Aggregator

New StorybySanya KapoorbySanya Kapoor@sanya_kapoorExpert Tech writer and Reporter May 18th, 2026byS

Опрос CEO показал, что автоматизация сильнее всего бьет по стартовым офисным позициям.

复现Copy Fail漏洞（CVE-2026-31431）没环境？云攻防靶场一键开启，深度还原容器逃逸攻击链

微软证实本月释出的例行安全更新 Windows 11 KB5089549 会导致部分 PC 安装失败，原因是对系统启动至关重要的 EFI 系统分区（ESP）空间不足。如果 ESP 可用空间

微软证实本月释出的例行安全更新 Windows 11 KB5089549 会导致部分 PC 安装失败，原因是对系统启动至关重要的 EFI 系统分区（ESP）空间不足。如果 ESP 可用空间不足 10 MB，KB5089549 安装会失败，返回 0x800f0922 错误，用户会看到安装卡在了 35-36%，然后回滚，提示空间不足。微软提供了一个临时的修复方法：以管理员身份打开命令提示符。运行以下命令：reg add “HKLM\SYSTEM\CurrentControlSet\Control\Bfsvc /v EspPaddingPercent /t REG_DWORD /d 0 /f”。然后重启受影响的设备。

Microsoft has confirmed that the May 2026 Windows 11 security update (KB5089549) fails to install on some systems and triggers 0x800f0922 errors. [...]

雷神众测拥有该文章的修改和解释权。如欲转载或传播此文章，必须保证此文章的副本，包括版权声明等全部内容。声明雷神众测允许，不得任意修改或增减此文章内容，不得以任何方式将其用于商业目的。

CISA has issued a fresh warning about a newly disclosed Microsoft Exchange Server vulnerability that is already being exploited in real-world attacks, raising concerns for organizations relying on on-premises email infrastructure. The flaw CVE-2026-42897 is a cross-site scripting (XSS) vulnerability affecting Microsoft Exchange Server, specifically within Outlook Web Access (OWA). According to the official advisory, the […]

The post CISA Warns of Microsoft Exchange Server Vulnerability Exploited in Attacks appeared first on Cyber Security News.

A widely used WordPress plugin powering over one million websites has been hit by two serious vulnerabilities that could allow attackers to steal sensitive data and access server files. Security researchers warn that the flaws in the Avada Builder plugin could be actively exploited if sites remain unpatched. The issues, discovered by researcher Rafie Muhammad through […]

The post 1 Million WordPress Sites Affected by Avada Builder File Read and SQL Injection Flaws appeared first on Cyber Security News.

报告时间：2026年5月25日（周一）下午15:30-17:00

МВД предупредило о новой схеме мошенников.

MiniPlasma: a Windows SYSTEM privilege escalation believed patched in 2020 (CVE-2020-17103) is still fully working on every patched Windows 11. Once again, security researcher Chaotic Eclipse has released a proof-of-concept exploit for a new Windows privilege escalation zero-day called MiniPlasma, which can grant attackers SYSTEM privileges on fully patched systems. The flaw affects “cldflt.sys,” the […]

Chaotic Eclipse discloses MiniPlasma zero-day, suggesting a missing or undone 2020 Wi

A vulnerability has been found in libpng 1.8.0 and classified as critical. Affected is an unknown function of the component APNG Parser. The manipulation leads to interpretation conflict. This vulnerability is documented as CVE-2026-40930. The attack can be initiated remotely. There is not any exploit available. To fix this issue, it is recommended to deploy a patch.

A vulnerability, which was classified as problematic, was found in Mattermost Plugins up to 11.5.1. This impacts an unknown function of the component Group Handler. Executing a manipulation can lead to incorrect authorization. This vulnerability is registered as CVE-2026-6342. It is possible to launch the attack remotely. No exploit is available. You should upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Mattermost Plugins up to 11.5.1. This affects an unknown function of the component API Request Handler. Performing a manipulation results in incorrect authorization. This vulnerability is cataloged as CVE-2026-6341. It is possible to initiate the attack remotely. There is no exploit available. It is advisable to upgrade the affected component.

A vulnerability classified as problematic was found in Mattermost up to 10.11.13/11.4.3/11.5.1. The impacted element is an unknown function. Such manipulation leads to uncontrolled memory allocation. This vulnerability is listed as CVE-2026-6340. The attack may be performed from remote. There is no available exploit. Upgrading the affected component is advised.

A vulnerability classified as problematic has been found in Mattermost up to 10.11.13/11.5.1. The affected element is an unknown function of the component Configuration Handler. This manipulation causes cross site scripting. This vulnerability is tracked as CVE-2026-3495. The attack is possible to be carried out remotely. No exploit exists. It is recommended to upgrade the affected component.

A vulnerability described as critical has been identified in RRWO Net::Statsd::Lite up to 0.10.0 on Perl. Impacted is the function set_add. The manipulation results in crlf injection. This vulnerability is identified as CVE-2026-8788. The attack can be executed remotely. There is not any exploit available.