Aggregator

A vulnerability classified as critical has been found in Linux Kernel up to 7.0-rc1. Impacted is the function lbs_free_adapter. Performing a manipulation results in use after free. This vulnerability is known as CVE-2026-23281. Access to the local network is required for this attack. No exploit is available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 7.0-rc1. It has been rated as critical. This affects the function mesh_rx_csa_frame of the component mac80211. The manipulation leads to null pointer dereference. This vulnerability is listed as CVE-2026-23279. The attack may be initiated remotely. There is no available exploit. Upgrading the affected component is advised.

A vulnerability classified as critical was found in pnggroup libpng up to 1.6.36. Impacted is an unknown function. The manipulation results in out-of-bounds write. This vulnerability is identified as CVE-2026-33636. The attack can be executed remotely. There is not any exploit available. Upgrading the affected component is advised.

A vulnerability described as critical has been identified in GNU ncurses 6.4/6.5. The affected element is the function analyze_string of the file progs/infocmp.c. The manipulation results in buffer overflow. This vulnerability is known as CVE-2025-69720. Access to the local network is required for this attack. No exploit is available.

A vulnerability classified as critical has been found in pnggroup libpng up to 1.6.55. This issue affects the function png_set_tRNS/png_set_PLTE of the component PNG File Parser. The manipulation leads to use after free. This vulnerability is referenced as CVE-2026-33416. Remote exploitation of the attack is possible. No exploit is available. It is recommended to upgrade the affected component.

周鸿祎发布“倚天屠龙”AI安全能力

FortiBleed exposed valid credentials for 73,000+ Fortinet firewalls, revealing a large-scale access-brokering operation targeting organizations worldwide. In mid-June 2026, researcher Volodymyr “Bob” Diachenko found a live, exposed server containing working login credentials for tens of thousands of Fortinet firewalls, a data leak code-named FortiBleed. The headline number, valid remote-access logins for 73,932 devices across 21,632 […]

Компания усилила руководство перед международной экспансией.

New ReliaQuest study reveals the six ways AI is practically being used in attacks today

ISC.AI 2026开幕，360发布漏洞挖掘智能体“图龙锋”与自动化防御系统“仪天阵”，并联合信创企业发起“磐石之盾”安全协作计划。

Fortinet防火墙大规模凭证泄露，Klue OAuth令牌被盗波及LastPass，三星KNOX 8年漏洞曝光。

A malicious AI “skill” created as part of a controlled security experiment has exposed critical weaknesses in modern AI agent ecosystems, successfully bypassing security scanners and compromising more than 26,000 agents across individual and enterprise environments. According to researcher Niv Hoffman, the attack began with the creation of a seemingly legitimate AI skill named “brand-landingpage,” […]

The post Malicious AI Agent Skill Bypasses Security Scans and Seizes Full Control of Over 26,000 Agents appeared first on Cyber Security News.

Currently trending CVE - Hype Score: 5 - FOSSBilling is a free, open-source billing and client management system. Versions prior to 0.8.0 have a Server-Side Template Injection (SSTI) vulnerability in the template rendering system. Administrators with access to features that render Twig templates (email templates, mass ...

Currently trending CVE - Hype Score: 1 - Stored cross-site scripting in pgAdmin 4's error-rendering and plan-node-rendering paths. Text returned by a PostgreSQL server (ErrorResponse messages, including object names quoted back inside relation-does-not-exist errors and inside EXPLAIN Recheck Cond / Exact Heap Blocks ...

Currently trending CVE - Hype Score: 1 - Read-only transaction bypass in the pgAdmin 4 AI Assistant allows an attacker who can influence database content that the assistant reads to execute arbitrary SQL with the privileges of the pgAdmin user's database role. The AI Assistant's execute_sql_query tool runs ...

Currently trending CVE - Hype Score: 1 - Two state-mutating endpoints in pgAdmin 4's SQL Editor blueprint -- DELETE /sqleditor/close/ and POST /sqleditor/initialize/sqleditor/update_connection/// -- were the only routes in the module missing the @pga_login_required decorator. Both reach a ...

Anthropic’s Claude Fable 5 generated a complete, bootable NT-compatible Windows kernel written in Rust called ntoskrnl-rs from an empty directory in just 38 minutes of active model work, raising profound questions about AI-authored trust and the future of critical infrastructure security. Documented by security researcher Matt Suiche and Tolmo’s threat research on June 22, 2026, […]

The post Claude Fable 5 Wrote Windows Kernel Code in Rust in 38 Minutes appeared first on Cyber Security News.

Google’s Alert Center, a dashboard in the Google Admin console that displays security and administrative alerts and helps administrators identify, investigate, and respond to issues affecting their organization, is expanding the “Super Admin password reset” alert into the “Admin password reset” alert. The feature is rolling out gradually and will be available to all Google Workspace customers. “This update provides admins with better visibility and control over the security of their organization’s privileged accounts. Monitoring … More →

The post Google Workspace expands password reset alerts to all admins appeared first on Help Net Security.

同一类漏洞被悄悄植入可能数以百万计的仓库中

速修复