Aggregator

A vulnerability has been found in step-security harden-runner up to 2.15.x and classified as problematic. Affected is an unknown function. This manipulation causes protection mechanism failure. This vulnerability appears as CVE-2026-32946. The attack may be initiated remotely. There is no available exploit. The affected component should be upgraded.

A vulnerability classified as critical was found in Frappe ERPNext up to 15.99.x/16.7.x. This affects an unknown part. Such manipulation leads to sql injection. This vulnerability is listed as CVE-2026-32954. The attack may be performed from remote. There is no available exploit. Upgrading the affected component is advised.

A vulnerability has been found in tillitis tkeyclient up to 1.2.x and classified as problematic. Impacted is an unknown function of the component Go Module. The manipulation leads to incorrect implementation of authentication algorithm. This vulnerability is documented as CVE-2026-32953. It is possible to launch the attack on the physical device. There is not any exploit available. The affected component should be upgraded.

A vulnerability was found in micronaut-projects micronaut-core up to 4.10.16 and classified as problematic. The affected element is an unknown function of the component Message Handler. The manipulation results in allocation of resources. This vulnerability is reported as CVE-2026-33012. The attack can be launched remotely. No exploit exists. It is suggested to upgrade the affected component.

A vulnerability was found in micronaut-projects micronaut-core up to 3.10.4/4.10.15. It has been classified as problematic. The impacted element is the function theJsonBeanPropertyBinder::expandArrayToThreshold. This manipulation causes infinite loop. This vulnerability appears as CVE-2026-33013. The attack may be initiated remotely. There is no available exploit. Upgrading the affected component is recommended.

A vulnerability was found in nestjs nest up to 11.1.15 and classified as critical. This impacts an unknown function of the component GET Handler. Such manipulation leads to incorrect control flow. This vulnerability is documented as CVE-2026-33011. The attack can be executed remotely. There is not any exploit available. It is suggested to upgrade the affected component.

A vulnerability was found in Dataease SQLBot up to 1.6.x. It has been rated as critical. This issue affects some unknown processing of the file /api/v1/datasource/check. This manipulation causes server-side request forgery. This vulnerability appears as CVE-2026-32949. The attack may be initiated remotely. There is no available exploit. Upgrading the affected component is advised.

Почему ваш смартфон может перестать видеть сеть к 2032 году.

因无人维护，Linux 内核处理 LS7A/LS2K SoC 显示控制器的龙芯 DRM（Direct Rendering Manager）驱动被标记为“孤儿状态”。现在龙芯工程师在邮件列表上宣布接手维护工作。龙芯工程师 Jianmin Lv 和 Qianhai 都是龙芯的 GPU 研发工程师，负责内核驱动开发，他们有能力也有责任持续维护龙芯的 GPU 驱动，最小化对用户的影响，在内部讨论之后，团队推荐两人接手维护工作，推荐 Huacai、Mingcong 和 Ruoyao 三人协助。龙芯将根据芯片支持计划推出更新。

German-led policing effort against fraud operation disrupts countless CSAM and cybercrime sites

An urgent warning regarding three critical Apple vulnerabilities that threat actors are actively exploiting in the wild. These security flaws, officially tracked as CVE-2025-31277, CVE-2025-43510, and CVE-2025-43520, were recently added to CISA’s Known Exploited Vulnerabilities (KEV) catalog. Security researchers have linked this specific triad of vulnerabilities to the sophisticated DarkSword iOS exploit chain, which attackers use […]

The post CISA Warns of Apple Vulnerabilities Linked to DarkSword iOS Exploit Chain Exploited in Attacks appeared first on Cyber Security News.

守护安全检测体系可靠性

致力于打破传统的身份验证壁垒

Спецслужбы ищут взломщиков, а люди – работающие автоматы с билетами.

本届大赛以“网络智能防护，开启数字安全新时代”为主题，不仅彰显了我国在实战型网络安全人才培养方面的坚定决心，更标志着我国网络安全人才培养和产学研用生态发展迈入了“数智融合”的新阶段。

RSAC 2026在旧金山拉开帷幕，AI全面渗透所有议题。微软发布Agent 365抢占代理安全制高点，行业热议AI SOC落地与社区协作。

A vulnerability was found in Red Hat Keycloak. It has been rated as critical. This issue affects some unknown processing of the component resource_set Endpoint. The manipulation leads to improper access controls. This vulnerability is traded as CVE-2026-4628. It is possible to initiate the attack remotely. There is no exploit available.

倪海厦老师讲2026丙午年：财神爷只认"土" ——从经济变局到身体养命的全方位生存指南”

OpenClaw 的强大之处在于其插件 Skills 生态，而这恰恰也是其最脆弱的攻击面。本文深入复盘 "ClawHavoc" 等供应链攻击事件，将恶意插件的攻击手法归纳为凭据窃取、远程控制、上下文持久化注入、环境投毒与社会工程学五大类，并逐一剖析其实现原理与防御策略。