Aggregator

Cloud Android phones fuel financial fraud, evading detection and enabling dropper accounts

Не просто модерация контента провалилась — вся платформа работала как ловушка.

Publicly accusing an entity of a cyberattack could have negative consequences that organizations should consider before taking the plunge.

Электронная почта давно перестала быть просто «коробкой для писем». Для большинства компаний это основной канал коммуникации и средство для заключения сделок. В то же время почта остается одной из главных точек входа для киберугроз. Как в светской беседе ценятся вежливость, надежность и уважение к собеседнику, так и в мире цифровой корреспонденции существует свой «джентльменский кодекс» — набор техник, без которых любой продукт для защиты почты выглядит неполноценным.

Alleged Breach of Alyna Exposes 18,000 Users With Passwords, GPS Coordinates, and Booking Data From Kuwaiti Laundry and Cleaning App

尽力过，不遗憾，同时不要拼命

2026年高级威胁预测 by ourren

更多最新文章，请访问SecWiki

Citrix has patched two NetScaler ADC and NetScaler Gateway vulnerabilities, one of which is very similar to the CitrixBleed and CitrixBleed2 flaws exploited in zero-day attacks in recent years. [...]

A vulnerability was found in cure53 DOMPurify up to 2.5.8/3.3.1. It has been declared as problematic. This affects an unknown part. Executing a manipulation can lead to cross site scripting. This vulnerability is tracked as CVE-2026-0540. The attack can be launched remotely. No exploit exists. It is recommended to upgrade the affected component.

A vulnerability labeled as problematic has been found in rustdesk-server-pro RustDesk Server Pro up to 1.7.5. This vulnerability affects unknown code of the component Address Book Sync API Module. Executing a manipulation can lead to cleartext transmission of sensitive information. This vulnerability appears as CVE-2026-30796. The attack may be performed from remote. There is no available exploit.

A vulnerability described as critical has been identified in rustdesk-client RustDesk Client up to 1.4.5. Impacted is the function Config::set_options of the file src/hbbs_http/sync.Rs of the component API Message Handler. The manipulation results in violation of secure design principles. This vulnerability is known as CVE-2026-30792. It is possible to launch the attack remotely. No exploit is available.

A vulnerability classified as critical has been found in rustdesk-client RustDesk Client up to 1.4.5. The affected element is an unknown function of the file src/hbbs_http/http_client.Rs. This manipulation causes improper certificate validation. This vulnerability is handled as CVE-2026-30794. The attack can be initiated remotely. There is not any exploit available.

A vulnerability classified as problematic was found in rustdesk-client RustDesk Client up to 1.4.5. The impacted element is an unknown function of the file src/hbbs_http/sync.Rs. Such manipulation leads to cleartext transmission of sensitive information. This vulnerability is uniquely identified as CVE-2026-30795. The attack can be launched remotely. No exploit exists.

A vulnerability identified as critical has been detected in rustdesk-client RustDesk Client up to 1.4.5. Impacted is the function MainSetPermanentPassword in the library flutter/lib/common.Dart of the component URI Handler. The manipulation leads to improper authorization. This vulnerability is documented as CVE-2026-30793. The attack can be initiated remotely. There is not any exploit available.

A vulnerability identified as critical has been detected in OpenClaw up to 2026.2.21. This issue affects the function tools.exec.safeBins. Performing a manipulation of the argument sort results in os command injection. This vulnerability is known as CVE-2026-22169. Attacking locally is a requirement. No exploit is available. You should upgrade the affected component. It looks like a duplicate CVE-2026-32010 has been assigned to this entry.

A vulnerability, which was classified as critical, has been found in OpenClaw up to 2026.2.21 on macOS. Affected is the function system.run. Performing a manipulation results in os command injection. This vulnerability is identified as CVE-2026-22179. The attack can be initiated remotely. There is not any exploit available. It is advisable to upgrade the affected component.