Aggregator

A vulnerability was found in FastStone Image Viewer up to 8.3.0.0. It has been declared as critical. Affected is an unknown function of the component PSD Parser. Executing a manipulation of the argument height can lead to integer overflow. This vulnerability is registered as CVE-2026-30041. It is possible to launch the attack remotely. No exploit is available.

A vulnerability was found in FastStone Image Viewer up to 8.3.0.0. It has been classified as critical. This impacts an unknown function of the file FSViewer.exe of the component JP2 Decoder. Performing a manipulation results in heap-based buffer overflow. This vulnerability is cataloged as CVE-2026-30040. It is possible to initiate the attack remotely. There is no exploit available.

Abdellah Belmili allegedly ran two black-market websites selling stolen financial credentials and custom-built phishing kits targeting major American banks, federal prosecutors say.

The post Algerian man charged with running two cybercrime marketplaces appeared first on CyberScoop.

A vulnerability was found in Eclipse Open VSX up to 0.34.0 and classified as problematic. This affects an unknown function of the component SVG File Handler. Such manipulation leads to cross site scripting. This vulnerability is listed as CVE-2026-4983. The attack may be performed from remote. There is no available exploit. It is suggested to upgrade the affected component.

A vulnerability has been found in dnsmasq and classified as problematic. The impacted element is the function find_soa of the file src/rfc1035.c of the component NXDOMAIN Handler. This manipulation causes out-of-bounds read. This vulnerability is tracked as CVE-2026-12969. The attack is possible to be carried out remotely. No exploit exists. The affected component should be upgraded.

A vulnerability, which was classified as problematic, was found in AKIN e-Commerce. The affected element is an unknown function. The manipulation results in cross site scripting. This vulnerability is identified as CVE-2026-10857. The attack can be executed remotely. There is not any exploit available. You should upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Nuxt up to 3.21.6/4.4.6 on Linux. Impacted is an unknown function. The manipulation leads to incorrect default permissions. This vulnerability is referenced as CVE-2026-56301. The attack can only be performed from a local environment. No exploit is available. It is advisable to upgrade the affected component.

A vulnerability classified as problematic was found in Red Hat OpenShift. This issue affects some unknown processing of the component Logging Subsystem. Executing a manipulation can lead to missing authorization. The identification of this vulnerability is CVE-2026-10609. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as problematic has been found in DRIMO CMS up to 1.0. This vulnerability affects the function searching of the file info.php. Performing a manipulation of the argument q results in cross site scripting. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability was named CVE-2026-11772. The attack may be initiated remotely. There is no available exploit.

多数人会反复检查手机应用的权限与隐私行为，却很少留意家里智能电视上安装的应用。

А ведь даже эти открытки уже умнее самого первого компьютера в истории.

GitHub is moving to strengthen software supply chain security by updating "actions/checkout" to block pwn request attacks that exploit the risky use of the "pull_request_target workflow" trigger to run malicious code with the workflow's full privileges. Effective June 18, 2026, the latest version of "actions/checkout," the official GitHub action for checking out a repository into the

LastPass has disclosed a supply chain security incident involving its third-party vendor, Klue, that resulted in unauthorized access to customer data within its Salesforce environment. The company confirmed that the breach did not affect its core infrastructure or password vaults. However, it highlights ongoing risks associated with SaaS integrations and OAuth token exposure. The incident […]

The post LastPass Customer Data Exposed in Klue Supply Chain Attack appeared first on Cyber Security News.

OpenAI expanded Daybreak with a full GPT-5.5-Cyber release to help defenders patch software flaws

Центробанк начнет передавать данные о подозрительных покупателях криптокомпаниям.

Attackers can now weaponize newly disclosed vulnerabilities far faster than most organizations can patch them. Picus Security explains how security teams can validate exploitability before a public exploit even exists. [...]

All US federal agencies will have to complete their post-quantum cryptography transition by 2031, according to a new Trump Executive Order

LastPass announced that hackers accessed customer data from its Salesforce environment after stealing the company's OAuth tokens in the Klue supply chain attack earlier this month. [...]

根据甲骨文的最新年报，该公司过去一年在全球裁员约 2.1 万人，原因是它正围绕 AI 重塑业务。截至 2026 年 5 月 31 日，甲骨文全职员工总数约 14.1 万人，而去年同期为 16.2 万人。甲骨文在其报告中称，AI 技术在运营中的部署已经导致且可能继续导致员工总数减少。裁员人数约占甲骨文员工总数的 13%。就业追踪公司估计，过去一年中有逾 10 万科技从业者被裁员。甲骨文称，过去一年它支付了 18 亿美元的遣散费和其它重组费用。

A vulnerability described as problematic has been identified in Grav up to 2.0.0-beta.1. This affects an unknown part of the component SVG File Handler. Such manipulation leads to xml external entity reference. This vulnerability is uniquely identified as CVE-2026-56701. The attack can be launched remotely. No exploit exists. Upgrading the affected component is recommended.