Aggregator

A vulnerability identified as critical has been detected in Oracle Solaris 10/11. Affected by this vulnerability is the function parse_user_name of the component Pluggable authentication module. The manipulation leads to stack-based buffer overflow. This vulnerability is documented as CVE-2020-14871. The attack can be initiated remotely. Additionally, an exploit exists. You should upgrade the affected component.

A vulnerability, which was classified as very critical, was found in Apache log4j up to 2.14.1. Affected by this vulnerability is an unknown functionality of the component JNDI LDAP Server Lookup Handler. Executing manipulation can lead to deserialization. The identification of this vulnerability is CVE-2021-44228. The attack may be launched remotely. Furthermore, there is an exploit available. You should upgrade the affected component.

A vulnerability labeled as critical has been found in Apache Log4j 2.15.0. Affected is an unknown function of the component Incomplete Fix CVE-2021-44228. Such manipulation leads to deserialization. This vulnerability is listed as CVE-2021-45046. The attack may be performed from remote. In addition, an exploit is available. The affected component should be upgraded.

A vulnerability, which was classified as critical, has been found in QNAP QTS up to 3.0.2. The impacted element is an unknown function of the component Helpdesk. The manipulation leads to os command injection. This vulnerability is documented as CVE-2020-2506. The attack can be initiated remotely. Additionally, an exploit exists. It is advisable to upgrade the affected component.

A vulnerability identified as very critical has been detected in Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0/12.2.1.4.0. Impacted is an unknown function of the component Core. Performing manipulation results in Remote Code Execution. This vulnerability is reported as CVE-2020-2883. The attack is possible to be carried out remotely. Moreover, an exploit is present. You should upgrade the affected component.

A vulnerability identified as very critical has been detected in Oracle JDeveloper 12.2.1.3.0/12.2.1.4.0. Impacted is an unknown function of the component ADF Faces. This manipulation causes deserialization. This vulnerability appears as CVE-2022-21445. The attack may be initiated remotely. In addition, an exploit is available. You should upgrade the affected component.

A vulnerability was found in SolarWinds Serv-U. It has been rated as problematic. This impacts an unknown function of the component Login Screen. This manipulation causes improper input validation. This vulnerability is tracked as CVE-2021-35247. The attack is possible to be carried out remotely. Moreover, an exploit is present.

City of Mentor Takes Servers Offline Following Cyberattack

The move by cities to halt their work with Flock follows reports that the company shared data from local partners with federal immigration authorities.

ВМС США обсуждают создание суперкораблей для противостояния Китаю.

The emergence of Pegasus and Predator spyware over the past several years has transformed the landscape of mobile device security. These advanced malware strains—deployed by sophisticated threat actors for surveillance and espionage—have repeatedly demonstrated their ability to exploit zero-click vulnerabilities, leaving high-profile individuals and at-risk communities exposed. Critical forensic analysis has long relied on remnants […]

The post iOS 26 Deletes Pegasus and Predator Spyware Infection Evidence by Overwriting The ‘shutdown.log’ file on Reboot appeared first on Cyber Security News.

Currently trending CVE - Hype Score: 20 - Deserialization of untrusted data in on-premises Microsoft SharePoint Server allows an unauthorized attacker to execute code over a network. Microsoft is aware that an exploit for CVE-2025-53770 exists in the wild. Microsoft is preparing and fully testing a comprehensive update ...

Currently trending CVE - Hype Score: 1 - Improper access control in Windows SMB allows an authorized attacker to elevate privileges over a network.

Kaspersky researchers said Memento Labs appears to be behind both the Operation ForumTroll malware and spyware, known as Dante.

The post Hacking Team successor linked to malware campaign, new ‘Dante’ commercial spyware appeared first on CyberScoop.

via the comic artistry and dry wit of Randall Munroe, creator of XKCD

Permalink

The post Randall Munroe’s XKCD ‘’Window Screen” appeared first on Security Boulevard.

Новая астрономическая установка будет 15 лет изучать эволюцию галактик, черные дыры и темную энергию.

QNAP warned customers to patch a critical ASP.NET Core vulnerability that also impacts the company's NetBak PC Agent, a Windows utility for backing& up data to a QNAP network-attached storage (NAS) device. [...]

New York, New York, USA, October 27th, 2025, CyberNewsWire nsKnox, a leader in payment security, today announced the launch of Adaptive Payment Security, a groundbreaking enhancement to its PaymentKnox platform designed to eliminate B2B payment fraud by providing the fastest possible bank account validation with the flexibility to achieve irrefutable certainty on demand. The platform […]

The post nsKnox Launches Adaptive Payment Security™, Revolutionizing B2B Fraud Prevention by Solving the ‘Impossible Triangle’ of Speed, Certainty, and Effort appeared first on Cyber Security News.

Qilin ransomware activity has surged in late 2025, threatening data leaks via double extortion tactics

A zero-day vulnerability in Google Chrome exploited in Operation ForumTroll earlier this year delivered malware linked to Italian spyware vendor Memento Labs, born after IntheCyber ​​Group acquired the infamous Hacking Team. [...]