Aggregator

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) ordered government agencies to patch their systems within three days against a maximum-severity Dell vulnerability that has been under active exploitation since mid-2024. [...]

A vulnerability identified as critical has been detected in SPIP up to 4.1.19/4.2.16/4.3.5. This affects an unknown function. This manipulation causes improper authentication. This vulnerability is registered as CVE-2025-71242. Remote exploitation of the attack is possible. No exploit is available. You should upgrade the affected component.

Fraud campaign exploiting Indonesia’s Coretax resulted in $1.5m to $2m in losses via malicious apps

Reused passwords, a lack of network segmentation, and poor sanitization processes make the Internet of Things' attack surfaces more dangerous.

依旧是iphone间谍软件的话题。

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Dell RecoverPoint and GitLab flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Dell RecoverPoint and GitLab flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws added to the catalog: The first vulnerability added to the catalog is […]

Депутат Аксаков предложил установить планку возмещения за банковское мошенничество в 1,4 млн рублей.

Security researchers have uncovered six critical denial-of-service vulnerabilities in the Socomec DIRIS M-70 industrial gateway used for power monitoring and energy management in critical infrastructure. The flaws were discovered through an innovative emulation technique that bypassed hardware debugging limitations by focusing on a single thread handling Modbus protocol communications. The M-70 gateway facilitates data communication […]

The post Selective Thread Emulation and Fuzzing Expose DoS Flaws in Socomec DIRIS M-70 IIoT Device appeared first on Cyber Security News.

Infostealer dumps increasingly tie stolen credentials to real identities, linking usernames, cookies, and behavior across personal and enterprise accounts. Specops explains how analyzing 90,000 dumps shows reuse fuels enterprise risk and how continuous AD scanning disrupts that cycle. [...]

A vulnerability categorized as problematic has been discovered in QEMU. The impacted element is an unknown function of the component VMDK Compressed Grain Parsing. The manipulation results in out-of-bounds read. This vulnerability is cataloged as CVE-2026-2243. The attack must originate from the local network. There is no exploit available.

A vulnerability was found in Google TensorFlow. It has been rated as problematic. The affected element is an unknown function of the component HDF5 Library. The manipulation leads to uncontrolled search path. This vulnerability is listed as CVE-2026-2492. The attack must be carried out locally. There is no available exploit.

A vulnerability was found in mlflow. It has been declared as critical. Impacted is an unknown function. Executing a manipulation can lead to use of default password. This vulnerability is tracked as CVE-2026-2635. The attack can be launched remotely. No exploit exists. Applying a patch is advised to resolve this issue.

A vulnerability was found in RustDesk Client on Windows. It has been classified as problematic. This issue affects some unknown processing. Performing a manipulation results in link following. This vulnerability is identified as CVE-2026-2490. The attack is only possible with local access. There is not any exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in PDF-XChange Editor and classified as problematic. This vulnerability affects the function TrackerUpdate. Such manipulation leads to uncontrolled search path. This vulnerability is referenced as CVE-2026-2040. The attack can only be performed from a local environment. No exploit is available.

Simbian announced the launch of the Simbian AI Pentest Agent, a new solution designed to provide enterprises with ongoing, on-demand penetration testing. Simbian’s AI Pentest Agent is the first automated penetration testing solution to incorporate business context, ensuring that findings are focused on each customer’s specific security risks and priorities. Developed in partnership the leading global risk management partner LRQA, the AI agent allows security teams to move beyond manual, point-in-time assessments to validate their … More →

The post Simbian AI Pentest Agent delivers continuous, context-aware penetration testing appeared first on Help Net Security.

A vulnerability has been found in GIMP and classified as critical. This affects an unknown part of the component PGM File Parser. This manipulation causes uninitialized pointer. The identification of this vulnerability is CVE-2026-2044. It is possible to initiate the attack remotely. There is no exploit available. Applying a patch is the recommended action to fix this issue.

A vulnerability, which was classified as critical, was found in GIMP. Affected by this issue is some unknown functionality of the component XWD File Parser. The manipulation results in out-of-bounds write. This vulnerability was named CVE-2026-2045. The attack may be performed from remote. There is no available exploit. It is advisable to implement a patch to correct this issue.

Poland’s military leadership has decided that cars manufactured in the People’s Republic of China will no longer cross the gates of sensitive military bases. The decision follows a risk analysis focused on the growing integration of digital systems in cars and the potential for uncontrolled acquisition and use of data by those systems. The new rules also prohibit connecting official phones to infotainment systems in China-made cars. They also apply to other motor vehicles equipped … More →

The post Poland restricts Chinese-made cars at protected military sites appeared first on Help Net Security.

A spokesperson for the French government said potentially 1.2 million accounts were impacted by the incident.

Dell warns of a critical security hole in its RecoverPoint software exploited by hackers. Learn how to protect your data from the CVE-2026-22769 vulnerability and the new GrimBolt malware.