Aggregator

引言：不打招呼就占 4G 空间，现在的 Chrome 这么流氓了？ 如果这两天你觉得电脑 C 盘或者 Mac […]

A newly discovered malware called MicrosoftSystem64 has been quietly stealing data from infected computers by routing stolen files through HuggingFace, the popular AI platform used by researchers and developers worldwide. The malware disguises itself as a legitimate Microsoft process, making it significantly harder for security tools to flag it as a threat. Its ability to […]

The post MicrosoftSystem64 Malware Uses HuggingFace Datasets for Stealthy Data Exfiltration appeared first on Cyber Security News.

Механизм не чинит весь BGP и не проверяет реальный путь пакетов, но закрывает один из самых болезненных классов ошибок в междоменной маршрутизации.

A vulnerability was found in macrozheng mall up to 1.0.3. It has been classified as critical. This affects an unknown function of the file /admin/update/ of the component Super Admin Password Handler. Performing a manipulation results in improper authorization. This vulnerability is known as CVE-2026-10070. Remote exploitation of the attack is possible. No exploit is available. The vendor deleted the GitHub issue for this vulnerability without any explanation. Afterwards the vendor was contacted early about this disclosure via email but did not respond in any way.

Submit #818384 / VDB-367156

A vulnerability was found in Shibby Tomato 1.28 and classified as critical. The impacted element is an unknown function of the file usr/sbin/miniupnpd. Such manipulation leads to resource consumption. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is traded as CVE-2026-10069. The attack may be launched remotely. There is no exploit available. This project is superseded by FreshTomato.

Эксперты нашли способ следить за пользователями Telegram через скрытую метку.

A vulnerability has been found in Shibby Tomato 1.28 and classified as critical. The affected element is the function send of the file usr/sbin/miniupnpd of the component SUBSCRIBE Call Handler. This manipulation causes server-side request forgery. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability appears as CVE-2026-10068. The attack may be initiated remotely. There is no available exploit. This project is superseded by FreshTomato.

A vulnerability, which was classified as critical, was found in Shibby Tomato 1.28. Impacted is the function sub_90F0 of the file multimon.cgi. The manipulation results in stack-based buffer overflow. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is reported as CVE-2026-10067. The attack can be launched remotely. No exploit exists. This project is superseded by FreshTomato.

黑客正在利用 FortiClient 企业管理服务器（EMS）中的一个身份验证绕过漏洞（CVE - 2026 - 35616），来传播一款未公开的名为 EKZ 的凭证窃取程序。   攻击者将该恶意软件伪装成 Fortinet 终端的更新程序，并通过由 FortiClient 管理的 VPN 脚本工作流程来执行它。   被利用的这个严重漏洞属于访问控制不当问题，使得未经身份验证的...

A vulnerability, which was classified as critical, has been found in Shibby Tomato up to 1.28. This issue affects the function sub_9068 of the file tomatoups.cgi of the component UPS Service. The manipulation leads to stack-based buffer overflow. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is documented as CVE-2026-10066. The attack can be initiated remotely. There is not any exploit available. This project is superseded by FreshTomato.

A vulnerability classified as critical was found in Shibby Tomato 1.28. This vulnerability affects the function get_ups_field of the file tomatodata.cgi. Executing a manipulation of the argument Date can lead to stack-based buffer overflow. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is registered as CVE-2026-10065. It is possible to launch the attack remotely. No exploit is available. This project is superseded by FreshTomato.

Submit #818238 / VDB-367155

Submit #818237 / VDB-367154

Submit #818146 / VDB-367153

Submit #818145 / VDB-367152

Submit #818144 / VDB-367151

联邦调查局（FBI）发出警告，在 2026 年世界杯前夕，出现了一些假冒国际足联（FIFA）的网站，这些网站旨在窃取个人和财务信息、售卖假门票与贵宾套餐，以及实施与赛事相关的其他诈骗活动。 这届国际足球锦标赛将于 6 月 11 日至 7 月 19 日在美国、加拿大和墨西哥举行，威胁行为者已准备了数百个钓鱼网站。 根据 FBI 发布的公共服务公告，这些假冒域名模仿官方的fifa.com，但利用一些不...

The ShinyHunters extortion gang stole personal information from 4.9 million accounts after hacking the U.S. telecom giant Charter Communications in early April, according to data breach notification service Have I Been Pwned. [...]