Aggregator

Submit #829543 / VDB-367927

В сети оказались чертежи всей цифровой архитектуры шведского бренда.

根据内部电子邮件，欧洲议会内部计算机的默认搜索引擎将于 6 月 4 日起从 Google 切换到法国搜索引擎 Qwant，此举是出于对数字主权和隐私的考虑。Qwant 被描述为以隐私为中心的欧洲搜索引擎，不追踪用户或收集个人数据。Qwant 成立于 2013 年，突出了隐私保护，为用户提供了 Google 之外的一种选择。通过 Firefox 和 Edge 浏览器地址栏进行的搜索将自动路由到 Qwant，但欧洲议会议员仍然可以自由使用其它搜索引擎或更改其默认设置。欧盟委员会正在加强技术主权，减少对外国技术供应商的依赖，扶持欧洲本土技术。

Online fraud complaints, ransomware cases, and phishing tips reach Slovenia’s national cyber response center in steady volume, and a team of around a dozen analysts sorts through them. Gorazd Božič, who manages SI-CERT at the public agency ARNES, described that work in an interview conducted in person at the Span Cyber Security Arena conference. He put the original proposal for a Slovenian CERT to ARNES leadership in 1994, and the center now records about 6,000 … More →

The post A small Slovenian team handles 6,000 cyber incidents a year appeared first on Help Net Security.

A vulnerability, which was classified as problematic, was found in cilium ebpf up to 0.21.0. This affects the function loadRawSpec of the file btf/btf.go of the component LoadCollectionSpec/LoadCollectionSpecFromReader. Such manipulation leads to integer overflow. This vulnerability is referenced as CVE-2026-10722. The attack can only be performed from a local environment. Furthermore, an exploit is available. A patch should be applied to remediate this issue.

Submit #818291 / VDB-368091

CERT/CCから本件に関するアドバイザリが公表されました。

CERT/CCから本件に関するアドバイザリが公表されました。

A vulnerability, which was classified as critical, has been found in RURBAN Cpanel::JSON::XS up to 4.40 on Perl. The impacted element is the function decode_hv. This manipulation causes type confusion. The identification of this vulnerability is CVE-2026-9334. It is possible to initiate the attack remotely. There is no exploit available. It is advisable to upgrade the affected component.

A vulnerability classified as problematic was found in Passeum Ticketing Plugin up to 1.0 on WordPress. The affected element is the function get_shop_url of the component Setting Handler. The manipulation of the argument shop_name results in cross site scripting. This vulnerability was named CVE-2026-7421. The attack may be performed from remote. There is no available exploit.

A vulnerability classified as problematic has been found in RURBAN Cpanel::JSON::XS up to 4.40 on Perl. Impacted is the function decode_json. The manipulation leads to release of reference. This vulnerability is uniquely identified as CVE-2026-9516. The attack is possible to be carried out remotely. No exploit exists. It is recommended to upgrade the affected component.

A vulnerability described as problematic has been identified in planetshaker EmergencyWP Plugin up to 1.4.2 on WordPress. This issue affects the function form_settings_ui of the file add_cap/remove_cap of the component Setting Handler. Executing a manipulation can lead to cross-site request forgery. This vulnerability is handled as CVE-2026-9732. The attack can be executed remotely. There is not any exploit available.

A vulnerability marked as critical has been reported in FreeIPMI up to 1.6.17. This vulnerability affects unknown code of the component Intelligent Platform Management Interface. Performing a manipulation results in stack-based buffer overflow. This vulnerability is known as CVE-2026-50031. Remote exploitation of the attack is possible. No exploit is available. It is suggested to upgrade the affected component.

Rapid7 details a critical unauthenticated overflow in HP Poly VoIP phones that can lead to root RCE, with patches available for affected models. Rapid7’s latest disclosure on CVE-2026-0826 should get serious attention from anyone running HP Poly VoIP phones in an enterprise setting. It’s a critical unauthenticated stack-based buffer overflow that can give a remote […]

Китайским ИИ-специалистам теперь нужно спрашивать государство, можно ли им ехать за рубеж.

AI agents run inside coding assistants, MCP servers, and multi-agent frameworks, and the access that makes them useful also opens paths to prompt injection, tool poisoning, and credential theft. Public CVE feeds carry agent-execution flaws that reach production faster than the tooling built to catch them. Agent Threat Rules, or ATR, is an open detection format aimed at this category of attack. ATR rules are YAML documents that conform to a versioned schema. Each one … More →

The post Agent Threat Rules: Open detection rule format for AI agent security threats appeared first on Help Net Security.

A vulnerability, which was classified as critical, has been found in Google Android 14/15/16/16-qpr2. Affected by this vulnerability is an unknown functionality of the file ubsan_throwing_runtime.cpp. Performing a manipulation results in integer overflow. This vulnerability is identified as CVE-2026-0080. The attack can be initiated remotely. There is not any exploit available.

A vulnerability was found in Google Android 14/15/16/16-qpr2. It has been rated as critical. The affected element is the function validateNode of the file ResourceTypes.cpp. Performing a manipulation results in out-of-bounds read. This vulnerability is reported as CVE-2026-0076. The attack requires a local approach. No exploit exists.

A vulnerability classified as critical was found in Google Android 16-qpr2. This affects an unknown part of the file ActivityRecord.java. Executing a manipulation can lead to Local Privilege Escalation. The identification of this vulnerability is CVE-2026-0077. The attack can only be executed locally. There is no exploit available. Applying a patch is advised to resolve this issue.

A vulnerability, which was classified as critical, has been found in Google Android 14/15/16/16-qpr2. This vulnerability affects the function setGlobalProxy of the file DevicePolicyManagerService.java. The manipulation leads to improper synchronization. This vulnerability is referenced as CVE-2026-0078. The attack can only be performed from a local environment. No exploit is available.