Аэродром для слабаков. Китайский грузовой дрон YH-1000S поднимает 1,2 тонны с воды, снега и бездорожья
Этот беспилотник заменит транспортную авиацию в труднодоступных районах.
Aggregator
CISA Warns of GitLab Community and Enterprise Editions SSRF Vulnerability Exploited in Attacks
20 hours 31 minutes ago
A critical GitLab vulnerability has been added to the Known Exploited Vulnerabilities (KEV) catalog. Threat actors are actively exploiting a server-side request forgery (SSRF) flaw in GitLab Community and Enterprise editions. The vulnerability, tracked as CVE-2021-39935, poses significant risks to organizations using affected versions of GitLab. The SSRF vulnerability allows unauthorized external attackers to perform […]
The post CISA Warns of GitLab Community and Enterprise Editions SSRF Vulnerability Exploited in Attacks appeared first on Cyber Security News.
Abinaya
Disclosure: SupportCandy Ticket Attachment IDOR (CVE-2026-1251)
20 hours 33 minutes ago
During independent security research conducted as part of the Wordfence Bug Bounty Program, we identified a broken access control vulnerability in the SupportCandy plugin for WordPress. SupportCandy is a helpdesk and customer support ticketing plugin that enables organisations to manage user-submitted support requests directly within their WordPress environment, including the ability to upload files and…
The post Disclosure: SupportCandy Ticket Attachment IDOR (CVE-2026-1251) appeared first on Sentrium Security.
The post Disclosure: SupportCandy Ticket Attachment IDOR (CVE-2026-1251) appeared first on Security Boulevard.
Theklis Stefani
访谈资讯|张谧教授就“低俗导向AI生成提示词”现象答南都记者问
20 hours 41 minutes ago
AI生成陷“低俗迷局”?张谧教授受邀解析提示词“越狱”黑箱,探讨AI技术治理路径
CVE-2026-23830:SandboxJS允许完全逃逸沙箱
20 hours 47 minutes ago
漏洞来源一个满评分的沙箱逃逸漏洞漏洞描述SandboxJS 是一个 JavaScript 沙箱库。0.8.26 之前的版本存在沙箱逃逸漏洞,原因是 `AsyncFunction` 没有被隔离到 `SandboxFunction` 中。该库尝试通过将全局 `Function` 构造函数替换为安全的沙箱版本 `SandboxFunction` 来隔离代码执行。这在 `utils.ts` 中通过一个用于
ZetaSQL 更名为 GoogleSQL
20 hours 51 minutes ago
Google 开源博客宣布,ZetaSQL 开源 SQL 分析和解析项目更名为 GoogleSQL,此举是为了统一名称,除此之外代码、功能和开发团队都没有任何变化。Google 称 ZetaSQL 方言被广泛用于旗下服务如 BigQuery 和 Spanner,在公司内部 ZetaSQL 一直被称为 GoogleSQL,面向公众时用的是 ZetaSQL 名字。但后来 Google 又开始在面向公众的产品和服务中使用了 GoogleSQL 名字,为了避免混淆,它决定统一名称。
Hackers Using AI to Get AWS Admin Access Within 10 Minutes
20 hours 53 minutes ago
Threat actors leveraging artificial intelligence tools have compressed the cloud attack lifecycle from hours to mere minutes, according to new findings from the Sysdig Threat Research Team (TRT). In a November 2025 incident, adversaries escalated from initial credential theft to full administrative privileges in less than 10 minutes by using large language models (LLMs) to […]
The post Hackers Using AI to Get AWS Admin Access Within 10 Minutes appeared first on Cyber Security News.
Guru Baran
Ваш телефон – стукач, и вы ничего с этим не сделаете. Сотовые операторы используют технологии 90-х, чтобы видеть вас насквозь
20 hours 58 minutes ago
Отключить скрытое отслеживание местоположения штатными средствами смартфона невозможно.
Microsoft Investigating Teams Chat Image Retrieval Issue Affecting Enterprise Users
21 hours ago
Microsoft has resolved an outage affecting inline images in Microsoft Teams chats, restoring normal functionality for millions of enterprise users worldwide. The incident, tracked under incident ID TM1226769 in the Microsoft 365 admin center, caused delays or complete failures in loading and retrieving embedded images within chat threads. The issue surfaced recently, impacting Teams users […]
The post Microsoft Investigating Teams Chat Image Retrieval Issue Affecting Enterprise Users appeared first on Cyber Security News.
Guru Baran
Shadow DNS Hacking Routers Internet Traffic Through Compromised Routers
21 hours ago
Most internet users trust their routers to direct traffic correctly, never suspecting that the very signposts of the web could be manipulated. A sophisticated “shadow” network has been silently hijacking home internet connections by compromising vulnerable routers and altering their DNS configurations. Instead of using a legitimate Service Provider’s servers, these infected devices send all […]
The post Shadow DNS Hacking Routers Internet Traffic Through Compromised Routers appeared first on Cyber Security News.
Tushar Subhra Dutta
AI Agent记忆系统攻击与防御:从上下文污染到工具链劫持的知识泄露
21 hours 2 minutes ago
模型输出即知识泄露,Agent执行即风险暴露。攻击者可以通过污染记忆、操控工具返回、诱导工作流执行路径,系统性地提取训练数据和用户交互记录。
Qilin
21 hours 10 minutes ago
You must login to view this content
cohenido
Qilin
21 hours 10 minutes ago
You must login to view this content
cohenido
DMARC Alerts in Slack
21 hours 13 minutes ago
Originally published at DMARC Alerts in Slack by EasyDMARC.
Bringing Email Security Into Enterprise ChatOps Email security ...
The post DMARC Alerts in Slack appeared first on EasyDMARC.
The post DMARC Alerts in Slack appeared first on Security Boulevard.
EasyDmarc
Orchid Security Introduces Continuous Identity Observability for Enterprise Applications
21 hours 14 minutes ago
An innovative approach to discovering, analyzing, and governing identity usage beyond traditional IAM controls.
The Challenge: Identity Lives Outside the Identity Stack
Identity and access management tools were built to govern users and directories.
Modern enterprises run on applications. Over time, identity logic has moved into application code, APIs, service accounts, and custom authentication
The Hacker News
Нашел уязвимость – получи иск. Будни ИБ-специалистов в одной статистике
21 hours 28 minutes ago
Исследователи оценили масштаб давления на представителей сферы информационной безопасности.
CVE-2025-59818 | Zenitel TCIS-3+ prior 9.2.3.3 Uploaded File Remote Code Execution
21 hours 38 minutes ago
A vulnerability classified as critical has been found in Zenitel TCIS-3+ prior 9.2.3.3. This vulnerability affects unknown code of the component Uploaded File Handler. Performing a manipulation results in Remote Code Execution.
This vulnerability is cataloged as CVE-2025-59818. It is possible to initiate the attack remotely. There is no exploit available.
vuldb.com
CVE-2026-0873 | Ercom Cryptobox up to 4.39.x Administration Console cross site scripting
21 hours 39 minutes ago
A vulnerability described as problematic has been identified in Ercom Cryptobox up to 4.39.x. This affects an unknown part of the component Administration Console. Such manipulation leads to cross site scripting.
This vulnerability is listed as CVE-2026-0873. The attack may be performed from remote. There is no available exploit.
Upgrading the affected component is recommended.
vuldb.com
CVE-2026-24735 | Apache Answer up to 1.7.1 API Endpoint private personal information
21 hours 39 minutes ago
A vulnerability marked as problematic has been reported in Apache Answer up to 1.7.1. Affected by this issue is some unknown functionality of the component API Endpoint. This manipulation causes exposure of private personal information to an unauthorized actor.
This vulnerability is tracked as CVE-2026-24735. The attack is possible to be carried out remotely. No exploit exists.
It is suggested to upgrade the affected component.
vuldb.com
Microsoft: Info-Stealing malware expands from Windows to macOS
21 hours 42 minutes ago
Microsoft warns info-stealing attacks are expanding from Windows to macOS, using cross-platform languages like Python and abusing trusted platforms. Microsoft warns info-stealing attacks are rapidly expanding from Windows to macOS, using cross-platform languages like Python and abusing trusted platforms. Since late 2025, Microsoft has seen a surge in macOS infostealer attacks using social engineering, fake […]
Pierluigi Paganini