Aggregator

A vulnerability categorized as problematic has been discovered in myCred Plugin up to 3.0.3 on WordPress. Affected by this issue is some unknown functionality. The manipulation results in missing authorization. This vulnerability is cataloged as CVE-2026-40794. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in codepeople WP Time Slots Booking Form Plugin up to 1.2.46 on WordPress and classified as problematic. The affected element is an unknown function. Such manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2026-40791. The attack can be launched remotely. No exploit exists.

A vulnerability, which was classified as problematic, has been found in j_3rk Video Conferencing with Zoom Plugin up to 4.6.7 on WordPress. The impacted element is an unknown function. Performing a manipulation results in missing authorization. This vulnerability is cataloged as CVE-2026-6964. It is possible to initiate the attack remotely. There is no exploit available. It is advisable to upgrade the affected component.

Scammers behind cryptocurrency investment schemes are dispatching couriers to pick up cash from victims in person, the FBI warns. According to the agency, scammers usually approach victims through social media, text messages, or fake investment personas, luring them into cryptocurrency schemes that use fraudulent trading platforms and fabricated returns to encourage additional deposits. When financial institutions block suspicious transfers, scammers tell victims that cash pickups are required to continue investing or to pay purported fees … More →

The post Crypto scammers are sending couriers to victims’ homes to collect cash appeared first on Help Net Security.

当危险内容在生成过程中萌芽，UVR 已提前打开“注意力阀门”，精准识别风险信号，抑制多场景下的不安全输出

6月17日（周三）20:00

攻击者无需密码，数秒内伪造管理员Cookie，已有企业被成功接入内网。

2026年6月12日，“密码+”人工智能安全创新联盟正式宣告成立。

看雪论坛作者ID：meiko

中美两国的 AI 公司采取了不同的发布策略：中国侧重于开源权重模型，美国公司如 OpenAI 和 Anthropic 则采用闭源策略。Hugging Face 前亚太生态系统高管 Tiezhen Wang 表示，OpenAI 和 Anthropic 指责中国 AI 公司蒸馏其模型，他认为蒸馏是中性的，美国 AI 公司是通过抓取互联网上的信息训练模型，它们并非知识的创造者，却试图阻止其他人重复利用知识，有点讽刺。所有 AI 生成的内容都应该没有版权，否则拥有算力的人能滥用权力，生成各种组合内容然后对所有内容都申请版权。他发现中国公司和美国公司在最大化使用 token 上有明显差异，因为中国有很多开源权重模型，其使用成本没有美国大，因此中国互联网公司都鼓励员工最大化使用 token，鼓励员工成为 AI 原生开发者，甚至禁止他们手动完成撰写文档之类的日常工作。

Cybersecurity researchers have flagged two previously undocumented Windows variants of what was believed to be a Linux-only backdoor called SprySOCKS. "The Windows variants discovered are internally marked as WIN_DRV and WIN_PLUS," ESET said in a report shared with The Hacker News. "Both come with a hard-coded C&C [command-and-control] configuration and support communication over TCP, UDP,

Novo Nordisk объяснила, почему кража медицинских данных – это «почти не страшно».

A vulnerability identified as critical has been detected in raszi node-tmp up to 0.2.5. This issue affects some unknown processing of the component Temporary Directory Handler. Performing a manipulation results in path traversal. This vulnerability is reported as CVE-2026-44705. The attack is possible to be carried out remotely. No exploit exists. You should upgrade the affected component.

A vulnerability classified as critical was found in Vim up to 9.2.495. This impacts the function stepmatch of the file runtime/ftplugin/cucumber.vim of the component Pattern Handler. Such manipulation leads to code injection. This vulnerability is uniquely identified as CVE-2026-47167. The attack can be launched remotely. No exploit exists. Upgrading the affected component is advised.

A vulnerability was found in vim up to 9.2.494. It has been declared as critical. The impacted element is the function NetrwBookHistSave of the file runtime/pack/dist/opt/netrw/autoload/netrw.vim of the component Directory Handler. Executing a manipulation can lead to injection. This vulnerability is tracked as CVE-2026-47162. The attack can be launched remotely. No exploit exists. It is recommended to upgrade the affected component.

A vulnerability labeled as critical has been found in Apple macOS up to 15.3. This vulnerability affects unknown code of the component App. Executing a manipulation can lead to symlink following. This vulnerability is registered as CVE-2025-43278. The attack needs to be launched locally. No exploit is available. The affected component should be upgraded.

A vulnerability classified as problematic has been found in Apple macOS up to 26.0. The affected element is an unknown function of the component App. This manipulation causes information disclosure. This vulnerability appears as CVE-2025-46313. The attack requires local access. There is no available exploit. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in vim up to 9.2.0560. This affects an unknown function of the component Working Directory Handler. Performing a manipulation results in code injection. This vulnerability is known as CVE-2026-52858. Remote exploitation of the attack is possible. No exploit is available. It is advisable to upgrade the affected component.

A vulnerability, which was classified as critical, was found in vim up to 9.2.596. This impacts the function exec of the component Command Line Handler. Executing a manipulation can lead to code injection. This vulnerability is handled as CVE-2026-52860. The attack can be executed remotely. There is not any exploit available. You should upgrade the affected component.