Aggregator

Hundreds of packages across npm and PyPI have been compromised in a new Shai-Hulud supply-chain campaign delivering credential-stealing malware targeting developers. [...]

Two releases shipped this cycle - v10.4.2 (April 15) and v10.4.3 (May 5) - delivering deep KEV cover

A vulnerability identified as problematic has been detected in Ingeteam Ingecon Sun EMS Board. Affected by this issue is some unknown functionality. This manipulation causes risky cryptographic algorithm. This vulnerability is handled as CVE-2026-8072. The attack can be initiated remotely. There is not any exploit available. You should upgrade the affected component.

A vulnerability categorized as problematic has been discovered in Continually Plugin up to 4.3.1 on WordPress. Affected by this vulnerability is an unknown functionality of the component Setting Handler. The manipulation results in cross site scripting. This vulnerability is known as CVE-2026-6813. It is possible to launch the attack remotely. No exploit is available. It is advisable to upgrade the affected component.

A vulnerability was found in FastBots Plugin up to 1.0.12 on WordPress. It has been rated as problematic. Affected is an unknown function of the component Setting Handler. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2026-6800. It is possible to initiate the attack remotely. There is no exploit available. Upgrading the affected component is advised.

A vulnerability was found in ABIS BAPSİS. It has been declared as critical. This impacts an unknown function. Executing a manipulation can lead to authorization bypass. This vulnerability appears as CVE-2026-6001. The attack may be performed from remote. There is no available exploit. It is recommended to upgrade the affected component.

Security teams don’t lack data. They lack timely, usable intelligence. Analysts spend too much time validating indicators, switching between tools, and figuring out what actually matters. This introduces delays and puts organizations at risk of a missed incident.   ANY.RUN solves this by bringing real-time, behavior-validated threat intelligence from ANY.RUN integrated into Elastic Security, where SOC and MSSP teams detect emerging cyberattacks earlier and respond faster without […]

The post ANY.RUN & Elastic Security: Bring Threat Intelligence into Detection and Investigation Workflows       appeared first on ANY.RUN's Cybersecurity Blog.

周二，亚马逊宣布在数十个美国城市推出其30分钟送达选项，名为“Amazon Now”。亚马逊表示，这种超快速送达选项将允许顾客在 “数千种” 商品中购物，包括新鲜食品、家庭必需品和其他当地相关商品。符

A vulnerability was found in Akilli E-Commerce Website up to 4.5.0. It has been classified as critical. This affects an unknown function. Performing a manipulation results in sql injection. This vulnerability is reported as CVE-2025-6577. The attack is possible to be carried out remotely. No exploit exists. Upgrading the affected component is recommended.

Hundreds of npm packages infected by the self-propagating, credential-stealing worm from TeamPCP are related to the open source TanStack ecosystem.

This is the worst Linux vulnerability in years.TL;DRcopy.fail is a Linux kernel local p

SAP has released the May 2026 security updates addressing 15 vulnerabilities across multiple products, including two critical flaws in the Commerce Cloud enterprise-grade e-commerce platform and the S/4HANA ERP suite. [...]

AI 漏洞挖掘开始交付"工程化结果" 从音频解码到工业 CAD，从车端 CAN 帧到企业 Java 中间件——这一次，AI 红队没有靠"灵感"。

AI 漏洞挖掘开始交付"工程化结果" 从音频解码到工业 CAD，从车端 CAN 帧到企业 Java 中间件——这一次，AI 红队没有靠"灵感"。

AI 漏洞挖掘开始交付"工程化结果" 从音频解码到工业 CAD，从车端 CAN 帧到企业 Java 中间件——这一次，AI 红队没有靠"灵感"。

环境异常 当前环境异常，完成验证后即可继续访问。 去验证

环境异常 当前环境异常，完成验证后即可继续访问。 去验证

环境异常 当前环境异常，完成验证后即可继续访问。 去验证

Patching Workflows Built for Weekly Cycles Can't Survive an Era of Hourly Exploits
AI is shrinking the window between vulnerability disclosure and active exploitation from weeks to hours. But remediation workflows haven't kept pace. Security teams need real-time intelligence, unified IT and security operations, and automated remediation to close the gap before attackers do.

In the face of relentless cyberattacks that threaten patient safety, hospitals must strengthen their resilience, with clinical continuity, secure backups and coordinated recovery emerging as critical strategies, said John Riggi of the American Hospital Association and Josh Howell of Rubrik.