Урны не тронули — атаковали мозги избирателей. Франция раскрыла четырёх иностранных игроков, влиявших на выборы
Зачем взламывать всю систему, если можно просто разогнать нужную тему в соцсетях?
Aggregator
Developer laptops are the credential store attackers are picking through in 2026, GitGuardian announces Endpoint Protection
1 week 2 days ago
New York, New York, 16th June 2026, CyberNewswire
CyberNewswire
CISA Adds One Known Exploited Vulnerability to Catalog
1 week 2 days ago
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.
- CVE-2026-48907 Widget Factory Joomla Content Editor Improper Access Control Vulnerability
This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise.
Binding Operational Directive (BOD) 26-04: Prioritizing Security Updates Based on Risk establishes vulnerability management requirements for Federal Civilian Executive Branch (FCEB) agencies, updating BOD 22-01. BOD 26-04 reinforces the importance of the KEV catalog and requires federal agencies to prioritize rapid remediation of high-risk vulnerabilities, specifically those identified by Common Vulnerabilities and Exposures (CVEs) listed in CISA’s Known Exploited Vulnerabilities (KEV) catalog on publicly exposed assets that grant total control of the asset post-exploitation, while deferring action for lower-risk vulnerabilities. BOD 26-04 further establishes basic expectations for when agencies must check whether threat actors compromised the system before the patch was applied.
While BOD 26-04 applies only to FCEB agencies, CISA encourages all organizations to adopt risk-based vulnerability management and prioritize remediation of KEV catalog vulnerabilities. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.
Aware of an exploited vulnerability not currently listed in the KEV catalog? Submit for potential addition: KEV Nomination Form. Potential KEV additions must have a CVE ID, evidence of exploitation, and clear mitigation guidance.
CISA
Over Two-Thirds of Security Pros Say Cyber Is Getting Harder
1 week 2 days ago
ISSA study finds most security professionals feel challenged by colleagues’ involvement in cyber
CVE-2026-6047 | LibreOffice up to 25.8.6/26.2.2 out-of-bounds write (Nessus ID 321146)
1 week 2 days ago
A vulnerability categorized as critical has been discovered in LibreOffice up to 25.8.6/26.2.2. The impacted element is an unknown function. The manipulation results in out-of-bounds write.
This vulnerability was named CVE-2026-6047. The attack may be performed from remote. There is no available exploit.
It is advisable to upgrade the affected component.
vuldb.com
CVE-2026-52719 | GStreamer gst-plugins-bad out-of-bounds (Nessus ID 321147 / WID-SEC-2026-1919)
1 week 2 days ago
A vulnerability, which was classified as critical, has been found in GStreamer. This affects an unknown function of the component gst-plugins-bad. The manipulation leads to out-of-bounds read.
This vulnerability is referenced as CVE-2026-52719. Remote exploitation of the attack is possible. No exploit is available.
vuldb.com
CVE-2026-52718 | GStreamer AV1 Codec Parser gst_av1_parser_parse_tile_list_obu assertion (Nessus ID 321145 / WID-SEC-2026-1919)
1 week 2 days ago
A vulnerability was found in GStreamer. It has been declared as problematic. This affects the function gst_av1_parser_parse_tile_list_obu of the component AV1 Codec Parser. Executing a manipulation can lead to reachable assertion.
This vulnerability is registered as CVE-2026-52718. It is possible to launch the attack remotely. No exploit is available.
vuldb.com
CVE-2026-53704 | GStreamer FILEINFO re_skip_pascal_string out-of-bounds (Nessus ID 321148 / WID-SEC-2026-1919)
1 week 2 days ago
A vulnerability was found in GStreamer. It has been rated as critical. This vulnerability affects the function re_skip_pascal_string of the component FILEINFO Handler. The manipulation leads to out-of-bounds read.
This vulnerability is documented as CVE-2026-53704. The attack can be initiated remotely. There is not any exploit available.
vuldb.com
Novo Nordisk Confirms Cyber Attack — Hackers Accessed Patient Medical Data and Internal AI Assets
1 week 2 days ago
Danish pharmaceutical giant Novo Nordisk has confirmed a cyberattack in which threat actors gained unauthorized access to internal IT systems, exfiltrating pseudonymized patient data from clinical trials and, according to the alleged attackers, a trove of proprietary AI model assets. Novo Nordisk disclosed the incident on June 11, 2026, stating that attackers copied “certain non-public […]
The post Novo Nordisk Confirms Cyber Attack — Hackers Accessed Patient Medical Data and Internal AI Assets appeared first on Cyber Security News.
Guru Baran
Ваша зарплата ушла мошенникам. Как хакеры взламывают бухгалтеров и крадут деньги перед самой получкой
1 week 2 days ago
Новая атака Payroll Pirate удивляет своей дерзостью даже опытных специалистов.
CVE-2025-7006 | Gen Digital Avast Antivirus on Windows PE File free of memory not on the heap (ID 25022500 / EUVD-2025-210126)
1 week 2 days ago
A vulnerability has been found in Gen Digital Avast Antivirus, AVG Antivirus, Norton Antivirus, Avast One and Avast Business Antivirus on Windows and classified as problematic. This issue affects some unknown processing of the component PE File Handler. Performing a manipulation results in free of memory not on the heap.
This vulnerability is reported as CVE-2025-7006. The attack is possible to be carried out remotely. No exploit exists.
The affected component should be upgraded.
vuldb.com
CVE-2025-7008 | Gen Digital Avast Antivirus up to 25021310 on Windows PE File out-of-bounds (ID 25021310 / EUVD-2025-210127)
1 week 2 days ago
A vulnerability was found in Gen Digital Avast Antivirus, AVG Antivirus, Norton Antivirus, Avast One and Avast Business Antivirus up to 25021310 on Windows. It has been rated as critical. The affected element is an unknown function of the component PE File Handler. This manipulation causes out-of-bounds read.
This vulnerability appears as CVE-2025-7008. The attack may be initiated remotely. There is no available exploit.
Upgrading the affected component is advised.
vuldb.com
CVE-2025-7009 | Gen Digital Avast Antivirus up to 25021310 on Windows PE File out-of-bounds (ID 25021310 / EUVD-2025-210128)
1 week 2 days ago
A vulnerability categorized as critical has been discovered in Gen Digital Avast Antivirus, AVG Antivirus, Norton Antivirus, Avast One and Avast Business Antivirus up to 25021310 on Windows. The impacted element is an unknown function of the component PE File Handler. Such manipulation leads to out-of-bounds read.
This vulnerability is traded as CVE-2025-7009. The attack may be launched remotely. There is no exploit available.
It is advisable to upgrade the affected component.
vuldb.com
CVE-2025-7005 | Gen Digital Avast Antivirus up to 25031700 on Windows PE File recursion (ID 25031700 / EUVD-2025-210125)
1 week 2 days ago
A vulnerability, which was classified as problematic, was found in Gen Digital Avast Antivirus, AVG Antivirus, Norton Antivirus, Avast One and Avast Business Antivirus up to 25031700 on Windows. This vulnerability affects unknown code of the component PE File Handler. Such manipulation leads to uncontrolled recursion.
This vulnerability is documented as CVE-2025-7005. The attack can be executed remotely. There is not any exploit available.
You should upgrade the affected component.
vuldb.com
CVE-2025-7004 | Gen Digital Avast Antivirus up to 25040308 on Windows PE File out-of-bounds write (ID 25040308 / EUVD-2025-210124)
1 week 2 days ago
A vulnerability was found in Gen Digital Avast Antivirus, AVG Antivirus, Norton Antivirus, Avast One and Avast Business Antivirus up to 25040308 on Windows. It has been declared as critical. Impacted is an unknown function of the component PE File Handler. The manipulation results in out-of-bounds write.
This vulnerability is reported as CVE-2025-7004. The attack can be launched remotely. No exploit exists.
It is recommended to upgrade the affected component.
vuldb.com
DragonForce Ransomware Exploited Microsoft Teams to Hide in Attack Against Major Company
1 week 2 days ago
Command and control traffic exploited a Teams visitor token to make malicious activity look legitimate to defenders
Survey: 94% of Incidents Involve Anonymized Infrastructure. Teams Are Still Reactive
1 week 2 days ago
Security teams have never had more IP data at their disposal. Every day, analysts ingest enrichment feeds, geolocation data, reputation scores, telemetry, and threat intelligence from a growing ecosystem of vendors and platforms.
Yet despite this abundance of information, many organizations continue to face a fundamental challenge: sifting through the noise to understand who is behind an IP and
The Hacker News
Не джейлбрейк, а просьба починить код. Эксперт объяснила, почему власти США испугались Fable 5
1 week 2 days ago
RALord
1 week 2 days ago
You must login to view this content
cohenido
一个「静音」口罩,补上了 AI 语音革命的最后一块拼图
1 week 2 days ago
一个月从 Demo 到众筹。