Aggregator

Cisco has patched a bug in Unified Communications Manager that lets an unauthenticated attacker on the network write files to the box and, from there, climb to root. It is tracked as CVE-2026-20230, and proof-of-concept exploit code is already public. Cisco's PSIRT says it has not seen the flaw used in attacks yet. The PoC shortens that runway. The flaw is a server-side request forgery.

CVE-2026-20230 is an unauthenticated, remote server-side request forgery (SSRF) vulnerability in Cisco Unified Communications Manager (Unified CM) and Unified CM Session Management Edition (Unified CM SME).

A next-generation Anthropic model has surfaced in restricted testing channels, but early distribution was already compromised before the evaluation formally began. References to claude-oceanus-v1-p began circulating among researchers on June 3, 2026, after the model identifier appeared inside Anthropic’s Claude Console and surfaced through unauthorized API proxy services. The sightings immediately triggered speculation that Anthropic […]

The post Anthropic’s Claude Oceanus-v1-p Opens to Red Team Testing, but Distribution is Compromised appeared first on Cyber Security News.

The United Nations' World Food Programme (WFP), the world's largest humanitarian organization, revealed over the weekend that its self-registration application (SRA) for Palestine was breached. [...]

Бактерии внутри не просто дожили до наших дней — они эволюционировали прямо в мумии.

Critical Everest Forms Pro RCE flaw exploited to create rogue WordPress admin accounts

在经历了长达六个月的无线电静默后，MAVEN 正式宣告任务终结。这艘于 2013 年发射的探测器，在 2025 年 12 月底一次飞越火星背面的常规过程中神秘失联，根据最后传回的数据显示，探测器当时陷入了异常的快速自旋，导致轨道偏离并耗尽了机载电池。 NASA 召集的审查委员会于近日得出结论，判定其已无法复原。尽管它预计还会在轨道上徘徊 50 到 100 年才会坠毁于火星表面，但其科学寿命已画下句号。NASA 在火星轨道上有三艘探测器，包括了 2001 年发射的 Mars Odysse 探测器，2005 年发射的 Mars Reconnaissance Orbiter（MRO）探测器，以及 2013 年发射的 Mars Atmosphere and Volatile Evolution（MAVEN）。MAVEN 属于三艘中服役时间最短的探测器，另外两艘都接近寿命终点。火星轨道上还有两颗欧洲探测器，以及地面上还有漫游车，因此火星研究还会继续。

Valve 公布了 2026 年 5 月的 Steam 硬件和软件调查。在 3 月 Steam 玩家使用 Linux 比例达到创纪录的 5.33% 之后 Linux 份额连续两个月下降：4 月 4.52%，5 月 3.99% 减少 0.53% 但仍然有去年同期的两倍。Windows 操作系统占 93.85%，OSX 占 2.16%。在玩家使用的语言中，英语占 39.48% 增加 2.71%，简体中文占 21.85% 减少 1.56%。用户使用英特尔 CPU 的比例占 53.94%，AMD 占 46.06%，英特尔份额在缓慢减少 AMD 在缓慢增加。

Учёные Университета Райса продемонстрировали атаку с самоизгибающимся радиолучом.

梅涅劳斯定理是“共线定理”，塞瓦定理是“共点定理”

CyberStrikeAI：AI 原生安全测试平台 by ourren

更多最新文章，请访问SecWiki

在kkFileView 4.4.0-beta以前，存在一处ZipSlip漏洞。

在本周举行的 Build 2026 大会上，微软宣布了 Coreutils for Windows 项目——软件巨人维护的 Rust Coreutils(uutils)的一个分支，该分支不是硬分支，而是下游版本。Coreutils for Windows 包含了 uutils/coreutils、findutils 和 grep 等工具，其目标是在 Windows、WSL、macOS 和 Linux 等不同平台之间的开发切换更无缝，因为有统一的命令、flags 和管线，以相同的方式工作，现有脚本无需转换即可直接使用。不知道鲍尔默（Steve Ballmer）是不是还记得他说过的话。

A vulnerability classified as critical has been found in D-Link DWR-M920 1.1.50/1.1.70. Affected is the function sub_41C8E8 of the file /boafrm/formSmsManage. Performing a manipulation of the argument action_value results in command injection. This vulnerability is reported as CVE-2026-10878. The attack is possible to be carried out remotely. Moreover, an exploit is present.

Phishing attacks have always been one of the most common ways cybercriminals steal personal and business data. But something has quietly changed about how these attacks work. Instead of tricking people into typing passwords on fake websites, attackers are now dropping malware directly onto victims’ devices to do the stealing for them. This shift has […]

The post Cybercriminals Shift From Fake Login Pages to Infostealer Malware in Phishing Attacks appeared first on Cyber Security News.

A vulnerability described as critical has been identified in SourceCodester Ship Ferry Ticket Reservation System up to 1.0. This impacts an unknown function of the file /admin/login.php of the component Admin Login. Such manipulation of the argument Username leads to sql injection. This vulnerability is documented as CVE-2026-10877. The attack can be executed remotely. Additionally, an exploit exists.

A vulnerability marked as critical has been reported in SourceCodester Ship Ferry Ticket Reservation System 1.0. This affects an unknown function of the file /admin/. This manipulation of the argument page causes improper authorization. This vulnerability is registered as CVE-2026-10876. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

Submit #832154 / VDB-368368

A vulnerability labeled as critical has been found in projectworlds Online Art Gallery Shop Project 1.0. The impacted element is an unknown function of the file /admin/adminHome.ph. The manipulation of the argument social_twitter results in sql injection. This vulnerability is cataloged as CVE-2026-10875. The attack may be launched remotely. Furthermore, there is an exploit available.