Aggregator

Google рассекретила уязвимость в Chromium раньше, чем успела её исправить.

A vulnerability was found in Honeywell International Control Network Module up to 110.2. It has been declared as critical. The affected element is an unknown function of the component Web Interface. The manipulation results in command injection. This vulnerability is identified as CVE-2026-5433. The attack can be executed remotely. There is not any exploit available.

NASA 局长 Jared Isaacman 表示他预计中国将在 2027 年执行载人绕月飞行任务，他正以此为由要求修改阿尔忒弥斯计划，加快美国重返月球的步伐。Isaacman 称，下次全世界观看宇航员绕月飞行时——很可能是 2027 年的某个时候——他们将是中国宇航员，美国将不再是唯一能将人类送入月球环境的国家。中国尚未公布月球载人飞行的时间表。迄今所有载人绕月飞行、轨道飞行或登月任务均由 NASA 执行：包括 1968-1972 年间的九次阿波罗计划以及今年四月的阿尔忒弥斯 2 号任务。

Consider a cached access key on a single Windows machine. It got there the way most cached credentials do - a user logged in, and the key stored itself automatically. Standard AWS behavior. No one misconfigured anything or violated a policy. Yet that single key, which was easily accessible to a minor-league attacker, could have opened a path to some 98% of entities in the company's cloud

GitHub confirmed a significant security breach on May 18, 2026, after attackers leveraged a weaponized Visual Studio Code extension to compromise an employee’s device and exfiltrate data from the company’s internal source code repositories. The attack was detected and contained on Monday, May 18, when GitHub’s security team identified suspicious activity on an employee endpoint. […]

The post GitHub Internal Repositories Breached Via Weaponized VS Code Extension appeared first on Cyber Security News.

Learn how the complex Drupal SQLi vulnerability (CVE-2026-9082) exploits PostgreSQL environments and its data theft risks — and how to ensure you’re protected.

ЦБ выпустил инструкцию для банков.

Despite Internet Explorer’s retirement, hackers are abusing the legacy MSHTA utility in stealthy fileless malware attacks targeting Windows users.

Microsoft закрыла любимую схему мошенников.

360携手麒麟软件、统信 筑牢信创安全防护体系！

定向攻击国内企事业单位员工，尤其 HR、行政及全员

看雪论坛作者ID：S1nyer

考证直接加积分60，最高补贴3250元

As AI expands the attack surface and alert fatigue grows, cyber exposure management offers a clearer path to understanding where risk truly concentrates and how to reduce it before a crisis hits.

The post The readiness paradox: Why a false sense of cyber confidence is becoming a liability appeared first on CyberScoop.

创作方式或许正在被 AI 不停地改变，但剪映是那个让创作者不断回来的「老地方」。

A newly disclosed Linux kernel vulnerability, tracked as CVE-2026-46333, exposes a serious local privilege escalation flaw that has remained undetected for nearly nine years. Security researchers at the Qualys Threat Research Unit (TRU) revealed that the issue allows attackers to exfiltrate sensitive data, including SSH private keys, and execute arbitrary commands as root on affected […]

The post Nine-year-old Linux Kernel Vulnerability Let Attackers Exfiltrate SSH Private Keys appeared first on Cyber Security News.

分享一篇文章。

2026年5月20日，深瞳漏洞实验室监测到一则Linux Kernel组件存在权限提升漏洞的信息，漏洞威胁等级：高危。