Aggregator

A vulnerability categorized as critical has been discovered in Oracle Java SE, GraalVM for JDK and GraalVM Enterprise Edition. Affected is an unknown function of the component Security. The manipulation results in improper authorization. This vulnerability is reported as CVE-2026-22007. The attack requires a local approach. No exploit exists. It is advisable to upgrade the affected component.

A vulnerability labeled as problematic has been found in Oracle Java SE and GraalVM Enterprise Edition. Affected by this issue is some unknown functionality of the component Hotspot. Such manipulation leads to denial of service. This vulnerability is traded as CVE-2026-22003. An attack has to be approached locally. There is no exploit available. The affected component should be upgraded.

A vulnerability described as problematic has been identified in Apple Safari, macOS, visionOS, iOS and iPadOS up to 26.2. This affects an unknown function. The manipulation results in denial of service. This vulnerability is reported as CVE-2026-20652. The attack can be launched remotely. No exploit exists. Upgrading the affected component is recommended.

A vulnerability has been found in MIT Kerberos 5 and classified as problematic. Affected by this vulnerability is the function berval2tl_data in the library plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c. Performing a manipulation results in integer underflow. This vulnerability is cataloged as CVE-2026-11850. It is possible to initiate the attack remotely. There is no exploit available. The affected component should be upgraded.

As the FIFA World Cup 2026 kicks off, a new Darktrace report warns that sports teams and bodies are a major target for cyber criminals

For most of the past decade, managed detection and response was the answer to a real problem. Security teams couldn't staff around the clock, couldn't hire enough analysts, and needed someone else to handle the alert queue. MDR stepped in. It worked well enough. Until now. The threat landscape has changed faster than the MDR model can adapt. Attackers are using AI to move faster, generate more

环境异常 当前环境异常，完成验证后即可继续访问。 去验证

环境异常 当前环境异常，完成验证后即可继续访问。 去验证

环境异常 当前环境异常，完成验证后即可继续访问。 去验证

What happens when the bits of an RSA private key are heavily biased toward 0 instead of being random

A vulnerability classified as critical was found in Linux Kernel up to 7.0.3. This issue affects the function mmap of the component SELinux Security Mode. The manipulation results in improper access controls. This vulnerability is reported as CVE-2026-46054. The attacker must have access to the local network to execute the attack. No exploit exists. Upgrading the affected component is advised.

A vulnerability described as critical has been identified in Linux Kernel up to 6.19.6/7.0-rc2. The affected element is the function ice_set_ringparam of the component ice. The manipulation results in memory leak. This vulnerability is identified as CVE-2026-23389. The attack can only be performed from the local network. There is not any exploit available. Upgrading the affected component is recommended.

A vulnerability was found in GNU Binutils. It has been rated as problematic. Affected by this issue is some unknown functionality of the component XCOFF Object File Handler. Performing a manipulation results in out-of-bounds read. This vulnerability is cataloged as CVE-2026-3441. The attack must be initiated from a local position. There is no exploit available.

A vulnerability categorized as problematic has been discovered in GNU Binutils. This affects an unknown part of the component XCOFF Object File Handler. Executing a manipulation can lead to out-of-bounds read. This vulnerability is registered as CVE-2026-3442. The attack needs to be launched locally. No exploit is available.

ShinyHunters exploited a critical Oracle PeopleSoft zero-day to breach over 100 organizations, mostly universities, before a patch was available. Mandiant and Google’s Threat Intelligence Group published an analysis of an active ShinyHunters campaign on June 11, one day after Oracle finally issued an advisory for the vulnerability being exploited. The gap matters: the activity ran […]

Phishing activity declined by roughly 20% in both 2024 and 2025, according to research from Zscaler’s ThreatLabz team. The drop followed years of growth that pushed phishing activity above 2 billion hits in 2023. “Phishing volume measured by blocked emails is no longer a reliable proxy for phishing risk.” Researchers found greater use of targeted phishing campaigns designed to resemble routine business communications. The services sector recorded a 65.5% year-over-year increase in phishing activity, making … More →

The post Cybercriminals are moving away from mass phishing campaigns appeared first on Help Net Security.

折叠屏的下半场，要从「展开一块屏幕」转换到「交还一段时间」。