Aggregator

The emerging ransomware has been deployed against victims of the TeamPCP supply chain attacks, but organizations should think twice before paying for a decryptor.

​追觅要用 AI 撕开家电的边界。

OpenAI scales Stargate to build the compute infrastructure powering AGI, adding new data center capacity to meet growing AI demand.

Cursor flaw lets extensions steal API keys and session tokens without user interaction, according to researchers at LayerX

乌克兰-俄罗斯战场持续消耗战叠加乌方超远程无人机打击升级；以色列持续对黎巴嫩和加沙实施精准清除行动；马里萨赫勒局势骤然恶化、俄罗斯准军事力量介入明确化；美伊围绕核协议谈判陷入僵局、美军强化全球海上封锁；网络威胁保持高位活跃态势。

Видеохостинг привлек полицию к расследованию кражи информации клиентов.

A vulnerability, which was classified as critical, has been found in Acronis DeviceLock DLP on Windows. This vulnerability affects unknown code. Performing a manipulation results in uncontrolled search path. This vulnerability is known as CVE-2026-25852. Attacking locally is a requirement. No exploit is available. It is advisable to upgrade the affected component.

A vulnerability classified as critical was found in Totolink N200RE V5. This affects the function formMapDelDevice. Such manipulation of the argument macstr/bandstr leads to command injection. This vulnerability is traded as CVE-2026-36841. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as critical has been found in Totolink A3002RU V3 up to 3.0.0-B20220304.1804. Affected by this issue is the function formMapDelDevice. This manipulation of the argument Hostname causes buffer overflow. This vulnerability appears as CVE-2026-36837. The attack may be initiated remotely. There is no available exploit.

A vulnerability described as critical has been identified in Acronis DeviceLock DLP and Cyber Protect Cloud Agent on Windows. Affected by this vulnerability is an unknown functionality. The manipulation results in write-what-where condition. This vulnerability is reported as CVE-2026-41952. The attack requires a local approach. No exploit exists. Upgrading the affected component is recommended.

A vulnerability marked as critical has been reported in Acronis DeviceLock DLP and Cyber Protect Cloud Agent on Windows. Affected is an unknown function. The manipulation leads to out-of-bounds write. This vulnerability is documented as CVE-2026-41220. The attack needs to be performed locally. There is not any exploit available. It is suggested to upgrade the affected component.

A vulnerability labeled as critical has been found in HMBRAND Text::CSV_XS up to 1.61 on Perl. This impacts the function after_parse/before_print/on_error. Executing a manipulation can lead to expired pointer dereference. This vulnerability is registered as CVE-2026-7111. It is possible to launch the attack remotely. No exploit is available. The affected component should be upgraded.

A vulnerability identified as critical has been detected in Tubitak Bilgem Pardus Software Center 1.0.2. This affects an unknown function. Performing a manipulation results in improper privilege management. This vulnerability is cataloged as CVE-2026-5141. It is possible to initiate the attack remotely. There is no exploit available. You should upgrade the affected component.

A vulnerability categorized as critical has been discovered in Tubitak Bilgem Pardus About up to 1.2.0. The impacted element is an unknown function. Such manipulation leads to link following. This vulnerability is listed as CVE-2026-5161. The attack may be performed from remote. There is no available exploit. It is advisable to upgrade the affected component.

A vulnerability was found in Cockpit up to 2.13.5. It has been rated as critical. The affected element is an unknown function of the component Endpoint. This manipulation of the argument func causes privilege escalation. This vulnerability is tracked as CVE-2026-38992. The attack is possible to be carried out remotely. No exploit exists.

Cybersecurity researchers have discovered malicious code in an npm package after a malicious package as a dependency to the project by Anthropic's Claude Opus large language model (LLM). The package in question is "@validate-sdk/v2," which is listed on npm as a utility software development kit (SDK) for hashing, validation, encoding/decoding, and secure random generation. However, its real

这是一起针对 SAP CAP（Cloud Application Programming Model）和 Cloud MTA（Multi-Target Application）生态的精准 npm 供应链攻击。攻击者通过劫持/污染 SAP 官方维护的 npm 包，在安装阶段注入恶意引导程序，最终执行高度混淆凭证窃取与自传播框架。

Austrian and Albanian authorities dismantled a criminal ring accused of running a large-scale cryptocurrency investment fraud operation that caused estimated losses of over €50 million ($58.5 million) to victims worldwide. [...]

Как пройдёт День Победы в столице в 2026 году.