HCL BigFix SCM Reporting 安全漏洞

HCL BigFix SCM Reporting is a security configuration management reporting component developed by the Indian company HCL. HCL BigFix SCM Reporting has a security vulnerability that stems from the use of outdated and unsupported jQuery 1.x libraries. This vulnerability may increase the risk of...

Canvas Hackers ShinyHunters Say Their Official Domain Was Suspended

ShinyHunters says its shinyhunte.rs domain was suspended after the Canvas LMS attacks, forcing the group to move fully to its dark web .onion site...

Defending consumer web properties against modern DDoS attacks

If you own, create, or maintain online services and web portals, you’re probably aware of the dramatic upswing in DDoS attacks on your domains. AI has democratized tooling not just for us but for threat actors as well. DDoS in this era has extended from simple bandwidth saturation to sophisticate...

EUVD-2026-29487

External control of a file name in Ivanti Xtraction before version 2026.2 allows a remote authenticated attacker to read sensitive files and write arbitrary HTML files to a web directory, leading to information disclosure and possible client-side attacks...

CVE-2026-8043

External control of a file name in Ivanti Xtraction before version 2026.2 allows a remote authenticated attacker to read sensitive files and write arbitrary HTML files to a web directory, leading to information disclosure and possible client-side attacks...

CVE-2026-8043

External control of a file name in Ivanti Xtraction before version 2026.2 allows a remote authenticated attacker to read sensitive files and write arbitrary HTML files to a web directory, leading to information disclosure and possible client-side attacks...

CVE-2026-8043

External control of a file name in Ivanti Xtraction before version 2026.2 allows a remote authenticated attacker to read sensitive files and write arbitrary HTML files to a web directory, leading to information disclosure and possible client-side attacks...

CVE-2026-8043

Ivanti Xtraction is affected prior to version 2026.2 by CVE-2026-8043 due to external control of a file name. An authenticated remote attacker can read sensitive files and write arbitrary HTML files to a web directory, enabling information disclosure and potential client-side attacks. The vulnera...

CVE-2026-8043

External control of a file name in Ivanti Xtraction before version 2026.2 allows a remote authenticated attacker to read sensitive files and write arbitrary HTML files to a web directory, leading to information disclosure and possible client-side attacks...

Five Attacks on X402 Agentic Payment Protocol

The x402 protocol revives the HTTP 402 Payment Required status code to enable web-native micropayments across APIs, content, and agents. It combines synchronous HTTP authorization with asynchronous blockchain settlement and introduces a cross-layer attack surface absent from conventional web and...

PT-2026-40387

Missing lock bit protection for NBIO registers could allow a local admin-privileged attacker to modify MMIO routing configurations, potentially resulting in loss of SEV-SNP guest integrity...

Microsoft Word 访问控制错误漏洞

Microsoft Word is a word processing software within the Office suite developed by the American company Microsoft. There is an access control error vulnerability in Microsoft Word. Attackers exploit this vulnerability to carry out deceptive attacks...

Microsoft Office PowerPoint 访问控制错误漏洞

Microsoft Office PowerPoint is a software tool developed by the American company Microsoft for creating presentation documents PPTs. Microsoft Office PowerPoint has a security vulnerability related to access control. Attackers can exploit this vulnerability to carry out deceptive attacks...

Google Chrome 安全漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.168 contained a security vulnerability. This vulnerability stemmed from insufficient policy execution in the IFrame Sandbox component, which could allow remote attackers to bypass navigation...

Open-WebSearch 代码问题漏洞

Open-WebSearch is a multi-engine web search and content retrieval tool developed by Aasee’s individual developers, without the need for an API key. Versions of Open-WebSearch prior to 2.1.7 had code vulnerabilities. These vulnerabilities stemmed from URL security checks not recognizing IPv6...

Reconstruction of Personally Identifiable Information from Supervised Finetuned Models

Supervised Finetuning SFT has become one of the primary methods for adapting a large language model LLM with extensive pre-trained knowledge to domain-specific, instruction-following tasks. SFT datasets, composed of instruction-response pairs, often include user-provided information that may...

PT-2026-40388

Missing lock bit protection for NBIO registers could allow a local admin-privileged attacker to gain arbitrary System Management Network SMN access, potentially resulting in arbitrary code execution in AMD Secure Processor ASP and loss of the SEV-SNP guest's confidentiality and integrity...

Microsoft M365 Copilot 访问控制错误漏洞

Microsoft M365 Copilot is an AI-driven productivity tool developed by the American company Microsoft. There is a security access control vulnerability in Microsoft M365 Copilot. Attackers exploit this vulnerability to carry out phishing attacks...

Microsoft Teams 安全漏洞

Microsoft Teams is a software product developed by the American company Microsoft, used for online meetings, chatting, and cloud storage functions. There is a security vulnerability in Microsoft Teams. Attackers have exploited this vulnerability to carry out phishing attacks...

Security of Decoy-State Quantum Key Distribution with Correlated Bit-And-Basis Encoders

Practical quantum key distribution QKD modulators inevitably introduce correlations, causing the state emitted in a given round to depend on the setting choices made in previous rounds. These correlations break the round-by-round independence structure on which many widely used security proof...