Aggregator

Пока вы не читали этот текст, ваш агент мог уже получить новые приказы. От кого — хороший вопрос.

A diffuse landscape, fruitful targets, companies not stepping up, AI’s influence and flagging U.S. government efforts all figure into a shifting threat.

The post Open-source security is posing challenges governments can’t easily solve appeared first on CyberScoop.

A vulnerability was found in GeoVision GV-VMS V20 up to 20.0.2 and classified as critical. This impacts an unknown function. Such manipulation leads to stack-based buffer overflow. This vulnerability is listed as CVE-2026-12488. The attack may be performed from remote. There is no available exploit. It is suggested to upgrade the affected component.

A vulnerability was found in GeoVision GV-IO Box 4E up to 2.09/2.11. It has been classified as critical. Affected is an unknown function in the library libNetSetObj.so of the component Network Handler. Performing a manipulation results in os command injection. This vulnerability is cataloged as CVE-2026-12849. The attack may be carried out on the physical device. There is no exploit available. Upgrading the affected component is recommended.

A vulnerability, which was classified as problematic, was found in ARforms Plugin up to 7.1.3 on WordPress. The impacted element is the function arf_save_incomplete_form_data of the component Dashboard. The manipulation results in cross site scripting. This vulnerability is identified as CVE-2026-3652. The attack can be executed remotely. There is not any exploit available.

A vulnerability has been found in GeoVision GV-IO Box 4E up to 2.09/2.11 and classified as critical. This affects an unknown function in the library libNetSetObj.so of the component Network Handler. This manipulation causes os command injection. This vulnerability is tracked as CVE-2026-12486. The attack is possible to be carried out remotely. No exploit exists. The affected component should be upgraded.

A vulnerability was found in GeoVision GV-IO Box 4E up to 2.09/2.11. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file libNetSetObj.so of the component Network Handler. Executing a manipulation can lead to os command injection. This vulnerability is registered as CVE-2026-12850. It is possible to launch the attack remotely. No exploit is available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in GeoVision GV-IO Box 4E up to 2.09/2.11. The impacted element is an unknown function of the component Send Message Handler. The manipulation leads to stack-based buffer overflow. This vulnerability is uniquely identified as CVE-2026-12848. The attack is possible to be carried out remotely. No exploit exists. It is recommended to upgrade the affected component.

The U.S. Department of Justice (DoJ) on Tuesday announced the seizure of a cloud computing account put to use by subsidiaries of Cambodia-based corporate conglomerate HuiOne Group, as the Treasury unveiled fresh sanctions against nine individuals and 26 entities linked to Prince Group. "These subsidiaries are alleged to have assisted individuals and organizations in transferring proceeds of

伊朗今年早些时候全国范围断网，持续数月之久。在断网期间，伊朗实施了白名单制度，也就是只有处于白名单内的极少数 IP 地址才能访问外网。研究人员利用位于伊朗境内的一台 VPS 以及位于匈牙利、美国以及日本的 VPS，根据伊朗自治系统通过 BGP 宣布的 IP 段总数约 11,766,454 个 IP 地址，伪造这些 IP 地址进行穷举，观察哪些 IP 能访问外网。结果显示，能访问外网的 IP 大约有 2000 个。研究人员还发现，即使这些 IP 能访问外网，它们也不能随意访问任何网站，而是受到了基于 SNI 的过滤机制的约束。但白名单 IP 地址也不是所有都受到 SNI 过滤，测试的 IP 至少有半数不受任何 SNI 过滤。这意味着白名单 IP 也存在不同的访问策略。

作者：Hanwool Lee, Dasol Choi, Bokyeong Kim等 原文链接：https://arxiv.org/pdf/2606.20408 摘要 大型语言模型（LLM）智能体越来越多地被提议作为安全关键系统的监督组件，但它们在持续、自适应对抗压力下的鲁棒性仍然缺乏充分表征。本文提出NRT-Bench，一个用于对担任安全关键系统操作员的LLM智能体进行多轮红队测试的基准，具体实例...

五维发力：解读特朗普后量子密码行政命令的核心部署

供应商已成为企业数据泄露高发环节

Public Accounts Committee (PAC) warns that museums and galleries aren’t getting enough government support on cyber

A vulnerability marked as critical has been reported in MagicForm Plugin up to 0.1.3 on WordPress. This affects an unknown part of the component PHP File Handler. This manipulation causes unrestricted upload. This vulnerability is tracked as CVE-2026-9815. The attack is possible to be carried out remotely. No exploit exists.

A vulnerability labeled as critical has been found in Xen. The impacted element is an unknown function. Executing a manipulation can lead to permission issues. The identification of this vulnerability is CVE-2026-42489. The attack may be launched remotely. There is no exploit available.

A vulnerability marked as critical has been reported in Xen. This affects an unknown function. The manipulation leads to permission issues. This vulnerability is referenced as CVE-2026-42490. Remote exploitation of the attack is possible. No exploit is available.

A vulnerability described as critical has been identified in Xen. This impacts an unknown function. The manipulation results in improper synchronization. This vulnerability is identified as CVE-2026-42487. The attack can be executed remotely. There is not any exploit available.