Aggregator

A vulnerability, which was classified as problematic, has been found in opensourcepos Open Source Point of Sale up to 3.4.2. Impacted is the function Login of the file app/Models/Employee.php of the component Employee Login. This manipulation causes use of weak hash. This vulnerability is registered as CVE-2026-8803. Remote exploitation of the attack is possible. No exploit is available. The actual existence of this vulnerability is currently in question. The vendor explains: "[T]he code is still there to allow the upgrade path to work. The default password is initially seeded with the old hash function, but then migrated to a newer one after login. [T]he hash version check might be cleaned up in the future. Currently it's not actively in use as any password change will use a newer hash function."

New for 2026, the Infosecurity Europe Startup competition will see five finalists pitch their ideas in front of a live audience, including senior industry leaders, investors and buyers

Полиция Джакарты раскрыла центр, связанный с 75 сайтами онлайн-казино.

A critical NGINX vulnerability (CVE-2026-42945) disclosed last week is being exploited by attackers, VulnCheck security researcher Patrick Garrity revealed on Saturday. The vulnerability, dubbed NGINX Rift, can be reliably exploited to trigger a denial-of-service condition and can potentially allow for unauthenticated remote code execution, all achievable by sending a specially crafted HTTP request to a vulnerable NGINX instance. What is NGINX? NGINX is the most widely deployed web server and, as such, it’s one of … More →

The post Attackers are exploiting critical NGINX vulnerability (CVE-2026-42945) appeared first on Help Net Security.

三星电子工会已经宣布将于 21 日启动为期 18 天的总罢工，双方就绩效奖金的上限存在分歧。目前韩国政府对此事表达了高度关注，总理金民锡周日表示若罢工对国民经济造成巨大损失，政府将为保护国民经济而采取包括行使紧急调整权在内的所有可行手段。周一三星电子劳资双方展开了最新一轮谈判。韩国法院同一天就三星电子资方针对工会提出的禁止其进行违法集体斗争行为的申请作出裁定，支持资方大部分诉求，要求工会即便罢工也不得耽误生产。该决定或给劳资谈判以及工会的罢工计划带来不小影响。专家估计每罢工一天造成的损失最高达到 20 亿美元，18 天总罢工将接近 170 亿美元。而 JPMorgan 估计损失最高将达到 280 亿美元。

A hotel check-in system exposed over 1 million passports, IDs, and selfies online due to a misconfigured cloud storage bucket. A security lapse in the Reqrea’s Tabiq hotel check-in system exposed over 1 million passports, driver’s licenses, and selfie verification photos online. The issue came from a misconfigured Amazon cloud storage bucket that was left […]

SHub Reaper bypasses Apple's Terminal mitigation, steals credentials and documents, and plants a persistent backdoor for continued access after infection.

Иранские законодатели обсуждают плату для Google, Microsoft, Meta* и Amazon за использование кабелей.

What happens when a phishing email looks clean enough to pass through security, but dangerous enough to expose the business after one click? That is the gap many SOCs still struggle with: the attacks that leave teams unsure what was exposed, who else was targeted, and how far the risk has spread. Early phishing detection closes that gap. It helps teams move from uncertainty to evidence faster,

AI agents capable of discovering and exploiting obscure vulnerabilities are emerging alongside developers producing vast amounts of potentially flawed AI-generated code, forcing defenders to adapt accordingly.

NASA 在 48 年前先后发射了两艘旅行者号探测器，当年曾为旅行者号写代码的工程师如今早已白发苍苍，甚至已经去世。旅行者号机载计算机运行的是汇编语言，是专为通用电气开发的处理器编写的。探测器上有三个计算机系统：计算机指令子系统（CCS）、姿态调节控制子系统（ACS）以及飞行数据子系统（FDS）。其底层飞行工作依赖于专门的汇编语言，地面系统和早期任务工具使用了 Fortran 语言。探测器上的计算机内存非常小，总容量仅为 64-70 KB。几十年来，地面控制团队成员不断减少，也逐渐老去。更糟的是很多原始文档遗失或支离破碎。项目文件大多是纸质的，每次项目搬迁办公室，会有更多的文件丢失。NASA JPL Interplanetary Network Directorate 项目主任 Suzy Dodd 在 2024 年称建造探测器的人都已经不在人世。Larry Zottarelli 是最后一位仍在工作的原始团队工程师，他于 2016 年 80 岁时退休。目前旅行者号维护团队大多数人都年过八旬，团队还依赖于一份退休工程师名单，以便在紧急情况下呼叫。该名单每年都在缩小。

A vulnerability classified as critical was found in Linux Kernel up to 6.18.13/6.19.3. Affected is the function __acpi_processor_start of the component ACPI Idle Driver. Such manipulation leads to null pointer dereference. This vulnerability is uniquely identified as CVE-2026-43122. The attack can only be initiated within the local network. No exploit exists. Upgrading the affected component is advised.

A vulnerability was found in Linux Kernel up to 6.19.5. It has been rated as critical. This issue affects the function vmap of the component pstore. Performing a manipulation results in null pointer dereference. This vulnerability is identified as CVE-2026-43124. The attack can only be performed from the local network. There is not any exploit available. Upgrading the affected component is advised.

A vulnerability was found in Linux Kernel up to 6.18.15/6.19.5. It has been declared as critical. Impacted is the function io_zcrx_put_niov_uref. Such manipulation leads to double free. This vulnerability is listed as CVE-2026-43121. The attack must be carried out from within the local network. There is no available exploit. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.12.74/6.18.15/6.19.5. It has been classified as critical. This affects the function buffer_funcs of the component amdgpu. This manipulation causes null pointer dereference. The identification of this vulnerability is CVE-2025-71294. The attack needs to be done within the local network. There is no exploit available. Upgrading the affected component is recommended.

A vulnerability was found in Linux Kernel up to 6.18.15/6.19.5 and classified as critical. Affected by this issue is some unknown functionality. The manipulation results in null pointer dereference. This vulnerability was named CVE-2025-71293. The attack needs to be approached within the local network. There is no available exploit. It is suggested to upgrade the affected component.

New York, USA, 18th May 2026, CyberNewswire

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 6.1.164/6.6.127/6.12.74/6.18.15/6.19.5. Affected by this vulnerability is the function bcm_vk_read of the component Misc. Performing a manipulation results in null pointer dereference. This vulnerability was named CVE-2025-71291. The attack needs to be approached within the local network. There is no available exploit. It is advisable to upgrade the affected component.

SmartBear has announced ReadyAPI’s new AI test generation capability that accelerates API testing by up to 80% while giving teams control to enable or disable AI. While competitors focus on speed alone, ReadyAPI’s AI test generation capability is architected for quality at scale and addresses the testing gap by aligning validation with development velocity without compromising application integrity. The AI capability automates repetitive test creation while QA professionals maintain oversight and strategic orchestration. Users can … More →

The post SmartBear expands ReadyAPI with AI-powered API testing capabilities appeared first on Help Net Security.

Иранские хакеры получили доступ к топливным системам американских заправок.