Aggregator

Attackers exploit BeyondTrust CVE-2026-1731 within hours of PoC release

Security Affairs
1 month 3 weeks ago
Attackers quickly targeted BeyondTrust flaw CVE-2026-1731 after a PoC was released, enabling unauthenticated remote code execution. Threat actors rapidly began exploiting a newly patched BeyondTrust vulnerability, tracked as CVE-2026-1731 (CVSS score of 9.9), soon after a proof-of-concept exploit became public. This week BeyondTrust released security updates to address the critical flaw in its Remote Support […]
Pierluigi Paganini

Turning IBM QRadar Alerts into Action with Criminal IP

Bleeping Computer.
1 month 3 weeks ago
Criminal IP now integrates with IBM QRadar SIEM and SOAR to bring external IP-based threat intelligence directly into detection and response workflows. See how risk scoring and automated enrichment help SOC teams prioritize high-risk IPs and accelerate investigations without leaving QRadar. [...]
Sponsored by Criminal IP

中国成功测试可重复使用的新型火箭

Solidot
1 month 3 weeks ago
中国载人航天办公室宣布于 2 月 11 日成功完成了长征十号运载火箭系统低空演示验证与梦舟载人飞船系统最大动压逃逸飞行试验,其中火箭第一级在分离之后重新点燃助推器,减速缓慢降落在停留的回收驳船附近,第一级于 2 月 13 日成功回收,这是中国首次在海上实施运载火箭搜索回收任务,朝着火箭可重复使用迈出了重要一步。长征十号运载火箭主要用于载人月球探测任务,此次测试的是其缩小版,梦舟飞船则将取代目前使用的神舟飞船。长征十号第一级以及梦舟都设计可重复使用多次。

科学家警告地球接近气候临界点

Solidot
1 month 3 weeks ago
科学家警告地球正接近气候变化的临界点,越过临界点可能会导致全球暖化失控,无法遏制,世界将陷入地狱般的温室地球气候,将与过去 1.1 万年人类文明经历的温和气候截然不同。最近几年地球气温只上升了 1.3 摄氏度,但极端天气已经在全球范围内夺走大量生命和摧毁无数人的生计。如果气温上升的幅度达到 3-4 摄氏度,那么经济和社会将无法像我们所熟知的那样运转。科学家表示,何时触发临界点难以预测,但最重要是采取预防措施,大幅削减化石燃料的消耗。

CVE-2026-23111 | Linux Kernel up to 5.15.199/6.1.162/6.6.123/6.12.69/6.18.9 nf_tables nft_map_catchall_activate reference count (Nessus ID 299034)

VulDB Recent Entries
1 month 3 weeks ago
A vulnerability, which was classified as critical, was found in Linux Kernel up to 5.15.199/6.1.162/6.6.123/6.12.69/6.18.9. Impacted is the function nft_map_catchall_activate of the component nf_tables. The manipulation results in improper update of reference count. This vulnerability is known as CVE-2026-23111. Access to the local network is required for this attack. No exploit is available. You should upgrade the affected component.
vuldb.com

CVE-2026-23112 | Linux Kernel up to 6.18.9 nvmet-tcp nvmet_tcp_build_pdu_iovec memory corruption

VulDB Recent Entries
1 month 3 weeks ago
A vulnerability, which was classified as critical, has been found in Linux Kernel up to 6.18.9. This issue affects the function nvmet_tcp_build_pdu_iovec of the component nvmet-tcp. The manipulation leads to memory corruption. This vulnerability is traded as CVE-2026-23112. Access to the local network is required for this attack to succeed. There is no exploit available. It is advisable to upgrade the affected component.
vuldb.com

CVE-2026-1618 | Universal Software FlexCity/Kiosk up to 1.0.35 authentication bypass

VulDB Recent Entries
1 month 3 weeks ago
A vulnerability classified as critical has been found in Universal Software FlexCity and Kiosk up to 1.0.35. This affects an unknown part. Performing a manipulation results in authentication bypass using alternate channel. This vulnerability is reported as CVE-2026-1618. The attack is possible to be carried out remotely. No exploit exists. It is recommended to upgrade the affected component.
vuldb.com

CVE-2025-14349 | Universal Software FlexCity/Kiosk up to 1.0.35 privilege defined with unsafe actions

VulDB Recent Entries
1 month 3 weeks ago
A vulnerability described as very critical has been identified in Universal Software FlexCity and Kiosk up to 1.0.35. Affected by this issue is some unknown functionality. Such manipulation leads to privilege defined with unsafe actions. This vulnerability is documented as CVE-2025-14349. The attack can be executed remotely. There is not any exploit available. Upgrading the affected component is recommended.
vuldb.com

Chrome Extensions Infected 500K Users to Hijack VKontakte Accounts

Cyber Security News
1 month 3 weeks ago

Over half a million VKontakte users have fallen victim to a sophisticated malware campaign that silently hijacks accounts through seemingly harmless Chrome extensions. The malicious extensions, disguised as VK customization tools, automatically subscribe users to attacker-controlled groups, reset account settings every 30 days, and manipulate security tokens to maintain persistent control. What appeared as simple […]

The post Chrome Extensions Infected 500K Users to Hijack VKontakte Accounts appeared first on Cyber Security News.

Tushar Subhra Dutta

New ClickFix Attack Wave Targeting Windows Systems to Deploy StealC Stealer

Cyber Security News
1 month 3 weeks ago

A sophisticated social engineering campaign is targeting Windows users through fake CAPTCHA verification pages to deliver the StealC information stealer malware. The attack begins when victims visit compromised websites that display fraudulent Cloudflare security checks, tricking them into executing malicious PowerShell commands. This campaign represents a dangerous evolution in cybercrime tactics, combining psychological manipulation with […]

The post New ClickFix Attack Wave Targeting Windows Systems to Deploy StealC Stealer appeared first on Cyber Security News.

Tushar Subhra Dutta

Managed ad