ZCyberNews
中文

Articles

432 articles

OpenAI Breached in TanStack Supply Chain AttackHIGH
Industry News

OpenAI Breached in TanStack Supply Chain Attack

OpenAI says two employees' devices were compromised in the TeamPCP Mini Shai-Hulud campaign, forcing rotation of code-signing certificates across macOS, Windows, iOS, and Android.

3 min readTeamPCP
Pwn2Own Berlin 2026: Researchers Earn $523K Hacking Windows 11, EdgeCRITICAL
Industry News

Pwn2Own Berlin 2026: Researchers Earn $523K Hacking Windows 11, Edge

On day one of Pwn2Own Berlin 2026, researchers collected $523,000 for 24 zero-days, including a $175,000 Edge sandbox escape by Orange Tsai and three Windows 11 privilege...

3 min read
UK to Shield Security Researchers in Computer Misuse Act Overhaul
Industry News

UK to Shield Security Researchers in Computer Misuse Act Overhaul

UK government will rewrite the Computer Misuse Act 1990 to include a statutory defense for good-faith security research, ending years of legal uncertainty for vulnerability...

3 min read
VMware Fusion TOCTOU Flaw CVE-2026-41702 Lets Local Users Escalate toHIGH
Vulnerabilities

VMware Fusion TOCTOU Flaw CVE-2026-41702 Lets Local Users Escalate to

Broadcom patched a high-severity TOCTOU vulnerability in VMware Fusion (CVE-2026-41702) that lets local non-admin users escalate privileges to root on macOS systems.

CVE-2026-41702
3 min read
AI-Driven Attacks Compromise Systems in 73 Seconds, Outpacing PatchingHIGH
Industry News

AI-Driven Attacks Compromise Systems in 73 Seconds, Outpacing Patching

Picus Security analysis shows AI-powered attackers exploit CVEs in ~10 hours and breach systems in 73 seconds, while patching still takes 24 hours.

3 min read
Congress Probes 25 Food Retailers Over Surveillance PricingINFORMATIONAL
Industry News

Congress Probes 25 Food Retailers Over Surveillance Pricing

Rep. Frank Pallone launched an inquiry into 25 food retailers including Amazon, Walmart, and Target over use of personal data to set variable prices, citing FTC findings.

2 min read
Foxconn Confirms Ransomware Attack on North American FactoriesHIGH
Industry News

Foxconn Confirms Ransomware Attack on North American Factories

Nitrogen ransomware gang claims 8TB of stolen data from Foxconn's North American factories, including technical files from major tech clients.

2 min readNitrogen
Palo Alto Patches Prisma Access Agent Flaws: Cert Validation, LPEMEDIUM
Vulnerabilities

Palo Alto Patches Prisma Access Agent Flaws: Cert Validation, LPE

Palo Alto Networks released patches for two medium-severity flaws in Prisma Access Agent — CVE-2026-0248 (improper certificate validation) and CVE-2026-0246 (local privilege...

CVE-2026-0248CVE-2026-0246
3 min read
Signal Adds In-App Warnings to Block Russian-Linked Phishing AttacksHIGH
Tools & Techniques

Signal Adds In-App Warnings to Block Russian-Linked Phishing Attacks

Signal introduced new in-app confirmations and warnings to counter phishing attacks linked to Russian state hackers who abused the Linked Device feature to hijack high-profile...

3 min readRussian state-sponsored hackers
Adobe Patches 52 Flaws Across 10 Products, Two Critical in ConnectCRITICAL
Vulnerabilities

Adobe Patches 52 Flaws Across 10 Products, Two Critical in Connect

Adobe's May 2026 patch batch fixes 52 CVEs across 10 products; Adobe Connect gets two critical bugs (CVE-2026-34659, 9.6 CVSS for RCE; CVE-2026-34660, 9.3 CVSS for privilege...

CVE-2026-34659CVE-2026-34660
3 min read
Apple Patches Everything: 0-Days, RCS Encryption RolloutCRITICAL
Industry News

Apple Patches Everything: 0-Days, RCS Encryption Rollout

Apple released emergency patches for two zero-days exploited in the wild alongside the beta rollout of end-to-end encrypted RCS messaging for iOS and macOS.

3 min read
CosyVoice gRPC Server Insecure Deserialization Flaw CVE-2026-31251CRITICAL
Vulnerabilities

CosyVoice gRPC Server Insecure Deserialization Flaw CVE-2026-31251

CVE-2026-31251: CosyVoice gRPC server deserializes untrusted models via torch.load() without weights_only=True, enabling RCE via crafted .pt files. No patch confirmed.

CVE-2026-31251
4 min read
← PrevPage 6 of 36Next →