ZCyberNews
中文

Articles

432 articles

CVE-2026-40612: jq Stack Overflow Lets Attackers Crash JSON ProcessorHIGH
Vulnerabilities

CVE-2026-40612: jq Stack Overflow Lets Attackers Crash JSON Processor

CVE-2026-40612 in jq 1.8.1 and earlier allows attackers to trigger a stack overflow via deeply nested JSON input, crashing the tool. CVSS 7.5.

CVE-2026-40612
3 min read
Docling XXE Flaw CVE-2026-31248 Lets Attackers Trigger XML Bomb DoSHIGH
Vulnerabilities

Docling XXE Flaw CVE-2026-31248 Lets Attackers Trigger XML Bomb DoS

CVE-2026-31248: Docling METS GBS backend through 2.61.0 fails to disable entity resolution in etree.fromstring(), enabling XML Bomb attacks via crafted .tar.gz archives.

CVE-2026-31248
4 min read
EU States Export Spyware to Abusive Regimes, HRW Report Finds
Industry News

EU States Export Spyware to Abusive Regimes, HRW Report Finds

Human Rights Watch report documents EU surveillance tech sales to over two dozen nations with poor human rights records, citing Bulgaria as a top exporter.

3 min read
Exim BDAT Use-After-Free Flaw CVE-2026-45185 Enables Remote CodeCRITICAL
Vulnerabilities

Exim BDAT Use-After-Free Flaw CVE-2026-45185 Enables Remote Code

CVE-2026-45185 (Dead.Letter) is a use-after-free in Exim's BDAT handling affecting GnuTLS builds — CVSS 9.8, remote code execution risk. Patches released.

CVE-2026-45185
3 min read
Instructure Pays Ransom to ShinyHunters After Canvas BreachCRITICAL
Industry News

Instructure Pays Ransom to ShinyHunters After Canvas Breach

Instructure paid ShinyHunters after two Canvas intrusions stole data from 9,000 institutions. Congress launched an investigation into the ed-tech vendor's incident response.

3 min readShinyHunters
Instructure Pays ShinyHunters to Halt 3.65TB Canvas Data LeakHIGH
Industry News

Instructure Pays ShinyHunters to Halt 3.65TB Canvas Data Leak

ShinyHunters agreed to delete 3.65TB of stolen Canvas data after Instructure paid an undisclosed ransom. The breach affects thousands of schools and universities worldwide.

3 min readShinyHunters
Ivanti Patches Flaws in Secure Access Client, EPM, Xtraction, VTMHIGH
Industry News

Ivanti Patches Flaws in Secure Access Client, EPM, Xtraction, VTM

Ivanti disclosed vulnerabilities in Secure Access Client, Endpoint Manager, Xtraction, and Virtual Traffic Manager. No evidence of exploitation.

3 min read
Škoda Discloses Customer Data Breach After Online Shop HackHIGH
Industry News

Škoda Discloses Customer Data Breach After Online Shop Hack

Škoda Auto disclosed a data breach after attackers exploited a vulnerability in its e-commerce portal, stealing customer names, addresses, and password hashes.

3 min read
Meari SDK Flaw CVE-2026-33357 Leaks WAN IP of IoT CamerasHIGH
Vulnerabilities

Meari SDK Flaw CVE-2026-33357 Leaks WAN IP of IoT Cameras

CVE-2026-33357 (CVSS 7.5) in Meari SDK lets attackers retrieve WAN IPs for any device via CloudEdge, Arenti, and white-label apps — no authentication required.

CVE-2026-33357
3 min read
Microsoft Patches 120 Flaws in May 2026 Patch Tuesday UpdateHIGH
Industry News

Microsoft Patches 120 Flaws in May 2026 Patch Tuesday Update

Microsoft's May 2026 Patch Tuesday fixes 120 vulnerabilities across Windows 11 25H2, 24H2, and 23H2. KB5089549 and KB5087420 include security fixes, Xbox mode, and batch file...

3 min read
Microsoft Patches 137 Flaws, SSO Plugin Bug Rated CriticalCRITICAL
Vulnerabilities

Microsoft Patches 137 Flaws, SSO Plugin Bug Rated Critical

CVE-2026-41103 in Microsoft SSO Plugin for Jira & Confluence allows privilege escalation via flawed authentication.

CVE-2026-41103CVE-2026-40364CVE-2026-40361
4 min read
SAP Patches Critical S/4HANA, Commerce Flaws with 9.6 CVSSCRITICAL
Vulnerabilities

SAP Patches Critical S/4HANA, Commerce Flaws with 9.6 CVSS

SAP released 15 security notes for May 2026, fixing two critical code injection flaws in S/4HANA (CVE-2026-34260) and Commerce (CVE-2026-34263), both rated 9.6 CVSS, and a...

CVE-2026-34260CVE-2026-34263CVE-2026-34259
3 min read
← PrevPage 7 of 36Next →