Lucene search
K

75 matches found

The Hacker News
The Hacker News
added 2026/06/30 5:45 p.m.13 views

RustDuck Botnet Rebuilds in Rust to Hijack Routers and Servers for DDoS

A new two-stage malware family called RustDuck is hijacking home routers, IP cameras, Android boxes, and poorly secured servers, then stitching them into a network built to knock websites and online services offline. Researchers at QiAnXin's XLab have tracked it since February 2026, and say the...

6.5AI score
Exploits0
SUSE CVE
SUSE CVE
added 2026/06/26 2:12 a.m.8 views

SUSE CVE-2026-53145

In the Linux kernel, the following vulnerability has been resolved: drm/gem: Try to fix changehandle ioctl, attempt 4 airlied: just added some comments on how to reenable On-list because the cat is out of the bag and we're clearly not good enough to figure this out in private. The story thus far:...

7.8CVSS5.9AI score0.00106EPSS
Exploits0References3
NVD
NVD
added 2026/06/25 9:16 a.m.5 views

CVE-2026-53145

In the Linux kernel, the following vulnerability has been resolved: drm/gem: Try to fix changehandle ioctl, attempt 4 airlied: just added some comments on how to reenable On-list because the cat is out of the bag and we're clearly not good enough to figure this out in private. The story thus far:...

7.8CVSS0.00106EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/25 8:38 a.m.3 views

EUVD-2026-39236

In the Linux kernel, the following vulnerability has been resolved: drm/gem: Try to fix changehandle ioctl, attempt 4 airlied: just added some comments on how to reenable On-list because the cat is out of the bag and we're clearly not good enough to figure this out in private. The story thus far:...

5.9AI score0.00106EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/25 8:38 a.m.39 views

CVE-2026-53145 drm/gem: Try to fix change_handle ioctl, attempt 4

In the Linux kernel, the following vulnerability has been resolved: drm/gem: Try to fix changehandle ioctl, attempt 4 airlied: just added some comments on how to reenable On-list because the cat is out of the bag and we're clearly not good enough to figure this out in private. The story thus far:...

7.8CVSS0.00106EPSS
Exploits0References3
CVE
CVE
added 2026/06/25 8:38 a.m.16 views

CVE-2026-53145

Summary of CVE-2026-53145 (Linux kernel drm/gem change_handle race) : A race between gem_close and gem_change_handle ioctls in the DRM GEM subsystem was addressed but not cleanly fixed initially. The root cause involved confusion around the local handle variable (which is the new handle) and seve...

7.8CVSS5.9AI score0.00106EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2026/06/25 8:38 a.m.3 views

CVE-2026-53145 drm/gem: Try to fix change_handle ioctl, attempt 4

In the Linux kernel, the following vulnerability has been resolved: drm/gem: Try to fix changehandle ioctl, attempt 4 airlied: just added some comments on how to reenable On-list because the cat is out of the bag and we're clearly not good enough to figure this out in private. The story thus far:...

7.8CVSS5.9AI score0.00106EPSS
Exploits0References9
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/11 3:14 a.m.17 views

Malicious code in @403name/ether-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 927758f43d6eaa6514273bd8ab8f3559624055b9bbf8c9ef9a190b645c0a6eef On require'@403name/ether-js', index.js runs an IIFE that targets macOS only returns early on non-darwin and when CI/GITHUBACTIONS env vars are set,...

6.3AI score
Exploits0References2
OSV
OSV
added 2026/05/28 12:0 a.m.11 views

MAL-2026-4903 Malicious code in @cloudplatform-single-spa/dataplatform (npm)

Part of a dependency confusion attack campaign targeting the @cloudplatform-single-spa and @mlspace npm scopes. The attacker npm user mr.4nd3r50n published 139 scoped packages at the inflated version 99.99.99, which resolves ahead of any private registry version via npm's default version...

5.8AI score
Exploits0References2
OSV
OSV
added 2026/05/28 12:0 a.m.10 views

MAL-2026-4912 Malicious code in @cloudplatform-single-spa/dataplatform-trino (npm)

Part of a dependency confusion attack campaign targeting the @cloudplatform-single-spa and @mlspace npm scopes. The attacker npm user mr.4nd3r50n published 139 scoped packages at the inflated version 99.99.99, which resolves ahead of any private registry version via npm's default version...

5.8AI score
Exploits0References2
Packet Storm News
Packet Storm News
added 2026/05/19 12:0 a.m.14 views

Detecting Data Exfiltration through I2P Anonymity Networks: A Two-Phase Machine Learning Approach

The Invisible Internet Project I2P provides strong anonymity through garlic routing and distributed network architecture, making it attractive for legitimate privacy needs. Nevertheless, the same properties can be exploited by malicious actors to steal sensitive information from corporate network...

5.8AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.10 views

PT-2026-40425

Name of the Vulnerable Software and Affected Versions dalfox affected versions not specified Description A structural ordering error in the ParameterAnalysis function within pkg/scanning/parameterAnalysis.go allows an unauthenticated remote attacker to crash the dalfox server process. The issue...

7.5CVSS5.9AI score0.00231EPSS
Exploits0References7
Packet Storm News
Packet Storm News
added 2026/05/11 12:0 a.m.14 views

Guaranteed Jailbreaking Defense Via Disrupt-And-Rectify Smoothing

This paper proposes a guaranteed defense method for large language models LLMs to safeguard against jailbreaking attacks. Drawing inspiration from the denoised-smoothing approach in the adversarial defense domain, we propose a novel smoothing-based defense method, termed Disrupt-and-Rectify...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/30 12:0 a.m.7 views

Varnish Nuclei Detection Templates

This repository has two-stage Nuclei detection for CVE-2026-34475. It can fingerprint vulnerable Varnish instances, verify cache-key collision behavior, and confirm exploitability via VCL inspection, without triggering the bug...

9.8CVSS5.1AI score0.00202EPSS
Exploits1
OSV
OSV
added 2026/04/24 3:21 p.m.6 views

GHSA-H6HF-9846-XWRQ Lemmy has SSRF and internal image disclosure in post link metadata via unvalidated og:image

Summary Lemmy fetches metadata for user-supplied post URLs and, under the default StoreLinkPreviews image mode, downloads the preview image through local pict-rs. While the top-level page URL is checked against internal IP ranges, the extracted og:image URL is not subject to the same restriction...

6.5CVSS5.5AI score0.00209EPSS
Exploits0References6
Packet Storm News
Packet Storm News
added 2026/04/20 12:0 a.m.20 views

ARES: Adaptive Red-Teaming and End-To-End Repair of Policy-Reward System

Reinforcement Learning from Human Feedback RLHF is central to aligning Large Language Models LLMs, yet it introduces a critical vulnerability: an imperfect Reward Model RM can become a single point of failure when it fails to penalize unsafe behaviors. While existing red-teaming approaches...

5.8AI score
Exploits0
The Hacker News
The Hacker News
added 2026/04/16 6:20 a.m.9 views

UAC-0247 Targets Ukrainian Clinics and Government in Data-Theft Malware Campaign

The Computer Emergencies Response Team of Ukraine CERT-UA has disclosed details of a new campaign that has targeted governments and municipal healthcare institutions, mainly clinics and emergency hospitals, to deliver malware capable of stealing sensitive data from Chromium-based web browsers and...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/02 12:0 a.m.8 views

From Component Manipulation to System Compromise: Understanding and Detecting Malicious MCP Servers

The model context protocol MCP standardizes how LLMs connect to external tools and data sources, enabling faster integration but introducing new attack vectors. Despite the growing adoption of MCP, existing MCP security studies classify attacks by their observable effects, obscuring how attacks...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/03/29 12:0 a.m.3 views

A Systematic Taxonomy of Security Vulnerabilities in the OpenClaw AI Agent Framework

AI agent frameworks connecting large language model LLM reasoning to host execution surfaces--shell, filesystem, containers, and messaging--introduce security challenges structurally distinct from conventional software. We present a systematic taxonomy of 190 advisories filed against OpenClaw, an...

6.5AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/03/26 3:3 p.m.3 views

CVE-2026-32260

Deno is a JavaScript, TypeScript, and WebAssembly runtime. From 2.7.0 to 2.7.1, A command injection vulnerability exists in Deno's node:childprocess polyfill shell: true mode that bypasses the fix for CVE-2026-27190. The two-stage argument sanitization in transformDenoShellCommand...

9.8CVSS6.1AI score0.02213EPSS
Exploits2References1
Rows per page
Query Builder