Aggregator

Microsoft has awarded $2.3 million to security researchers after receiving nearly 700 submissions during this year's Zero Day Quest hacking contest. [...]

A vulnerability was found in Splunk MCP Server App up to 1.0.2. It has been rated as problematic. This issue affects the function mcp_tool_admin. Performing a manipulation results in sensitive information in log files. This vulnerability is known as CVE-2026-20205. Remote exploitation of the attack is possible. No exploit is available. Upgrading the affected component is advised.

A vulnerability was found in Windsurf up to 1.9544.26. It has been declared as problematic. This vulnerability affects unknown code of the component MCP Handler. Such manipulation leads to information disclosure. This vulnerability is traded as CVE-2026-30615. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in Splunk Enterprise and Cloud Platform. It has been classified as critical. This affects the function accelerate_datamodel. This manipulation causes improper access controls. This vulnerability appears as CVE-2026-20203. The attack may be initiated remotely. There is no available exploit. Upgrading the affected component is recommended.

A vulnerability was found in Grafana up to 12.3.0 and classified as problematic. Affected by this issue is some unknown functionality of the component Alerting System. The manipulation results in information disclosure. This vulnerability is reported as CVE-2025-12141. The attack can be launched remotely. No exploit exists. It is suggested to upgrade the affected component.

A vulnerability has been found in Splunk Enterprise and Cloud Platform and classified as critical. Affected by this vulnerability is the function edit_user of the component Username Handler. The manipulation leads to improper handling of unicode encoding. This vulnerability is documented as CVE-2026-20202. The attack can be initiated remotely. There is not any exploit available. The affected component should be upgraded.

A vulnerability, which was classified as critical, was found in Upsonic 0.71.6. Affected is an unknown function of the component MCP Handler. Executing a manipulation can lead to os command injection. This vulnerability is registered as CVE-2026-30625. It is possible to launch the attack remotely. No exploit is available. You should upgrade the affected component.

A vulnerability, which was classified as critical, has been found in chatchat-space LangChain-ChatChat 0.3.1. This impacts an unknown function of the component MCP STDIO Server Configuration Handler. Performing a manipulation results in command injection. This vulnerability is cataloged as CVE-2026-30617. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability classified as critical was found in Jaaz 1.0.30. This affects an unknown function of the component MCP STDIO Command Handler. Such manipulation leads to privilege escalation. This vulnerability is listed as CVE-2026-30616. The attack may be performed from remote. There is no available exploit.

A vulnerability classified as critical has been found in Agent Zero 0.9.8. The impacted element is an unknown function of the component MCP Handler. This manipulation causes privilege escalation. This vulnerability is tracked as CVE-2026-30624. The attack is possible to be carried out remotely. No exploit exists.

A vulnerability described as critical has been identified in Splunk Enterprise and Cloud Platform. The affected element is an unknown function of the file $SPLUNK_HOME/var/run/splunk/apptemp of the component File Handler. The manipulation results in insecure temporary file. This vulnerability is identified as CVE-2026-20204. The attack can be executed remotely. There is not any exploit available. Upgrading the affected component is recommended.

Создатели OpenSSL полностью отказались от совместимости ради тотальной защиты данных.

OpenAI’s new frontier model focused on cybersecurity comes following Anthropic’s launch of Claude Mythos Preview and Project Glasswing

The British government warned businesses to strengthen their cyber defenses amid concerns prompted by the release of Anthropic's Mythos over how artificial intelligence could reshape the threat landscape.

美军MAVEN项目全面解析：算法战架构 by ourren

系统复杂性视角下的软件智能化研发体系演进 by ourren

美英报告称Mythos模型无限压缩漏洞披露到武器化时间窗口 by ourren

Botnet趋势报告（2026版） by ourren

KnowHow：面向可解释且准确溯源分析的高层CTI知识自动应用方法 by ourren

更多最新文章，请访问SecWiki

A vulnerability was found in Elecom WRC-1167GS2-B, WRC-1167GS2H-B, WRC-2533GS2-B, WRC-2533GS2-W and WRC-2533GS2V-B. It has been declared as critical. This issue affects some unknown processing of the component Request Handler. Executing a manipulation can lead to os command injection. This vulnerability is handled as CVE-2024-25579. The attack can only be done within the local network. There is not any exploit available.

The EU cybersecurity agency looks to become the third Top-Level Root CVE Numbering Authority, alongside CISA and MITRE

Теперь картинки выглядят безупречно сразу. Без правок и танцев с бубном.

A vulnerability marked as critical has been reported in CentSDR e40795. Impacted is the function Thread1. The manipulation leads to stack-based buffer overflow. This vulnerability is referenced as CVE-2026-30364. The attack needs to be initiated within the local network. No exploit is available.