Aggregator

A threat actor using the alias Saturne has posted what they describe as the database of FHF.fr, the official website of the Fédération Hospitalière de France (French Hospital Federation), which represents public healthcare and medico-social institutions and runs a major job board for the public health sector.

За четыре дня кибербитвы участники реализовали 245 критических событий в семи отраслях экономики.

A vulnerability marked as problematic has been reported in FOSSBilling up to 0.7.x. This issue affects some unknown processing of the file /api/system of the component Reverse Proxy Handler. Performing a manipulation results in missing authorization. This vulnerability is known as CVE-2026-27604. Remote exploitation of the attack is possible. No exploit is available. It is suggested to upgrade the affected component.

A vulnerability labeled as critical has been found in rasta-mouse pwnlift. This vulnerability affects unknown code of the file Components/Pages/Home.razor of the component Upload Handler. Such manipulation leads to symlink following. This vulnerability is traded as CVE-2026-56815. An attack has to be approached locally. There is no exploit available. A patch should be applied to remediate this issue.

A vulnerability identified as critical has been detected in NetComm Wireless Pty NF20MESH. This affects an unknown part of the component Web Management Interface. This manipulation causes use of hard-coded cryptographic key . This vulnerability appears as CVE-2026-35019. The attack may be initiated remotely. There is no available exploit. You should upgrade the affected component.

A vulnerability categorized as critical has been discovered in NetComm Wireless Pty NF20MESH. Affected by this issue is the function dalStorage_addUserAccount of the component Shell Command Handler. The manipulation results in os command injection. This vulnerability is reported as CVE-2026-35018. The attack can be launched remotely. No exploit exists. It is advisable to upgrade the affected component.

A vulnerability was found in FOSSBilling up to 0.7.x. It has been rated as problematic. Affected by this vulnerability is an unknown functionality of the file /api/system of the component API Endpoint. The manipulation leads to improper neutralization of special elements used in a template engine. This vulnerability is documented as CVE-2026-28496. The attack can be initiated remotely. There is not any exploit available. Upgrading the affected component is advised.

Two members of the 'Scattered Spider' cybercrime group pleaded guilty to hacking the Transport for London (TfL) systems in 2024. [...]

A threat actor using the alias Kazu is extorting Meducar (meducar.com), a Latin American telemedicine and patient-management platform owned by Grupo Cormos, an Argentine health-tech company.

Мошенники вышли на совершенно новый уровень жестокости.

The so-called duty of care provision that was excluded would have mandated that online platforms take reasonable measures to prevent specific harms such as suicidal ideation, eating disorders and cyberbullying by changing algorithm and design features.

Security firm AIR built a fake AI agent skill, pushed it through a popular skill marketplace and an Instagram ad, and says it reached roughly 26,000 agents, including some on corporate accounts. Every skill security scanner the firm tested it against marked it safe. The payload was harmless by design: it collected the user's email address and did nothing else. The point was to show

President Trump signed an executive order on June 22 setting hard deadlines for federal agencies to move high-value assets and high-impact systems to post-quantum cryptography. Key establishment must move by December 31, 2030; digital signatures by December 31, 2031. EO 14409 leaves national security systems on a separate track. The deadlines matter because of a threat that does not

Top500 公布了最新的超算榜单，深圳国家超算中心的灵晟首次亮相即登顶榜单。灵晟理论峰值 2.736 Exaflop/s，在 HPL 测试中达到了 2.198 Exaflop/s，是 Top500 榜单中首个仅靠 CPU 实现持续双精度浮点性能逾 2 Exaflops 的超算系统。灵晟使用了 304 个核心的 LX2 CPU，总共 1379 万个核心，运行频率 1.55 GHz，操作系统是麒麟，功耗为 42.2 兆瓦。榜单前五的超算性能都超过了 Exaflops：灵晟；美国劳伦斯利弗莫尔国家实验室的 El Capitan，使用 AMD 第四代 EPYC 处理器，性能 1.809 Exaflop/s；橡树岭国家实验室（ORNL）的 Frontier，使用 AMD 第三代 EPYC，性能 1.353 Exaflop/s；阿贡国家实验室 Aurora 使用英特尔 Xeon CPU，性能 1.012 Exaflop/s，德国 Jülich 超算中心的 JUPITER Booster，使用英伟达 GH Superchip 72C 3GHz，性能 1 Exaflop/s。之后还有意大利 HPC7，微软 Microsoft Azure 超算 Eagle，意大利 HPC6，日本超算富岳(Fugaku)，瑞士 Alps。排名前十的超算有四台使用了 AMD EPYC 处理器，两台英伟达处理器，两台英特尔处理器，灵晟的 CPU 架构没有说明。在 Top 500 中，美国有 162 台，日本 44 台，德国 41 台，中国 30 台；联想制造的超算最多有 129 台，其次是 HPE 的 124 台，BULL 的 58 台，戴尔的 49 台，英伟达的 37 台。

Дефицит памяти окончательно вышел из-под контроля.

JFrog found an npm package impersonating postcss-selector-parser to drop a multi-stage Windows RAT

A critical use-after-free (UAF) vulnerability in Samsung’s proprietary KNOX security subsystem, which has been hidden for over eight years, has been discovered by security research firm LucidBit, potentially exposing hundreds of millions of Galaxy devices to kernel-level memory corruption and complete device takeover. The flaw, patched in Samsung’s January 2026 Android Security Update, resides in […]

The post 8-Year-Old Samsung KNOX Vulnerability Exposes Galaxy Devices to Kernel Attacks appeared first on Cyber Security News.