Aggregator

Download our three Companion Guides to learn how to stay aligned to the CIS Controls in your real-world AI environments.

Cybersecurity researchers have disclosed details of a stealthy Python-based backdoor framework called DEEP#DOOR that comes with capabilities to establish persistent access and harvest a wide range of sensitive information from compromised hosts. "The intrusion chain begins with execution of a batch script ('install_obf.bat') that disables Windows security controls, dynamically extracts an

Корпорации объединились против глюков нейросетей.

London police officers have been warned by the Metropolitan Police Federation to watch their backs after the force deployed controversial AI software to investigate misconduct. The staff association, representing more than 30,000 officers in London, reported it had not been informed of plans to use Palantir’s AI to analyze officers’ movements. The Federation notified all colleagues and advised them to exercise “extreme caution when carrying Metropolitan Police-issued devices while off duty”. It believes the use … More →

The post Met Police face criticism for using AI to spy on their own officers appeared first on Help Net Security.

Новый онлайн-инструмент позволяет отследит историю абсолютно любой точки планеты.

CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. 

• CVE-2026-41940 WebPros cPanel & WHM and WP2 (WordPress Squared) Missing Authentication for Critical Function Vulnerability

This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information. 

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of KEV Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria. 

April brought several updates across ANY.RUN’s Threat Intelligence and detection coverage.  The biggest change is expanded access to Threat Intelligence: Free plan users now get 20 premium requests in TI Lookup and YARA Search. This gives security teams a practical way to check suspicious indicators, explore related sandbox sessions, and validate malware or phishing activity using real attack […]

The post Release Notes: Expanded Threat Intelligence Access, AI Assisted Search 1,770 New Detections and More appeared first on ANY.RUN's Cybersecurity Blog.

A vulnerability was found in JetBrains IntelliJ IDEA. It has been rated as critical. This vulnerability affects unknown code. Performing a manipulation results in link following. This vulnerability is reported as CVE-2026-41882. The attack is possible to be carried out remotely. No exploit exists. Upgrading the affected component is advised.

A vulnerability was found in Wolters Kluwer Polska LEX Baza Dokumentów up to 1.3.3. It has been declared as problematic. This affects an unknown part of the component Cookie Handler. Such manipulation of the argument em leads to cross site scripting. This vulnerability is documented as CVE-2026-1493. The attack can be executed remotely. There is not any exploit available. It is recommended to upgrade the affected component.

Security researchers at Theori have disclosed a high-severity local privilege escalation (LPE) vulnerability (CVE-2026-31431) in the Linux kernel. The flaw, nicknamed “Copy Fail”, has affected virtually every major Linux distribution shipped since 2017, and a working proof-of-concept (PoC) exploit is publicly available. About CVE-2026-31431 According to Theori researchers, CVE-2026-31431 originates from the interaction of three reasonable kernel changes made over several years: the addition of authencesn (an AEAD cryptographic wrapper used by IPsec) in 2011, … More →

The post Nine-year-old Linux kernel flaw enables reliable local privilege escalation (CVE-2026-31431) appeared first on Help Net Security.

The critical CVE-2026-41940 authentication bypass vulnerability in cPanel, WHM, and WP Squared is being actively exploited in the wild and has been leveraged in attempts since late February. [...]

A vulnerability was found in Linux Kernel up to 6.18.23/6.19.13. It has been classified as critical. Affected by this issue is the function netlink_ns_capable. This manipulation causes privilege escalation. This vulnerability is registered as CVE-2026-31692. The attack requires access to the local network. No exploit is available. Upgrading the affected component is recommended.

A vulnerability was found in Linux Kernel up to 7.0.2 and classified as critical. Affected by this vulnerability is the function munmap of the component privcmd. The manipulation results in double free. This vulnerability is cataloged as CVE-2026-31787. The attack must originate from the local network. There is no exploit available. It is suggested to upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 7.0.2 and classified as critical. Affected is an unknown function of the file drivers/xen/sys-hypervisor.c. The manipulation leads to buffer overflow. This vulnerability is listed as CVE-2026-31786. The attack must be carried out from within the local network. There is no available exploit. The affected component should be upgraded.

В Абу-Даби прошли массовые задержания из-за публикаций о кризисе в интернете.

Intro A sophisticated, high-resilience malicious campaign was identified by Atos Threat Research Center (TRC) in March 2026. This operation specifically targets the high-privilege professional accounts of enterprise administrators, DevOps engineers, and security analysts by impersonating administrative utilities they rely on for daily operations. By integrating Search Engine Order (SEO)

A joint international operation involving U.S. and Chinese authorities arrested at least 276 suspects and shut down nine cryptocurrency investment fraud centers. [...]

Российские приложения теперь знают про ваш VPN больше вас самих.

在其设施遭袭受损之后，数据中心开发商 Pure Data 暂停所有中东项目投资。Pure Data 在欧洲、亚洲和中东运营或开发逾 1GW 的数据中心。数据中心作为基础设施成为了战争中的一个重要目标。亚马逊 AWS 在中东有三座数据中心遭到袭击，导致中东客户的服务出现大规模中断，迫使亚马逊宣布免除其中东云区域客户所有费用，导致其损失了约 1.5 亿美元。Pure Data 位于阿布扎比 Yas Island 的数据中心园区遭到了弹片的袭击。该公司没有披露发生的时间以及受损情况。