Aggregator

A vulnerability, which was classified as problematic, has been found in pjsip pjproject up to 2.16. Affected by this vulnerability is an unknown functionality of the component Multipart Message Handler. Performing a manipulation results in out-of-bounds read. This vulnerability is known as CVE-2026-41415. Remote exploitation of the attack is possible. No exploit is available. It is advisable to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in pjsip pjproject up to 2.16. This impacts an unknown function of the file evsub.c. Performing a manipulation results in use after free. This vulnerability was named CVE-2026-28799. The attack may be initiated remotely. There is no available exploit. It is advisable to upgrade the affected component.

A vulnerability, which was classified as critical, was found in pjsip pjproject up to 2.16. Affected is an unknown function. Executing a manipulation can lead to stack-based buffer overflow. The identification of this vulnerability is CVE-2026-29068. The attack may be launched remotely. There is no exploit available. You should upgrade the affected component.

A vulnerability identified as problematic has been detected in pjsip pjproject up to 2.16. This affects an unknown part. This manipulation causes out-of-bounds read. This vulnerability appears as CVE-2026-34235. The attack may be initiated remotely. There is no available exploit. You should upgrade the affected component.

A vulnerability categorized as critical has been discovered in Pacemaker. This impacts an unknown function. The manipulation results in integer overflow. This vulnerability was named CVE-2026-10649. The attack may be performed from remote. There is no available exploit. It is best practice to apply a patch to resolve this issue.

Новая работа объяснила, как алмаз может объединить сверхпроводимость и полупроводниковые свойства в одном материале.

360安全大脑检测到该组织的多起定向钓鱼攻击活动，攻击者沿用经典社工手段，将恶意载荷伪装成个人简历诱导用户中招，本文将对其攻击链路展开详细分析。

深耕网络安全人才培育沃土，引导广大青年学子主动担当网络安全时代使命。

AI安全成为最突出的主题，LiteLLM AI网关曝出CVSS 9.9的致命漏洞链；而供应链攻击持续升级——WordPress插件遭大规模篡改影响120万网站。

火绒小问答--「个人版」近期top问题解答

泄漏财务数据显示 2025 年 OpenAI 净亏损约 80 亿美元。数据显示，OpenAI 的营收从 2024 年的 37 亿美元增至 2025 年的 130.7 亿美元。研发支出从 2024 年的 78.1 亿美元飙升至 2025 年的 191.8 亿美元，其中仅支付给微软的研发费用就高达 105.9 亿美元。产品生产和分销支出从 2024 年的 26.5 亿美元增至 2025 年的 75 亿美元。销售和市场营销支出从 2024 年的 11.1 亿美元增至 2025 年的 57.3 亿美元。OpenAI 的运营亏损从 2024 年的 87.8 亿美元增至 2025 年的 209.2 亿美元，净亏损从 2024 年略高于 50 亿美元飙升至 2025 年的近 390 亿美元。但其中包含了一笔大约 300 亿美元的从非盈利结构转为盈利性结构的估值相关会计支出，如果不计入这笔费用，OpenAI 在 2025 年净亏损约为 80 亿美元。OpenAI 披露 ChatGPT 周活跃用户逾 9 亿，但付费用户只有 5000 万。

2026 年 6 月 15 日，Varonis Threat Labs（Varonis 威胁实验室）公开披露了针对 Microsoft 365 Copilot Enterprise 的三级漏洞利用链，将其命名为SearchLeak，对应漏洞编号为 CVE-2026-42824，微软官方将其评定为最高严重级别（Critical）。

A vulnerability was found in nltk.app.wordnet_app up to 3.9.3. It has been classified as critical. Affected by this issue is some unknown functionality of the component Default Mode. This manipulation causes missing authentication. This vulnerability is registered as CVE-2026-12199. Remote exploitation of the attack is possible. No exploit is available.

A vulnerability classified as critical was found in Google Android 17. Affected is the function Nfc::eventCallback in the library Nfc.h. Executing a manipulation can lead to use after free. The identification of this vulnerability is CVE-2026-0083. The attack may be launched remotely. There is no exploit available.

A vulnerability has been found in Google Android 17 and classified as critical. This affects an unknown part. This manipulation causes permission issues. This vulnerability is tracked as CVE-2026-28615. The attack is restricted to local execution. No exploit exists.

A vulnerability was found in Google Android 17. It has been classified as critical. This issue affects the function tryStartActivity of the file NfcDispatcher.java. Performing a manipulation results in permission issues. This vulnerability is cataloged as CVE-2026-0082. The attack must be initiated from a local position. There is no exploit available. To fix this issue, it is recommended to deploy a patch.

A vulnerability was found in Google Android 17. It has been declared as critical. This affects an unknown part of the component Contacts Provider. Such manipulation leads to sql injection. This vulnerability is documented as CVE-2026-28576. The attack can be executed remotely. There is not any exploit available.

A vulnerability categorized as critical has been discovered in Google Android 17. This issue affects the function MmsSmsProvider of the file MmsSmsProvider.java. Executing a manipulation can lead to permission issues. This vulnerability appears as CVE-2026-28587. The attack may be performed from remote. There is no available exploit.