightService. Such manipulation leads to code injection. This vulnerability is traded as CVE-2026-41512. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.6.135/6.12.83/6.18.24/7.0.1. It has been classified as critical. Affected by this issue is the function parse_dacl. This manipulation of the argument sub_auth[] causes incorrect comparison. This vulnerability appears as CVE-2026-43350. The attacker needs to be present on the local network. There is no available exploit. Upgrading the affected component is recommended.

A vulnerability was found in Linux Kernel up to 6.19.11 and classified as critical. Affected by this vulnerability is the function permuted_state. The manipulation results in stack-based buffer overflow. This vulnerability is reported as CVE-2026-43336. The attacker must have access to the local network to execute the attack. No exploit exists. It is suggested to upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 7.0.1 and classified as critical. Affected is an unknown function of the component mshv_vtl. The manipulation leads to privilege escalation. This vulnerability is documented as CVE-2026-43348. The attack requires being on the local network. There is not any exploit available. The affected component should be upgraded.