Aggregator

CVE-2026-45684 | open-telemetry opentelemetry-ebpf-instrumentation up to 0.8.x iov_iter.count buffer over-read (GHSA-vvmg-8mjr-g6q3)

1 week 4 days ago

A vulnerability, which was classified as problematic, has been found in open-telemetry opentelemetry-ebpf-instrumentation up to 0.8.x. This affects an unknown function. The manipulation of the argument iov_iter.count leads to buffer over-read. This vulnerability is documented as CVE-2026-45684. The attack needs to be performed locally. There is not any exploit available. It is advisable to upgrade the affected component.

vuldb.com

CVE-2026-45682 | open-telemetry opentelemetry-ebpf-instrumentation up to 0.8.x memory leak (GHSA-962q-hwm5-52x5)

VulDB Recent Entries

1 week 4 days ago

A vulnerability classified as problematic was found in open-telemetry opentelemetry-ebpf-instrumentation up to 0.8.x. The impacted element is an unknown function. Executing a manipulation can lead to memory leak. This vulnerability is registered as CVE-2026-45682. The attack needs to be launched locally. No exploit is available. Upgrading the affected component is advised.

vuldb.com

CVE-2026-45681 | open-telemetry opentelemetry-ebpf-instrumentation up to 0.8.x out-of-bounds (GHSA-r6c9-g6q5-qrf9)

VulDB Recent Entries

1 week 4 days ago

A vulnerability classified as problematic has been found in open-telemetry opentelemetry-ebpf-instrumentation up to 0.8.x. The affected element is an unknown function. Performing a manipulation results in out-of-bounds read. This vulnerability is cataloged as CVE-2026-45681. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

vuldb.com

CVE-2026-45680 | open-telemetry opentelemetry-ebpf-instrumentation up to 0.8.x resource consumption (GHSA-89c6-vpcj-7vj4)

VulDB Recent Entries

1 week 4 days ago

A vulnerability described as problematic has been identified in open-telemetry opentelemetry-ebpf-instrumentation up to 0.8.x. Impacted is an unknown function. Such manipulation leads to resource consumption. This vulnerability is listed as CVE-2026-45680. The attack may be performed from remote. There is no available exploit. Upgrading the affected component is recommended.

vuldb.com

CVE-2026-45679 | open-telemetry opentelemetry-ebpf-instrumentation up to 0.8.x Status Message neutralization for logs (GHSA-8rrq-wcg8-cv5q)

VulDB Recent Entries

1 week 4 days ago

A vulnerability marked as critical has been reported in open-telemetry opentelemetry-ebpf-instrumentation up to 0.8.x. This issue affects some unknown processing of the component Status Message Handler. This manipulation causes improper output neutralization for logs. This vulnerability is tracked as CVE-2026-45679. The attack is possible to be carried out remotely. No exploit exists. It is suggested to upgrade the affected component.

vuldb.com

Threat Actor Claims to Sell 58K Confidential SUNACOOP Venezuela Cooperative Records

Dark Web Informer - Cyber Threat Intelligence

1 week 4 days ago

A threat actor using the alias malconguerra2 claims to be selling a confidential dataset attributed to SUNACOOP, Venezuela's national superintendency of cooperatives.

Dark Web Informer

Attackers Abuse AWS, Google Cloud, Cloudflare, and Microsoft Services to Hide Malicious Traffic

Cyber Security News

1 week 4 days ago

Cybercriminals are increasingly weaponizing trusted cloud infrastructure, including Amazon Web Services, Google Cloud, Microsoft Azure, Cloudflare, and GitHub, to camouflage malicious traffic, evade detection, and sustain long-lived Command and Control (C2) operations. A recent threat intelligence investigation using ANY.RUN’s Threat Intelligence (TI) Lookup reveals just how deeply this abuse has become embedded in modern attack […]

The post Attackers Abuse AWS, Google Cloud, Cloudflare, and Microsoft Services to Hide Malicious Traffic appeared first on Cyber Security News.

Guru Baran

DOD wants to integrate cyber in all operations, and integrate security into AI

CyberScoop

1 week 4 days ago

Top Pentagon cyber policy official Katherine Sutton said recent conflicts have emphasized the importance of cyber, and that the department can’t make old mistakes with AI security.

The post DOD wants to integrate cyber in all operations, and integrate security into AI appeared first on CyberScoop.

Tim Starks

Звёздные войны перестали быть метафорой: США строят орбитальную систему для уничтожения ракет из космоса

Securitylab.ru

1 week 4 days ago

Трамп хочет накрыть США куполом из спутников-перехватчиков. Может, пора и нам?

Microsoft Exchange Online outage causes email delays, failures

Bleeping Computer.

1 week 4 days ago

Microsoft is working to address a widespread service issue affecting the mail flow pipeline for Exchange Online customers across North America and Germany. [...]

Sergiu Gatlan

CVE-2026-45678 | open-telemetry opentelemetry-ebpf-instrumentation up to 0.8.x Postgres Protocol Parser buffer overflow (GHSA-pgvv-q3wf-mm9m)

VulDB Recent Entries

1 week 4 days ago

A vulnerability labeled as critical has been found in open-telemetry opentelemetry-ebpf-instrumentation up to 0.8.x. This vulnerability affects unknown code of the component Postgres Protocol Parser. The manipulation results in buffer overflow. This vulnerability is identified as CVE-2026-45678. The attack can be executed remotely. There is not any exploit available. The affected component should be upgraded.

vuldb.com

CVE-2026-40780 | Liquid Web/StellarWP BookIt Plugin prior 2.5.4.1 on WordPress authentication bypass

VulDB Recent Entries

1 week 4 days ago

A vulnerability identified as critical has been detected in Liquid Web/StellarWP BookIt Plugin on WordPress. This affects an unknown part. The manipulation leads to authentication bypass using alternate channel. This vulnerability is referenced as CVE-2026-40780. Remote exploitation of the attack is possible. No exploit is available. You should upgrade the affected component.

vuldb.com

Trump administration releases scaled-back AI executive order

CyberScoop

1 week 4 days ago

The order — which Trump previously refrained from signing at the last minute — appears to make significant concessions to industry compared to earlier drafts.

The post Trump administration releases scaled-back AI executive order appeared first on CyberScoop.

djohnson

Safepay

Dark Feed IO

1 week 4 days ago

You must login to view this content

cohenido

Red Hat Confirms Supply Chain Compromise of @redhat-cloud-services npm Packages

Cyber Security News

1 week 4 days ago

Red Hat has officially confirmed a supply chain compromise affecting multiple packages published under the @redhat-cloud-services npm namespace, disclosed publicly on June 1, 2026. A compromised GitHub account was used to inject malicious code into frontend libraries maintained within a Red Hat GitHub organization, raising significant concern across enterprise environments that depend on these packages […]

The post Red Hat Confirms Supply Chain Compromise of @redhat-cloud-services npm Packages appeared first on Cyber Security News.

Guru Baran

Russia Says Foreign Spyware Found on High-Ranking Officials’ Mobile Phones

Cyber Security News

1 week 4 days ago

Russia’s Federal Security Service (FSB) has claimed it disrupted a large-scale cyber-espionage operation involving the deployment of advanced spyware on mobile devices used by high-ranking government officials. The agency stated that the campaign was orchestrated by unidentified foreign intelligence services and aimed at covert surveillance and data exfiltration. According to the FSB, the operation involved […]

The post Russia Says Foreign Spyware Found on High-Ranking Officials’ Mobile Phones appeared first on Cyber Security News.

Abinaya

Instagram Account Hijacks Expose the Security Risks of AI-Powered Support

Security Affairs

1 week 4 days ago

Attackers exploited Meta’s AI support chatbot to reset Instagram passwords and hijack accounts without accessing victims’ email inboxes. Attackers abused Meta’s AI-powered support chatbot to reset Instagram passwords and hijack accounts without accessing victims’ email inboxes. The issue affected several users, including high-profile accounts, before Instagram fixed the flaw. Security researcher Jane Wong and other […]

Pierluigi Paganini

Действительно ли Windows лучше macOS. Разбираем популярные мифы

Securitylab.ru

1 week 4 days ago

Стилеры под macOS, уязвимые драйверы Windows и конец поддержки Windows 10 показывают, что безопасность решают настройки, патчи и привычки.

Шесть долларов за одну строчку кода. Разработчики в ярости от новой схемы списания денег в GitHub Copilot

Securitylab.ru

1 week 4 days ago

Новые тарифы GitHub Copilot превратили работу программистов в лотерею.

拒绝停止呼吸的土壤

Solidot

1 week 4 days ago

法国生化学家 Sébastien Fontaine 15 年来一直试图杀死土壤，他想要了解没有任何生命的土壤能释放多少碳。他的团队将土壤密封在罐子内，用伽马射线进行灭菌照射。然后等待土壤释放的二氧化碳——这是微生物呼吸持续进行的标志——下降。他们等待了几周，几个月。在显微镜下，经辐射处理的土壤没有显示任何生命迹象，但它仍在继续释放二氧化碳。土壤拒绝停止呼吸。Fontaine 的实验室重复了实验得到了相同的结果。研究人员开始寻找无生命土壤中的呼吸来源。Fontaine 的团队如今报告，他们的土壤样本在六年内持续消耗氧气并释放二氧化碳。他们提出，为生命提供能量的代谢过程也可能发生在活细胞之外。他们的实验表明，即使没有通常组织土壤的生物蛋白质，这种代谢过程也能在土壤中发挥作用。如果他们的假设正确，那么部分生化反应如释放富碳糖分子能量的反应，可能并非生物所独有。此类反应甚至可能在地球生命出现前就已经存在。

Aggregator

Managed ad