Feed aggregator

A vulnerability in the Border Gateway Protocol (BGP) enforce-first-as feature of Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an unauthenticated, remote attacker to trigger BGP peer flaps, resulting in a denial of service (DoS) condition.

This vulnerability is due to incorrect parsing of a transitive BGP attribute. An attacker could exploit this vulnerability by sending a crafted BGP update through an established BGP peer session. If the update propagates to an affected device, it could cause the device to drop the BGP session and flap with the BGP peer that is forwarding this update, resulting in a DoS condition.

Cisco has released software updates that address this vulnerability. There are workarounds that address this vulnerability.

This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bgp-iefab-3hb2pwtx

<br/>Security Impact Rating: Medium <br/>CVE: CVE-2026-20171

A vulnerability in the access validation of internal REST APIs of Cisco Secure Workload could allow an unauthenticated, remote attacker to access site resources with the privileges of the Site Admin role.

This vulnerability is due to insufficient validation and authentication when accessing REST API endpoints. An attacker could exploit this vulnerability if they are able to send a crafted API request to an affected endpoint. A successful exploit could allow the attacker to read sensitive information and make configuration changes across tenant boundaries with the privileges of the Site Admin user. 

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. 

This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-csw-pnbsa-g8WEnuy

<br/>Security Impact Rating: Critical <br/>CVE: CVE-2026-20223

A vulnerability in the SSL certificate handling of Cisco ThousandEyes Virtual Appliance could allow an authenticated, remote attacker to execute commands on the underlying operating system as the root user.

This vulnerability is due to insufficient validation of user-supplied input. An authenticated attacker could exploit this vulnerability by uploading a crafted certificate to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system. To exploit this vulnerability, the attacker must have valid administrative credentials.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-tevacert-rce-RMJVEym5

<br/>Security Impact Rating: Medium <br/>CVE: CVE-2026-20199

A vulnerability in the BrowserBot component of Cisco ThousandEyes Enterprise Agent could have allowed an authenticated, remote attacker to execute arbitrary commands on Agents on behalf of the BrowserBot synthetics orchestration process. Cisco has addressed this vulnerability in the Cisco ThousandEyes Enterprise Agent, and no customer action is needed.

This vulnerability was due to insufficient input validation of command arguments that are supplied by the user. Prior to this vulnerability being addressed, an attacker could have exploited this vulnerability by authenticating to the ThousandEyes SaaS and submitting crafted input into the affected parameter. A successful exploit could have allowed the attacker to execute arbitrary commands within the BrowserBot container as the node user.

To exploit this vulnerability, the attacker must have valid user credentials for the ThousandEyes SaaS and the ability to manage transaction tests.

As mentioned, Cisco has addressed this vulnerability in the ThousandEyes service, and no customer action is necessary to update on-premises software or devices. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-tebbot-cmdinj-wN3yQ5gn

<br/>Security Impact Rating: Medium <br/>CVE: CVE-2026-20206

Former Spanish police chief, on trial for drug trafficking, claims that UK and Columbian police assisted in creating fictitious intelligence reports to hide use of intercept from encrypted phone networks Sky ECC and Anom

AI was front and center in nearly every announcement at Google I/O, but some features are more useful than others.

You have until July 1 to lock in a lifetime subscription to Plex at $250.

There's no question that Bose makes some of the best audio gear out there, and you can now get it for less while these deals last.

When Google's Android XR glasses launch this fall, they'll have a host of helpful features, but their compatibility is what stood out to me most.

Article URL: http://liveatthewitchtrials.blogspot.com/2026/05/if-llm-is-too-expensive-it-wont-be-next.html

Comments URL: https://news.ycombinator.com/item?id=48212115

Points: 2

# Comments: 0

Article URL: https://github.com/Lallapallooza/citor

Comments URL: https://news.ycombinator.com/item?id=48212083

Points: 2

# Comments: 0

Article URL: https://docs.flipper.net/one/general/tech-specs

Comments URL: https://news.ycombinator.com/item?id=48212046

Points: 3

# Comments: 0

Article URL: https://abcnews.com/International/marine-scientists-discover-1100-new-species-new-record/story?id=133078227

Comments URL: https://news.ycombinator.com/item?id=48212031

Points: 2

# Comments: 0

Article URL: https://lcamtuf.substack.com/p/a-brief-history-of-counting-stuff

Comments URL: https://news.ycombinator.com/item?id=48212016

Points: 2

# Comments: 0

Article URL: https://github.com/captxa/captxa-backend

Comments URL: https://news.ycombinator.com/item?id=48212006

Points: 1

# Comments: 0

Article URL: https://hex.pm/packages/sftpd

Comments URL: https://news.ycombinator.com/item?id=48211972

Points: 3

# Comments: 1

Article URL: https://blog.nilenso.com/blog/2026/05/18/training-a-small-model-to-write-better-ocaml-with-rlvr-and-grpo/

Comments URL: https://news.ycombinator.com/item?id=48211945

Points: 1

# Comments: 0

Article URL: https://www.nytimes.com/2026/05/20/world/asia/japan-tokuryu-crime-killing.html

Comments URL: https://news.ycombinator.com/item?id=48211941

Points: 1

# Comments: 0