Aggregator

2026新春杯web方向除java题以外加域渗透wp

UPGRADE and DigiSeals Programs at ARPA-H Remain Fully Funded
A U.S. federal grant effort to develop autonomous medical device patching platforms for hospitals evaded the budget-cutting knife of the Trump administration. Program boosters hope to automate cyber defenses so that hospitals of any size can more quickly patch vulnerabilities.

Officials Warned New Models Could Accelerate Cyber Risks Faster Than Rules
Global finance officials meeting in Washington warned that advanced artificial intelligence models could expose structural weaknesses across banking and payment systems, speeding vulnerability discovery and cyber exploitation faster than regulators can build guardrails.

Tyler Buchanan Pleads Guilty to Conspiracy to Commit Wire Fraud and Identity Theft
A senior figure in the Scattered Spider cybercrime group pleaded guilty to one count of conspiracy to commit wire fraud and one count of aggravated identity theft on Friday in US federal district court. The plea marks the conclusion of a digital crime spree by Tyler Robert Buchanan.

A vulnerability has been found in elzahlan Categories Images Plugin up to 3.3.1 on WordPress and classified as problematic. Affected by this vulnerability is the function z_taxonomy_image of the component Shortcode Handler. The manipulation leads to cross site scripting. This vulnerability is listed as CVE-2026-2505. The attack may be initiated remotely. There is no available exploit.

A vulnerability, which was classified as problematic, was found in vanderwijk Content Blocks Plugin up to 3.3.9 on WordPress. Affected is the function content_block of the component Custom Post Widget. Executing a manipulation can lead to cross site scripting. This vulnerability is tracked as CVE-2026-0894. The attack can be launched remotely. No exploit exists.

A Mirai variant called Nexcorium exploits a flaw in TBK DVRs to infect devices and use them in DDoS attacks, along with outdated TP-Link routers. Fortinet researchers found that threat actors are exploiting vulnerabilities in TBK DVRs and end-of-life TP-Link routers to spread a Mirai variant called Nexcorium. “IoT devices are increasingly prime targets for […]

В Visual Studio 18.5 появился «автопилот» для отладки, но за экономию времени придется платить.

Детекторы годами игнорировали грубость генеративных алгоритмов. Пора это исправить.

A vulnerability, which was classified as problematic, has been found in Zebra. This impacts an unknown function of the component Cached Mempool Verification. Performing a manipulation results in comparison using wrong factors. This vulnerability is identified as CVE-2026-40880. The attack can be initiated remotely. There is not any exploit available. It is advisable to upgrade the affected component.

A vulnerability classified as problematic was found in Zebra. This affects an unknown function of the component addr Message Handler. Such manipulation leads to resource consumption. This vulnerability is referenced as CVE-2026-40881. It is possible to launch the attack remotely. No exploit is available. Upgrading the affected component is advised.

In 2024, compromised service accounts and forgotten API keys were behind 68% of cloud breaches. Not phishing. Not weak passwords. Unmanaged non-human identities that nobody was watching. For every employee in your org, there are 40 to 50 automated credentials: service accounts, API tokens, AI agent connections, and OAuth grants. When projects end or employees leave, most

Некогда сложные правила заменили на интуитивно понятный конструктор.

Name: WRECKCTF 2026 (an WRECKCTF event.)
Date: April 17, 2026, 4 a.m. — 18 April 2026, 04:00 UTC  [add to calendar]
Format: Jeopardy
On-line
Offical URL: http://wreckctf.com/
Rating weight: 0
Event organizers: Mad H@tters

Name: ZeroSecure CTF 2026 (an ZeroSecure CTF event.)
Date: April 17, 2026, 5:30 a.m. — 18 April 2026, 05:30 UTC  [add to calendar]
Format: Jeopardy
On-site
Offical URL: https://www.zerosecurectf.online/
Rating weight: 0.00
Event organizers: CLIENT - ZERO

Name: 47CON CTF 2026 (an 47CON CTF event.)
Date: April 17, 2026, 8 a.m. — 18 April 2026, 08:00 UTC  [add to calendar]
Format: Jeopardy
On-line
Location: Valladolid (Spain)
Offical URL: https://sugusuva.es/ctfd/
Rating weight: 0
Event organizers: SUGUS

Grinex, a Kyrgyzstan-incorporated cryptocurrency exchange sanctioned by the U.K. and the U.S. last year, said it's suspending operations after it blamed Western intelligence agencies for a $13.74 million hack. The exchange said it fell victim to what it described as a large-scale cyber attack that bore hallmarks of foreign intelligence agency involvement. This attack led to the theft of over 1

A vulnerability classified as problematic has been found in Little CMS up to 2.18. The impacted element is an unknown function of the file cmslut.c of the component CubeSize. This manipulation causes incorrect behavior order. The identification of this vulnerability is CVE-2026-41254. The attack can only be executed locally. There is no exploit available.

A vulnerability described as critical has been identified in leepeuker movary up to 0.71.0. The affected element is an unknown function of the file /settings/users/ of the component Endpoint. The manipulation results in missing authorization. This vulnerability was named CVE-2026-40349. The attack may be performed from remote. There is no available exploit. Upgrading the affected component is recommended.

A vulnerability marked as problematic has been reported in gitroomhq postiz-app up to 2.21.5. Impacted is an unknown function. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2026-40487. The attack is possible to be carried out remotely. No exploit exists. It is suggested to upgrade the affected component.