Mastodawn

Critical RCE Vulnerability in Hugging Face Transformers Bypasses Security Settings

Hugging Face patched a high-severity RCE vulnerability (CVE-2026-4372) in the Transformers library that allowed malicious models to execute arbitrary code during routine loading, even when security flags were disabled.

**If you use the Hugging Face Transformers library with the `kernels` package installed, update to version 5.3.0 or later ASAP. After updating, audit your cached model configurations for any suspicious `_attn_implementation_internal` field and avoid loading models from untrusted sources.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-rce-vulnerability-in-hugging-face-transformers-bypasses-security-settings-c-b-d-w-8/gD2P6Ple2L

TheHackerWire 1m ago

🟠 CVE-2026-11136 - High (8.8)

Use after free in Canvas in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-11136/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

urlDNA.io

1m ago

Possible Phishing 🎣
on: ⚠️hxxp[:]//netflix-clone-azure-ten[.]vercel[.]app
🧬 Analysis at: https://urldna.io/scan/6a21f5683b77500004c3efd8
#cybersecurity #phishing #infosec #urldna #scam #infosec

EUVD Bot 2m ago

🚨 EUVD-2026-34789

📊 Score: 10.0/10 (CVSS v3.1)
📦 Product: Joomla Content Editor (JCE) extension for Joomla
🏢 Vendor: joomlacontenteditor.net
📅 Updated: 2026-06-05

📝 A vulnerability in the JCE editor extension for Joomla allows the creation of new editor profiles for unauthenticated users, ultimately resulting in PHP code upload and execution.

🔗 https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-34789

#cybersecurity #infosec #euvd #cve #vulnerability

EUVD

European Vulnerability Database

TheHackerWire 2m ago

🟠 CVE-2026-11130 - High (8.8)

Use after free in Media in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-11130/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

EUVD Bot 2m ago

🚨 EUVD-2026-34790

📊 Score: 2.7/10 (CVSS v3.1)
📅 Updated: 2026-06-05

📝 A flaw was found in org.keycloak.services. An administrator with delegated access to read group memberships and users can bypass user profile permissions by accessing the group members endpoint. This allows the administrator to view user attributes that are explicitly configured to be denied, l...

🔗 https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-34790

#cybersecurity #infosec #euvd #cve #vulnerability

EUVD

European Vulnerability Database

TheHackerWire 2m ago

🟠 CVE-2026-11149 - High (7.5)

Insufficient validation of untrusted input in Extensions in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted HTML page. (Chromium security severit...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-11149/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

TechWire ⚡8m ago

Aviation enthusiast uses Raspberry Pi and ADS-B radio to create viral real-time airport tracker — open-source 'Skylight' i…

Software engineer Cameron Paczek has developed Skylight, a project that receives ADS-B signals from an RTL-SDR radio antenna and shows the airplanes flying above you on a projector aimed at your ceiling.

https://www.tomshardware.com/raspberry-pi/aviation-enthusiast-uses-raspberry-pi-and-abs-b-radio-to-create-viral-real-time-airport-tracker-open-source-skylight-intercepts-aircraft-signals-and-projects-flight-paths-onto-your-ceiling

#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #TomsHardware [Tom's Hardware]