Aggregator

Некоторые секреты покидают компанию по маленькой капле, а не одним большим потоком.

Пентагон подготовил секретный документ о попытках израильской разведки прослушать американских чиновников.

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: OWASP Agent Memory Guard: Stop AI agents from being weaponized through their own memory Agent Memory Guard is an open-source runtime defense layer that sits between an agent and its memory store, screening every read and write through a pipeline of detectors and a YAML policy. The project is the OWASP reference implementation for ASI06, Memory Poisoning, one entry in … More →

The post Week in review: Cisco SD-WAN 0-day exploited, Patch Tuesday forecast appeared first on Help Net Security.

发布时间: 2026-0

A vulnerability classified as critical was found in USCiLab Cereal up to 1.3.2. Affected is an unknown function of the component Shared Pointer Handler. Executing a manipulation can lead to type confusion. This vulnerability is tracked as CVE-2026-11463. The attack can be launched remotely. Moreover, an exploit is present. The vendor was contacted early about this disclosure.

Submit #814456 / VDB-369083

A vulnerability classified as critical has been found in Chengdu Everbrite Network Technology BeikeShop up to 1.6.0.22. This impacts the function callback of the file plugins/Stripe/Controllers/StripeController.php of the component Stripe Plugin. Performing a manipulation of the argument Request results in improper authorization. This vulnerability is identified as CVE-2026-11462. The attack can be initiated remotely. Additionally, an exploit exists. It is suggested to install a patch to address this issue.

A vulnerability described as critical has been identified in NousResearch hermes-agent up to 0.12.0. This affects the function resolve_session_by_title of the file hermes_state.py of the component resume Endpoint. Such manipulation of the argument Title leads to authorization bypass. This vulnerability is referenced as CVE-2026-11461. It is possible to launch the attack remotely. Furthermore, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

Submit #831466 / VDB-369082

A vulnerability marked as critical has been reported in Boost Serialization up to 1.91. The impacted element is an unknown function. This manipulation causes improper validation of specified type of input. The identification of this vulnerability is CVE-2026-11460. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. The maintainer was notified on Aug 2025 and a disclosure deadline was set for 90 days. The maintainer acknowledged but postponed indefinitely citing time concerns. No patch is currently available and the disclosure deadline has expired.

Submit #829402 / VDB-369081

Submit #814455 / VDB-369080

A vulnerability labeled as problematic has been found in Clash Verge Rev clash-verge-service-ipc up to 2.2.x. The affected element is an unknown function of the component IPC Endpoint. The manipulation results in incorrect permission assignment. This vulnerability was named CVE-2026-26422. The attack needs to be approached locally. There is no available exploit. The affected component should be upgraded.

A critical logic bug in Instagram’s web-based password reset flow on June 6, 2026, exposed unredacted email addresses and phone numbers associated with user accounts, including those belonging to high-profile individuals such as Meta CEO Mark Zuckerberg and model Georgina Rodriguez. Instagram’s parent company Meta deployed an emergency hotfix within hours of the disclosure, but […]

The post Instagram Fixes Password Reset Flaw That Exposes User Emails and Phone Numbers appeared first on Cyber Security News.

2026年6月7日 15:07软件资讯00.00K

Windows сама загрузила DLL. Хакер просто этим воспользовался.

What Happened In May 2026, the HVAC/R wholesale distributor Baker Distr

Сначала — бесплатный образец, потом — сделка с агентом под прикрытием.

一位前IBM网络安全高管指控该公司在过去十年中被外国政府三次入侵，并掩盖了这些漏洞。William Barlow在2020年提起的一项诉讼中称，IBM的内部调查发现中国黑客在2013年至2016年期间