Aggregator

A vulnerability was found in Linux Kernel up to 6.6.130/6.12.79/6.18.20/6.19.10. It has been classified as critical. Affected by this issue is some unknown functionality of the component ext4. This manipulation causes memory leak. The identification of this vulnerability is CVE-2026-31451. The attack needs to be done within the local network. There is no exploit available. Upgrading the affected component is recommended.

A vulnerability classified as critical was found in Linux Kernel up to 6.19.10. This impacts the function ext4_inode_attach_jinode of the component ext4. Such manipulation leads to memory corruption. This vulnerability is uniquely identified as CVE-2026-31450. The attack can only be initiated within the local network. No exploit exists. Upgrading the affected component is advised.

明天九点开赛！

环境异常 当前环境异常，完成验证后即可继续访问。 去验证

TP-Link Systems Inc.が提供する複数の製品には、重要情報の平文送信の脆弱性が存在します。

首先登录小程序，发现数据是密文，还有签名，这就很头大啊 再大也要干，反编译小程序，格式化 js 代码，全局搜

2026年度备受瞩目的网络安全国家赛事——“湾区杯”网络安全大赛，报名通道现已全面开放！无论你是网安从业者、

A vulnerability classified as problematic was found in Passeum Ticketing Plugin up to 1.0 on WordPress. The affected element is the function get_shop_url of the component Setting Handler. The manipulation of the argument shop_name results in cross site scripting. This vulnerability was named CVE-2026-7421. The attack may be performed from remote. There is no available exploit.

A vulnerability described as problematic has been identified in johnhuang316 code-index-mcp up to 2.14.0. Affected is the function is_safe_regex_pattern of the component search_code_advanced. Executing a manipulation of the argument regex can lead to inefficient regular expression complexity. This vulnerability is registered as CVE-2026-10692. It is possible to launch the attack remotely. Furthermore, an exploit is available. Upgrading the affected component is recommended.

A vulnerability marked as problematic has been reported in wonderwhy-er DesktopCommanderMCP up to 0.2.38. This impacts an unknown function of the file src/search-manager.ts of the component start_search. Performing a manipulation of the argument SearchResult[] results in inefficient regular expression complexity. This vulnerability is cataloged as CVE-2026-10691. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is suggested to upgrade the affected component.

A vulnerability labeled as critical has been found in wonderwhy-er DesktopCommanderMCP 0.2.37. This affects the function readFileFromUrl of the file src/tools/filesystem.ts of the component read_file. Such manipulation of the argument url leads to server-side request forgery. This vulnerability is listed as CVE-2026-10690. The attack may be performed from remote. In addition, an exploit is available. It is best practice to apply a patch to resolve this issue.

June 5, 2026Thank you t

Cybercriminals have devised an insidious method to infiltrate macOS environments. Specifically, they disguise malicious payloads within seemingly innocuous applications. Beneath the elegant aesthetics of podcast players and PDF readers lies a dual-threat mechanism. Consequently,...

The post Operation FlutterBridge: Sophisticated Malware Masquerades as Legitimate macOS Utilities appeared first on Information Security News.

魏哲家：台积电目前不存在失去竞争优势的风险台积电CEO表示，该公司在下一代芯片制造领域并未落后。此举驳斥了外界疑虑。外界此前担心，竞争对手已采用极昂贵设备制造尖端芯片，使台积电处于劣势。在年度股东大会

阅读： 0日前，针对Mythos Preview模型的最新公开研究表明，该模型不仅能独立发现漏洞，更能将多个低危漏洞串联成完整的攻击链，形成更为严重漏洞利用链，并自

June 5, 2026Interoperab

A fork of the original HexStrike AI project has been released as HexStrike AI v6.0, an advanced Model Context Protocol (MCP)-based cybersecurity automation framework that merges 127 professional security tools with BOAZ, a multi-layered, EDR/AV payload evasion engine built for real-world red team operations The platform enables Claude, GPT, VS Code Copilot, Cursor, and any MCP-compatible […]

The post HexStrike AI RED-TEAM With 127 Security Tools and BOAZ Red Team Integration appeared first on Cyber Security News.