Aggregator

A vulnerability was found in Totolink X2000R Gh 1.0.0-B20230221.0948.web and classified as critical. This affects the function formIpv6Setup. Executing a manipulation can lead to stack-based buffer overflow. The identification of this vulnerability is CVE-2023-46541. The attack needs to be done within the local network. There is no exploit available.

A vulnerability was found in Beetel 777VR1 up to 01.00.09. It has been classified as problematic. This impacts an unknown function of the component SSH Service. This manipulation causes risky cryptographic algorithm. This vulnerability is tracked as CVE-2026-2618. The attack is possible to be carried out remotely. Moreover, an exploit is present. It is suggested to increase the level of encryption. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in Beetel 777VR1 up to 01.00.09 and classified as critical. This affects an unknown function of the component Telnet Service/SSH Service. The manipulation results in insecure default initialization of resource. This vulnerability is identified as CVE-2026-2617. The attack can only be performed from the local network. Additionally, an exploit exists. Applying restrictive firewalling is recommended. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability has been found in Beetel 777VR1 up to 01.00.09 and classified as critical. The impacted element is an unknown function of the component Web Management Interface. The manipulation leads to hard-coded credentials. This vulnerability is referenced as CVE-2026-2616. The attack needs to be initiated within the local network. Furthermore, an exploit is available. It is advisable to modify the configuration settings. The vendor was contacted early about this disclosure but did not respond in any way.

В исследовании вы узнаете, почему инструменты веб-защиты централизуются в комплексные платформы WAAP.

Boston, Massachusetts, 17th February 2026, CyberNewswire

Submit #751633 / VDB-346268

Submit #751568 / VDB-346267

Submit #751436 / VDB-346267

Submit #751314 / VDB-346266

Steinberger to Lead AI Giant's Multi-Agent Development Team
Peter Steinberger is joining OpenAI to lead development of personal agents, culminating weeks of viral attention paid to his OpenClaw open-source artificial intelligence assistant project. Security experts dubbed it a "dumpster fire" after hackers were quick to add malicious functions.

New HHS Enforcement Program Focuses on Patient Confidentiality, Aligning With HIPAA
The U.S. Department of Health and Human Services has launched a new breach reporting website and guidance materials to support its duties of enforcing compliance mandates that went into effect Monday to better align the confidentiality of substance use disorder records with the HIPAA privacy rule.

'Malicious Server Threat Model' Threatens 'Zero Knowledge Encryption' Guarantees
Claims by leading stand-alone password managers that their implementation of "zero knowledge encryption" means stored passwords can withstand the worst of hacker assaults are vastly overblown, say academic security researchers. They said vendors are in the process of patching the flaws they found.

CASL Abilityにはプロトタイプ汚染の脆弱性が存在します。

A vulnerability, which was classified as critical, was found in Wavlink WL-NU516U1 up to 20251208. The affected element is the function singlePortForwardDelete of the file /cgi-bin/firewall.cgi. Executing a manipulation of the argument del_flag can lead to command injection. The identification of this vulnerability is CVE-2026-2615. The attack may be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

Submit #751047 / VDB-346265

A vulnerability, which was classified as problematic, has been found in Frontend File Manager Plugin up to 23.5 on WordPress. Impacted is an unknown function of the component Uploaded File Handler. Performing a manipulation results in missing authorization. This vulnerability was named CVE-2026-0829. The attack may be initiated remotely. There is no available exploit.

Apple on Monday released a new developer beta of iOS and iPadOS with support for end-to-end encryption (E2EE) in Rich Communications Services (RCS) messages. The feature is currently available for testing in iOS and iPadOS 26.4 Beta, and is expected to be shipped to customers in a future update for iOS, iPadOS, macOS, and watchOS. "End-to-end encryption is in beta and is not available for all

Брутфорс сертификатов превратился в пятилетний срок.

Quantum computing is often treated as a distant, theoretical cybersecurity issue. According to Ronit Ghose, Global Head, Future of Finance of Citi Institute, that mindset is already putting financial institutions at risk. The biggest misconception, he says, is that quantum threats begin on a single future Q-day, when quantum machines suddenly crack encryption. In reality, adversaries can harvest encrypted data today and decrypt it later, creating long-term exposure for banks handling sensitive identity and transaction … More →

The post Your encrypted data is already being stolen appeared first on Help Net Security.