Aggregator

A vulnerability classified as critical has been found in IEI Integration Corp iVEC TANK-XM811 up to 1.0.3. This affects an unknown function. The manipulation leads to path traversal. This vulnerability is referenced as CVE-2026-11846. Remote exploitation of the attack is possible. No exploit is available. It is recommended to upgrade the affected component.

Ivanti снова не успела предупредить клиентов о том, что их уже взламывают.

A massive supply chain attack targeting the Arch User Repository (AUR) has compromised more than 400 community-maintained packages, with attackers injecting malicious build scripts designed to deploy credential-stealing malware and rootkit-style payloads on affected Linux systems. The campaign, dubbed “Atomic Arch” by researchers, was identified around June 11, 2026, and represents one of the most […]

The post 400+ Arch Linux AUR Packages Compromised in a Supply Chain Attack Deploying Infostealers appeared first on Cyber Security News.

A critical vulnerability chain discovered in LangGraph, a popular open-source AI agent framework developed by the creators of LangChain, could allow attackers to gain full server control through remote code execution (RCE). The issue, identified by Check Point Research, highlights how traditional vulnerabilities can become significantly more dangerous when embedded in AI-driven systems that manage […]

The post Critical Vulnerability Chain in LangGraph Allows Attackers to Gain Full Server Control appeared first on Cyber Security News.

SpaceX Pre-IPO demand is growing as crypto exchanges offer synthetic exposure to its reported $1.75T valuation without direct equity ownership.

Stay cool: Mythos 5 is an upgrade over Mythos Preview while Fable 5 is Mythos "made safe for general use," Anthropic explains.

Authorities seize crypto-laundering network and fake recruitment sites, JDY botnet targets U.S. military, and Miasma worm infects Microsoft and PyPi repos.

NPM, part of GitHub, announced a new version of the npm package manager with several security improvements, including disabling install scripts

Cloudflare Security Insights system now processes over 120 scans per second, providing frequent insights for all customers. By optimizing Kafka consumers, Postgres queries, and our API, we scaled our throughput 10x without adding hardware.

Есть проблема, которую невозможно решить деньгами…

TeamPCP 在 3 个月内横扫 npm、PyPI、GitHub Actions、Docker Hub 等开源生态，本文解剖其全链路攻击技战法与防御策略。

A newly identified remote access trojan named SHEETCREEP is making headlines for its clever use of Google Sheets as a hidden communication channel between attackers and infected machines. This C# malware targets diplomatic organizations, using a carefully crafted lure to trick victims into executing it on their systems. The campaign represents a calculated move by […]

The post SHEETCREEP C# RAT Abuses Google Sheets API as C2 to Target Diplomatic Organizations appeared first on Cyber Security News.

A vulnerability identified as critical has been detected in GL.iNet MT3000 up to 4.4.5. This vulnerability affects unknown code of the file ovpnclient.sh of the component OpenVPN Client Import Workflow. This manipulation causes command injection. This vulnerability is registered as CVE-2026-11406. Remote exploitation of the attack is possible. Furthermore, an exploit is available. You should upgrade the affected component. The vendor confirms: "This issue has been addressed by implementing malicious checks on OpenVPN configuration files to prevent command injection attacks carried through malicious configuration files."

A vulnerability labeled as critical has been found in vertex-app vertex up to 2026.02.12. This issue affects some unknown processing of the file app/model/LogMod.js of the component Log Viewer Endpoint. Such manipulation of the argument req.query leads to os command injection. This vulnerability is documented as CVE-2026-11408. The attack can be executed remotely. Additionally, an exploit exists. It is best practice to apply a patch to resolve this issue.

A vulnerability marked as critical has been reported in iAI Lab PDF AI App 4.21.0 on Android. Impacted is the function getExternalCacheDir of the component chatpdf.pro. Performing a manipulation of the argument _display_name results in path traversal. This vulnerability is reported as CVE-2026-11411. The attack requires a local approach. Moreover, an exploit is present. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in ubccr xdmod up to 10.0.2. It has been declared as critical. This vulnerability affects unknown code. The manipulation results in sql injection. This vulnerability is identified as CVE-2026-45779. The attack can be executed remotely. There is not any exploit available. It is recommended to upgrade the affected component.

A vulnerability labeled as critical has been found in ubccr xdmod up to 11.0.2. The impacted element is an unknown function of the component HTTPS Handler. Executing a manipulation can lead to improper access controls. This vulnerability is registered as CVE-2026-45776. It is possible to launch the attack remotely. No exploit is available. The affected component should be upgraded.

A vulnerability classified as critical has been found in ubccr xdmod up to 11.0.2. Affected is an unknown function of the component System Configuration Handler. This manipulation causes os command injection. This vulnerability appears as CVE-2026-45777. The attack may be initiated remotely. There is no available exploit. It is recommended to upgrade the affected component.

A vulnerability has been found in ubccr xdmod up to 11.0.2 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2026-45778. The attack is possible to be carried out remotely. No exploit exists. The affected component should be upgraded.