Aggregator

Год оказался тяжёлым сразу на нескольких фронтах. И дело не только в кибератаке.

Over 200 people were arrested in an anti-cybercrime operation that spanned 13 countries across the Middle East and North Africa

A vulnerability was found in SGLang 5.10. It has been rated as critical. The affected element is the function pickle.loads of the component Incoming Message Handler. The manipulation leads to deserialization. This vulnerability is traded as CVE-2026-7301. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in Dell Live Optics. It has been declared as problematic. Impacted is an unknown function. Executing a manipulation can lead to improper certificate validation. This vulnerability appears as CVE-2026-41119. The attack may be performed from remote. There is no available exploit.

A vulnerability was found in GnuTLS. It has been classified as problematic. This issue affects some unknown processing of the component Datagram Transport Layer Security Packet Handler. Performing a manipulation results in undefined behavior for input to api. This vulnerability is reported as CVE-2026-42009. The attack is possible to be carried out remotely. No exploit exists.

A vulnerability was found in SGLang 5.10 and classified as critical. This vulnerability affects the function dill.loads. Such manipulation leads to deserialization. This vulnerability is documented as CVE-2026-7304. The attack can be executed remotely. There is not any exploit available.

A vulnerability classified as problematic has been found in Industrial Application Software IAS Canias ERP 8.03. This impacts an unknown function of the component Login RMI Interface. The manipulation of the argument clientVersion leads to improper authentication. This vulnerability is traded as CVE-2026-8244. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

独立沙盒游戏《Terraria》的开发商宣布游戏上市 15 年共售出了七千万份拷贝，其中 PC 平台销量最高 3960 万份，主机 1070 万份，移动 1970 万份，Mod 工具 tModLoader 下载量 1230 万次。过去一年《Terraria》PC 版本日均玩家 46.1 万最高 140 万，PC 玩家平均游戏时长 101 小时 18 分钟。开发商表示会继续更新《Terraria》。在史上最畅销的游戏中，《Terraria》排在第 7 位。销量最高的是《我的世界（Minecraft）》（如果不考虑《俄罗斯方块》），售出超过 3.5 亿份拷贝，其次是《Grand Theft Auto V》的 2.25 亿份，《Wii Sports》的 8290 万份、《Red Dead Redemption 2》的 8200 万份，《马里奥赛车8》的 7954 万份， 《绝地求生》的 7500 万份等。

A vulnerability described as problematic has been identified in Industrial Application Software IAS Canias ERP 8.03. This affects an unknown function of the component JNLP Deployment Endpoint. Executing a manipulation can lead to use of hard-coded cryptographic key . This vulnerability appears as CVE-2026-8243. The attack may be performed from remote. There is no available exploit. The vendor was contacted early about this disclosure but did not respond in any way.

Monday opens with a trust problem. A mail server flaw is under active use. A network control system was targeted. Trusted packages were poisoned. A fake model page pushed a stealer. Then came the familiar ransom claim: the data was returned and deleted. The pattern is clear. One weak dependency can leak keys. One leaked key can open cloud access. One cloud foothold can become a production

7-Eleven confirmed a breach after ShinyHunters claimed theft of over 600,000 Salesforce records and franchisee data. 7-Eleven has confirmed a data breach after the ShinyHunters hacking group claimed it stole more than 600,000 Salesforce records containing personal and corporate information. “Over 600k Salesforce records containing PII and other internal corporate data have been compromised.” The […]

Grafana Labs disclosed that hackers have downloaded its source code after breaching its GitHub environment using a stolen access token. [...]

Government Backed Hackers abused Cloudflare storage services in a Malaysian espionage campaign involving hidden C2 systems and data exfiltration.

A vulnerability was found in Mattermost up to 10.11.13/11.4.3/11.5.1 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Command Update API. The manipulation results in incorrect authorization. This vulnerability is reported as CVE-2026-28732. The attack can be launched remotely. No exploit exists. It is suggested to upgrade the affected component.

A vulnerability labeled as problematic has been found in Mattermost up to 10.11.13/11.4.3/11.5.1/11.5.x. The affected element is an unknown function. The manipulation results in incorrect authorization. This vulnerability was named CVE-2026-6343. The attack may be performed from remote. There is no available exploit. The affected component should be upgraded.

A vulnerability has been found in Basamak DernekWeb and classified as problematic. This affects an unknown part. This manipulation causes cross site scripting. This vulnerability is registered as CVE-2026-7498. Remote exploitation of the attack is possible. No exploit is available. It is suggested to install a patch to address this issue.

A vulnerability classified as critical was found in vercel ai up to 3.0.97. The affected element is the function validateDownloadUrl of the file packages/provider-utils/src/download-blob.ts of the component provider-utils. The manipulation results in server-side request forgery. This vulnerability is reported as CVE-2026-8768. The attack can be launched remotely. Moreover, an exploit is present. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in Edimax BR-6228NC 1.22. It has been declared as critical. Affected by this issue is the function mp of the file /goform/mp of the component POST Request Handler. The manipulation of the argument command results in command injection. This vulnerability was named CVE-2026-8774. The attack may be performed from remote. In addition, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability described as problematic has been identified in omec-project amf up to 2.1.3-dev. The impacted element is the function RANConfiguration of the file ngap/handler.go. The manipulation results in null pointer dereference. This vulnerability is cataloged as CVE-2026-8781. The attack may be launched remotely. Furthermore, there is an exploit available. Upgrading the affected component is recommended. The same pull request fixes multiple security issues.

A vulnerability classified as critical was found in opensourcepos Open Source Point of Sale up to 3.4.2. This issue affects the function getPicThumb of the file app/Controllers/Items.php. The manipulation of the argument pic_filename results in path traversal. This vulnerability is cataloged as CVE-2026-8802. The attack may be launched remotely. There is no exploit available. A patch should be applied to remediate this issue. The vendor was contacted early about this disclosure.