Aggregator

A vulnerability was found in Microsoft .NET SDK. It has been declared as critical. This affects an unknown part. The manipulation results in improper authorization. This vulnerability is known as CVE-2026-45490. Attacking locally is a requirement. No exploit is available. It is recommended to upgrade the affected component.

A vulnerability was found in SQLFluff up to 4.1.x. It has been rated as problematic. The impacted element is an unknown function. This manipulation causes resource consumption. The identification of this vulnerability is CVE-2026-46374. It is possible to initiate the attack remotely. There is no exploit available. Upgrading the affected component is advised.

A vulnerability was found in Debian debusine up to 0.14.8. It has been declared as critical. Affected is an unknown function of the component Parser. Executing a manipulation can lead to unrestricted upload. This vulnerability appears as CVE-2026-11853. The attack may be performed from remote. There is no available exploit. It is recommended to upgrade the affected component.

Federal authorities have seized 13 internet domains allegedly used to target current and former U.S. government employees and military personnel with access to classified and sensitive information.

The post FBI seizes 13 websites linked to alleged Chinese intelligence-gathering effort appeared first on Help Net Security.

A vulnerability has been found in Vmware Spring Security up to 7.0.5 and classified as problematic. This affects an unknown part of the component REDIRECT Binding. This manipulation causes resource consumption. The identification of this vulnerability is CVE-2026-40988. It is possible to initiate the attack remotely. There is no exploit available. The affected component should be upgraded.

A vulnerability was found in Vmware Spring Security up to 7.0.5 and classified as problematic. This vulnerability affects the function JdbcAssertingPartyMetadataRepository of the component Database Table Handler. Such manipulation of the argument saml2_asserting_party_metadata leads to deserialization. This vulnerability is referenced as CVE-2026-40993. The attack needs to be initiated within the local network. No exploit is available. It is suggested to upgrade the affected component.

A vulnerability identified as problematic has been detected in Vmware Spring REST Docs up to 3.0.5/4.0.0. This affects an unknown function of the component Remote API. This manipulation causes xml external entity reference. This vulnerability is registered as CVE-2026-40991. Remote exploitation of the attack is possible. No exploit is available. You should upgrade the affected component.

Разбираем схему новой северокорейской кибератаки по шагам.

A vulnerability identified as problematic has been detected in Vmware Spring for GraphQL up to 1.0.6/1.3.8/1.4.5/2.0.3. This vulnerability affects unknown code. This manipulation causes origin validation error. This vulnerability is handled as CVE-2026-41700. The attack can be initiated remotely. There is not any exploit available. You should upgrade the affected component.

A vulnerability classified as critical was found in Vmware Spring for GraphQL up to 1.0.6/1.3.8/1.4.5/2.0.3. This affects an unknown function. The manipulation results in improper access controls. This vulnerability is identified as CVE-2026-41856. The attack can be executed remotely. There is not any exploit available. Upgrading the affected component is advised.

A vulnerability was found in Freemius SDK Plugin up to 2.5.9 on WordPress and classified as problematic. This affects the function fs_request_get. Such manipulation leads to cross site scripting. This vulnerability is traded as CVE-2023-33999. The attack may be launched remotely. There is no exploit available.

A vulnerability labeled as problematic has been found in WPOnlineSupport Accordion and Accordion Slider Plugin, Album and Image Gallery plus Lightbox Plugin, Blog Designer Plugin, Countdown Timer Ultimate Plugin, Meta Slider and Carousel with Lightbox Plugin, Portfolio and Projects Plugin, Post grid and filter ultimate Plugin, Post Ticker Ultimate Plugin, Team Slider and Team Grid Showcase plus Team Carousel Plugin, Testimonial Grid and Testimonial Slider plus Carousel with Rotator Widget Plugin, Timeline and History slider Plugin, Trending Popular Post Slider and Widget Plugin and Video gallery and Player Plugin on WordPress. This issue affects the function wpos_anylc_admin_init_process. Executing a manipulation can lead to missing authorization. The identification of this vulnerability is CVE-2023-40200. The attack needs to be done within the local network. There is no exploit available. The affected component should be upgraded.

A vulnerability labeled as problematic has been found in Appsero Plugin up to 2.0.0 on WordPress. This issue affects the function handle_optin_optout. The manipulation results in missing authorization. This vulnerability is identified as CVE-2024-32110. The attack can be executed remotely. There is not any exploit available. The affected component should be upgraded.

gbl_root_canoe隐藏BL状态原理分析

八部门发布《可能影响未成年人身心健康的网络信息分类办法》，采用“列举+概括”的规定方式，将可能影响未成年人身心健康的网络信息具体划分为四类，前两类侧重于未成年人行为规范与价值观引导，后两类则聚焦于未成年人人格及隐私权益保护……

全文请查收！

2025年11月，习近平总书记在主持二十届中央政治局第二十三次集体学习时，对加强网络生态治理作出重要论述，指出网络生态治理“事关国家发展和安全，事关人民群众切身利益”，强调抓网络生态治理必须“坚持法治护航”……

根据中央网信办等三部门联合发布的《关于开展2026年个人信息保护系列专项行动的公告》，依据《网络安全法》《个人信息保护法》等法律法规和有关规定，中央网信办组织对App（含小程序）收集使用个人信息行为进行检测，现对有关问题予以通报：

技能作为智能体与外部世界交互的核心接口，也是相关安全风险的主要载体与放大器。因此，深入研究智能体技能所面临的安全威胁及其防护机制，对于有效化解新兴技术应用带来的现实风险、保障智能体生态可持续发展具有重要现实意义。

GitHub 项目 accesskey_tools 的 AWS 模块被植入供应链后门已三年，攻击者通过仿冒 enumerate-iam 依赖包和 Endpoint 劫持窃取用户 AWS AccessKey。据「知攻善防实验室」公众号披露，该后门目前仍在活跃。使用过该工具的用户需立即轮换凭据并审计账户。