Aggregator

A vulnerability described as critical has been identified in IBM QRadar up to 7.5.0 IP15 IF 002. The impacted element is an unknown function of the component Backup Handler. Such manipulation leads to exposure of backup file to an unauthorized control sphere. This vulnerability is listed as CVE-2024-56462. The attack may be performed from remote. There is no available exploit. Upgrading the affected component is recommended.

A vulnerability marked as critical has been reported in Samba. Affected is an unknown function of the component NTFS Handler. The manipulation leads to improper access controls. This vulnerability is uniquely identified as CVE-2026-1933. The attack is possible to be carried out remotely. No exploit exists.

A vulnerability was found in pensar apex up to 0.0.58. It has been classified as critical. The impacted element is the function createSmartEnumerateTool of the file src/core/agent/tools.ts of the component URL Parameter Handler. This manipulation causes os command injection. This vulnerability is registered as CVE-2026-36044. Remote exploitation of the attack is possible. No exploit is available.

A vulnerability was found in Linux Kernel up to 6.18.13/6.19.3. It has been rated as critical. Affected by this issue is the function llbitmap_suspend_timeout. The manipulation leads to state issue. This vulnerability is documented as CVE-2026-45955. The attack requires being on the local network. There is not any exploit available. Upgrading the affected component is advised.

A vulnerability described as critical has been identified in Linux Kernel up to 6.19.3. Affected by this issue is the function vidi_connection_ioctl of the component exynos. Such manipulation leads to use after free. This vulnerability is traded as CVE-2026-45956. Access to the local network is required for this attack to succeed. There is no exploit available. Upgrading the affected component is recommended.

A vulnerability marked as problematic has been reported in Erlang OTP. This vulnerability affects unknown code in the library lib/public_key/src/pubkey_cert.erl of the component TLS Endpoint. This manipulation causes improper certificate validation. This vulnerability is handled as CVE-2026-42789. The attack can be initiated remotely. There is not any exploit available. It is suggested to upgrade the affected component.

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds SolarWinds Serv-U flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added SolarWinds Serv-U flaw, tracked as CVE-2026-28318 (CVSS ver 3.1 score of 7.5), to its Known Exploited Vulnerabilities (KEV) catalog. SolarWinds Serv-U is a managed file transfer (MFT) and secure file […]

Cybersecurity researchers are warning businesses about Pink Extortion Group, a threat actor that uses voice phishing to bypass multi-factor authentication and steal files from cloud environments.

Currently trending CVE - Hype Score: 3 - Incorrect permission assignment for critical resource issue exists in ServerView Agents for Windows V11.60.04 and earlier. If this vulnerability is exploited, a local authenticated attacker who can log in to the server where the affected product is installed may obtain SYSTEM ...

Currently trending CVE - Hype Score: 4 - Crafted MQTT messages can trigger command injection, resulting in root-level code execution on the target device.

Currently trending CVE - Hype Score: 4 - Web endpoints intended for the Acer Connect app improperly validate the HTTP Authorization header, failing to block requests when Base64 decoding fails.

Алгоритмы вышли из-под контроля раньше, чем компании успели это заметить.

Name: ZeroDay Heist 2026 (an ZerodayHeist event.)
Date: June 6, 2026, 6:30 a.m. — 06 June 2026, 12:30 UTC  [add to calendar]
Format: Jeopardy
On-line
Location: On-line
Offical URL: https://ctf.cyberhx.com/
Rating weight: 24.33
Event organizers: CyberXoX

За обычной дверью скрывался бизнес, который обслуживал клиентов по всей Европе.

OpenAI has released ChatGPT Lockdown Mode, a new security feature designed to limit outbound network access and reduce the risk of data exfiltration from prompt-injection attacks. The feature is now available to eligible personal accounts, self-serve ChatGPT Business users, and managed enterprise workspaces. Prompt injection, where malicious instructions are embedded in content processed by an […]

The post New ChatGPT Lockdown Mode to Mitigate Prompt Injection and Data Exfiltration Attacks appeared first on Cyber Security News.

Browser Choice Alliance написала открытое письмо Сатье Наделле.

Reports claim Anthropic engineers are helping the NSA use its restricted AI model Mythos, known for advanced cybersecurity capabilities. This week, the Financial Times reported that Anthropic has placed approximately six “forward-deployed” engineers inside the National Security Agency to help the intelligence agency use Mythos, its most capable cyber model, for offensive operations. Two people […]

A vulnerability identified as problematic has been detected in SecureAge CatchPulse up to 10.9.1. Impacted is an unknown function in the library saappctl.sys of the component IOCTL Handler. The manipulation leads to information disclosure. This vulnerability is uniquely identified as CVE-2026-11459. Local access is required to approach this attack. Moreover, an exploit is present. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability categorized as problematic has been discovered in erzhongxmu JeeWMS up to 141740afb2ba14d441c82a833d0a418d07ca2d69. This issue affects some unknown processing of the file /base-boot/actuator of the component Boot Actuator Endpoint. Executing a manipulation can lead to information disclosure. This vulnerability is handled as CVE-2026-11458. The attack can be executed remotely. Additionally, an exploit exists. This product implements a rolling release for ongoing delivery, which means version information for affected or updated releases is unavailable. The vendor was contacted early about this disclosure but did not respond in any way.