666 matches found
Google Chrome 安全漏洞
Google Chrome is a web browser developed by the American company Google. Versions of Google Chrome prior to 145.0.7632.45 contained a security vulnerability. This vulnerability stemmed from insufficient policy execution within frames, which could lead to UI deception through specially crafted HTM...
Google Chrome 安全漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 145.0.7632.45 contained a security vulnerability, which was caused by improper handling of file inputs. This vulnerability could potentially lead users to execute certain UI gestures, resulting in UI...
PT-2026-6635
Name of the Vulnerable Software and Affected Versions Microsoft Edge Chromium-based for Android affected versions not specified Description A flaw in Microsoft Edge for Android allows an attacker to conduct spoofing attacks over a network by misrepresenting critical information in the user...
Microsoft Edge for Android 安全漏洞
Microsoft Edge for Android is a browser in the Android operating system developed by the American company Microsoft. There is a security vulnerability in Microsoft Edge for Android, which stems from improper presentation of key user interface information. This vulnerability may allow unauthorized...
ICE Pretends It’s a Military Force. Its Tactics Would Get Real Soldiers Killed
WIRED asked an active military officer to break down immigration enforcement actions in Minneapolis and elsewhere...
CVE-2026-24472 Hono cache middleware ignores "Cache-Control: private" leading to Web Cache Deception
Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.11.7, Cache Middleware contains an information disclosure vulnerability caused by improper handling of HTTP cache control directives. The middleware does not respect standard cache control...
CVE-2026-24472
CVE-2026-24472 affects Hono (web framework for JavaScript runtimes) through Cache Middleware prior to version 4.11.7, where HTTP cache control handling does not respect headers like Cache-Control: private or no-store, risking private/authenticated responses being cached and exposed. The issue is ...
CVE-2026-24472 Hono cache middleware ignores "Cache-Control: private" leading to Web Cache Deception
Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.11.7, Cache Middleware contains an information disclosure vulnerability caused by improper handling of HTTP cache control directives. The middleware does not respect standard cache control...
CVE-2026-24472 Hono cache middleware ignores "Cache-Control: private" leading to Web Cache Deception
Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.11.7, Cache Middleware contains an information disclosure vulnerability caused by improper handling of HTTP cache control directives. The middleware does not respect standard cache control...
Hono cache middleware ignores "Cache-Control: private" leading to Web Cache Deception
Summary Cache Middleware contains an information disclosure vulnerability caused by improper handling of HTTP cache control directives. The middleware does not respect standard cache control headers such as Cache-Control: private or Cache-Control: no-store, which may result in private or...
GHSA-6WQW-2P9W-4VW4 Hono cache middleware ignores "Cache-Control: private" leading to Web Cache Deception
Summary Cache Middleware contains an information disclosure vulnerability caused by improper handling of HTTP cache control directives. The middleware does not respect standard cache control headers such as Cache-Control: private or Cache-Control: no-store, which may result in private or...
PT-2026-4581
The Set Bulk Post Categories plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing nonce validation on the bulk category update functionality. This makes it possible for unauthenticated attackers to modify post categorie...
Azure Linux 3.0 Security Update: kernel (CVE-2024-47727)
The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-47727 advisory. - In the Linux kernel, the following vulnerability has been resolved: x86/tdx: Fix in-kernel MMIO check TDX on...
Baiting AI: Deceptive Adversary against AI-Protected Industrial Infrastructures
This paper explores a new cyber-attack vector targeting Industrial Control Systems ICS, particularly focusing on water treatment facilities. Developing a new multi-agent Deep Reinforcement Learning DRL approach, adversaries craft stealthy, strategically timed, wear-out attacks designed to subtly...
CVE-2022-42544
In getView of AddAppNetworksFragment.java, there is a possible way to mislead the user about network add requests due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
CVE-2022-0751
Inaccurate display of Snippet files containing special characters in all versions of GitLab CE/EE allows an attacker to create Snippets with misleading content which could trick unsuspecting users into executing arbitrary commands...
Agentic AI for Cyber Resilience: A New Security Paradigm and Its System-Theoretic Foundations
Cybersecurity is being fundamentally reshaped by foundation-model-based artificial intelligence. Large language models now enable autonomous planning, tool orchestration, and strategic adaptation at scale, challenging security architectures built on static rules, perimeter defenses, and...
The Imitation Game: Using Large Language Models As Chatbots to Combat Chat-Based Cybercrimes
Chat-based cybercrime has emerged as a pervasive threat, with attackers leveraging real-time messaging platforms to conduct scams that rely on trust-building, deception, and psychological manipulation. Traditional defense mechanisms, which operate on static rules or shallow content filters,...
CVE-2025-14164 Quran Gateway <= 1.5 - Cross-Site Request Forgery to Settings Update
The Quran Gateway plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5. This is due to missing nonce validation in the qurangatewayoptions function. This makes it possible for unauthenticated attackers to modify the plugin's display settings v...
Someone Boarded a Plane at Heathrow Without a Ticket or Passport
I'm sure there's a story here: Sources say the man had tailgated his way through to security screening and passed security, meaning he was not detected carrying any banned items. The man deceived the BA check-in agent by posing as a family member who had their passports and boarding passes...