News Updated 6 days ago
Is SignalRGB Safe? Update to 1.3.7 to Fix Its Kernel Driver Flaws (CVE-2026-8049/8050)
SecurityLinux
Two flaws in the kernel driver that SignalRGB installs — CVE-2026-8049, where any local user can reach admin-level hardware operations, and CVE-2026-8050, which can repeatedly crash the PC — were disclosed via JVN and CERT/CC. Both are local but usable for privilege escalation, and because the driver is signed it can be carried onto other machines as a BYOVD tool. WhirlwindFX fixed them in 1.3.6 / 1.3.7.0. Here is how to update and what to check.
2026.06.186 views
News
Picklescan Can Be Bypassed: 8 Flaws Let Malicious AI Models Pass as Safe (CVE-2026-3490), Update to v1.0.4
SecurityAI
Picklescan, the tool that detects dangerous code hidden in AI models, has eight flaws that let attackers slip past the scan. The most severe, CVE-2026-3490, scores a perfect 10.0. Even a model marked safe can hijack your PC or server the moment it loads, and since it runs behind hubs like Hugging Face, the impact is broad. Here is what to do, how to update to v1.0.4, and a safer model format.
2026.06.188 views
Lab
What's New in Python 3.15: Lazy Imports, UTF-8, and What Breaks
Development
Python 3.15 lands October 2026. I installed the beta and benchmarked the headline changes: lazy imports (a ~4x startup win), UTF-8 by default, the new sampling profiler, and the old APIs that stop working when you upgrade.
2026.06.1718 views
Roundup
Is PSN Down? How to Check, and Why PlayStation Network Keeps Failing
InfrastructuregameJapanese Companies
PSN down again? How to check if PlayStation Network is really down, what to do while you wait, a history of every major PSN outage, and why it keeps happening.
2026.06.175 views
Roundup
Kitakyushu's national health insurance slips go wrong for 44,000 homes
PrivacyJapanese CompaniesDevelopment
Kitakyushu City found defects in the national health insurance payment slips it mailed out. Another person's slip was enclosed in some envelopes, and the barcodes for the January-March installments carried someone else's data. About 44,000 households are affected. The cause: a vendor program flaw in the system swapped in May, plus an error in the new envelope-stuffing machine. We break down what happened, why it slipped through, and what recipients should do.
2026.06.175 views
Roundup
Awa Bank's 27,745-record leak: what happened in a test environment left running
PrivacyJapanese CompaniesSecurity
Awa Bank leaked a cumulative 27,745 records of customer and shareholder data. The cause was a test environment left running long after development ended, with real customer data never deleted, then accessed from outside. We break down what leaked, how it could be abused, and how it should have been prevented.
2026.06.173 views
News Updated 6 days ago
Joomla Sites Using the JCE Editor Can Be Taken Over: Update to 2.9.99.6 Now (CVE-2026-48907)
SecurityDevelopment
A critical flaw, CVE-2026-48907, in JCE, a hugely popular editor add-on used by many Joomla sites, lets attackers take over a server with no login. Severity is a perfect 10.0, exploit code is public, and automated attacks are underway. CISA has ordered urgent remediation. Here are the affected versions and what to do now.
2026.06.1780 views
News
The Events Calendar CVE-2026-49772: Unauth SQL Injection, Patch Now
DevelopmentSecurity
The Events Calendar, a WordPress plugin on 700,000+ sites, has a critical flaw (CVE-2026-49772, severity 9.3) that lets anyone read the database with no login. Here are the affected versions, how to check your site, and how to update to 6.16.3 now.
2026.06.167 views
News
Zyxel GS1900 Switch Takeover Flaw CVE-2026-7273: Patch 10 Models Now
InfrastructureSecurityGlobal Companies
Zyxel's GS1900 office network switches — 10 models — have a flaw, CVE-2026-7273, that lets anyone on the same local network take the device over without a password, enabling traffic spying or cut-offs. Here are the affected models, the fixed firmware, and the update steps to run now.
2026.06.165 views
News
Two Unauthenticated Flaws in the i18n Library i18next: CVE-2026-48713 / 48714
DevelopmentSecurity
Two companion components of i18next, the JavaScript library widely used to translate web app UIs, have 9.1 flaws (CVE-2026-48713 / 48714). With no login, an attacker can poison the app's shared foundation, chaining to bypassed login checks or service outages. Update to 2.6.6 / 3.9.7.
2026.06.162 views
News
Takeover Flaws Across Many WordPress Plugins: June 2026 Disclosure, Update Each One Now
DevelopmentSecurity
In June 2026, dozens of WordPress plugins disclosed critical flaws leading to site takeover or data theft. The invoicing plugin Easy Invoice and the chatbot GeekyBot are rated a maximum 10.0, and a dozen-plus form-integration plugins are exploitable with no login. If your site uses an affected plugin, update each one to the latest version now.
2026.06.161 views
News
Query-Injection Flaw in Spring AI Vector Stores: CVE-2026-47835, Update to 1.0.9 / 1.1.8 Now
AIDevelopmentSecurity
Spring AI, a popular Java framework for building generative-AI apps, has an 8.6 flaw (CVE-2026-47835) in its vector database integrations. Special characters let an attacker run unauthorized queries against Elasticsearch and others with no login, risking data exfiltration. Fixed in 1.0.9 / 1.1.8; developers should update now.
2026.06.167 views
