Aggregator

Meta has revealed that 20,225 Instagram users had their accounts hijacked in a recent incident where attackers used Meta's AI-powered support system to reset passwords. [...]

Submit #836791 / VDB-369169

Submit #836787 / VDB-367579

Submit #836790 / VDB-369168

Submit #836785 / VDB-369168

A vulnerability described as critical has been identified in D-Link DGS-1100-08PD 1.00.006. This issue affects some unknown processing of the file /etc/boa.conf of the component Web Interface. Such manipulation leads to least privilege violation. This vulnerability is traded as CVE-2026-11555. The attack may be launched remotely. Furthermore, there is an exploit available.

Submit #836477 / VDB-369167

Submit #836476 / VDB-369166

AI-powered coding tools are rapidly changing how developers build and ship software. But as these tools enter everyday development pipelines, they are also opening new doors for attackers. A recently uncovered vulnerability in a widely used AI coding assistant shows just how far that risk can go. Researchers found that GitHub Actions workflows powered by […]

The post Microsoft Warns Claude Code GitHub Action Could Leak CI/CD Workflow Secrets appeared first on Cyber Security News.

Submit #834824 / VDB-369165

A vulnerability marked as critical has been reported in TOTOLINK CP450 4.1.0cu.747. This vulnerability affects unknown code of the file /etc/vsftpd.conf of the component vsftpd. This manipulation causes least privilege violation. This vulnerability appears as CVE-2026-11554. The attack may be initiated remotely. In addition, an exploit is available.

A vulnerability labeled as critical has been found in Tenda HG7HG9 and HG10 300001138_en_xpon. This affects the function formPPPEdit of the file /boaform/formPPPEdit. The manipulation of the argument encodename results in stack-based buffer overflow. This vulnerability is reported as CVE-2026-11553. The attack can be launched remotely. Moreover, an exploit is present.

E' stato approvato e pubblicato il D. Lgs. 96 del 2026 sulla trasparenza retributiva: https://www.

Submit #834821 / VDB-369164

Submit #836778 / VDB-369163

В новой тактике вымогателей от первого контакта до кражи данных проходит менее часа.

Как наука стала поводом для азартных игр на десятки миллионов долларов.

科学家首次精确编辑人类胚胎基因哥伦比亚大学科学家以前所未有的精确度编辑了早期人类胚胎的DNA，这一成果可能为培育具有特定特征的定制婴儿打开大门。领导这项研究的哥伦比亚大学遗传学家迪特尔·埃利呼吁就修改

A vulnerability identified as critical has been detected in SourceCodester Onlne Examination & Learning Management System and Syllabus-aligned Learning Management and Examination System 1.0. Affected by this issue is some unknown functionality of the file import_users.php. The manipulation of the argument raw_password with the input CICT_2026 leads to use of hard-coded password. This vulnerability is documented as CVE-2026-11552. The attack can be initiated remotely. Additionally, an exploit exists. This product is distributed under two entirely different names.