Aggregator

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 4.19.170/5.4.92/5.10.10. The impacted element is the function peak_usb_netif_rx_ni. Performing a manipulation results in use after free. This vulnerability is known as CVE-2021-47670. Access to the local network is required for this attack. No exploit is available. It is advisable to upgrade the affected component.

A vulnerability identified as critical has been detected in Linux Kernel up to 4.14.217/4.19.170/5.4.92/5.10.10. This issue affects the function netif_rx_ni of the component vxcan. The manipulation leads to use after free. This vulnerability is listed as CVE-2021-47669. The attack must be carried out from within the local network. There is no available exploit. You should upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 5.9.8 and classified as critical. This impacts the function can_get_echo_skb of the file net/core/skbuff.c. The manipulation leads to improper update of reference count. This vulnerability is uniquely identified as CVE-2020-36789. The attack can only be initiated within the local network. No exploit exists. The affected component should be upgraded.

A vulnerability was found in Linux Kernel up to 6.6.58/6.11.5. It has been declared as problematic. The impacted element is the function vmxnet3_xdp_xmit_frame of the component vmxnet3. The manipulation results in out-of-bounds write. This vulnerability is reported as CVE-2024-58099. The attacker must have access to the local network to execute the attack. No exploit exists. It is recommended to upgrade the affected component.

A dangerous new version of LockBit ransomware has emerged, targeting multiple operating systems and threatening businesses worldwide. LockBit 5.0, released in September 2025, represents a major upgrade to one of the most active ransomware families in recent years. This version supports Windows, Linux, and ESXi platforms, making it a versatile threat capable of attacking diverse […]

The post LockBit’s New 5.0 Version Attacking Windows, Linux and ESXi Systems appeared first on Cyber Security News.

Palo Alto Networks has finalized its acquisition of CyberArk, a leading identity security firm, in a landmark $25 billion deal. This completion, announced on February 11, 2026, positions identity security as a foundational element of the company’s platform strategy amid rising AI-driven threats. The deal addresses the escalating role of identities in cyberattacks, where machine […]

The post Palo Alto Networks Completed Acquisition of Identity Security Firm CyberArk appeared first on Cyber Security News.

Эра накопления системных долгов медленно подходит к концу.

Currently trending CVE - Hype Score: 3 - The PPOM – Product Addons & Custom Fields for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the image cropper functionality in all versions up to, and including, 33.0.15. This makes it possible for unauthenticated ...

Currently trending CVE - Hype Score: 12 - A vulnerability, which was classified as problematic, has been found in FastAdmin up to 1.3.3.20220121. Affected by this issue is some unknown functionality of the file /index/ajax/lang. The manipulation of the argument lang leads to path traversal. The attack may be launched ...

A vulnerability was found in Apple macOS up to 26.0. It has been rated as critical. Affected by this issue is some unknown functionality. Performing a manipulation results in memory corruption. This vulnerability is known as CVE-2025-43402. Attacking locally is a requirement. No exploit is available. Upgrading the affected component is advised.

A vulnerability was found in Linux Kernel up to 6.1.159/6.6.119/6.12.63/6.18.3/6.19-rc3. It has been rated as critical. This issue affects the function smc_special_trylock of the file smc91x.c. Performing a manipulation results in privilege escalation. This vulnerability was named CVE-2025-71132. The attack needs to be approached within the local network. There is no available exploit. Upgrading the affected component is advised.

A vulnerability classified as critical has been found in Linux Kernel up to 6.1.159/6.6.119/6.12.63/6.18.3/6.19-rc3. This issue affects the function eb_lookup_vmas. The manipulation leads to improper initialization. This vulnerability is documented as CVE-2025-71130. The attack requires being on the local network. There is not any exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Linux Kernel up to 6.1.159/6.6.119/6.12.63/6.18.2. Affected by this issue is some unknown functionality of the component parisc. Performing a manipulation results in denial of service. This vulnerability is reported as CVE-2025-71121. The attacker must have access to the local network to execute the attack. No exploit exists. It is recommended to upgrade the affected component.

2026马年春晚：机器人霸屏，人类的“护城河”还剩多少？

This week’s recap shows how small gaps are turning into big entry points. Not always through new exploits, often through tools, add-ons, cloud setups, or workflows that people already trust and rarely question. Another signal: attackers are mixing old and new methods. Legacy botnet tactics, modern cloud abuse, AI assistance, and supply-chain exposure are being used side by side, whichever path

Внутренние документы подтвердили разработку функции «Именная метка» на базе ИИ.

知名科技媒体 Ars Technica 上周在报道 AI 新闻时被发现将 AI 生成的内容作为消息来源使用，Ars 联合创始人兼主编 Ken Fisher 周日发表声明公开道歉，称他们检查了最近发表的一系列文章，没有发现其它文章含有 AI 生成内容，目前看来这应该是一次孤立事件。这篇报道的合作者 Benj Edwards 是 Ars 的资深 AI 记者，他解释说尝试使用基于 Claude Code 的实验性 AI 工具从原始材料中提取出可添加到大纲的结构化引用内容，但该 AI 拒绝处理，他猜测可能是文章描述的是一起骚扰事件（AI 骚扰人类），他于是将文本拷贝到 ChatGPT，没有注意到 ChatGPT 生成了文章作者的意译版本而不是原话，在引用时没有核实引用是否与原文一致。AI 记者因 AI 幻觉犯错，这件事太有讽刺性了。

从实际体验、架构解析，再到 Prompt 工程，全面剖析火爆全球的个人AI助手OpenClaw。

ZeroDayRAT is a new mobile spyware platform sold openly through Telegram, with activity first observed on February 2, 2026. It targets Android (5–16) and iOS (up to 26), giving attackers one cross-platform tool. From a browser-based control panel, an operator can monitor and control an infected phone. The panel supports GPS tracking, notification capture, SMS […]

The post New ZeroDayRAT Attacking Android and iOS For Real-Time Surveillance and Data Theft appeared first on Cyber Security News.