Aggregator

Record-breaking 31.4 Tbps DDoS attack hits in November 2025, stopped by Cloudflare

Security Affairs
2 months ago
AISURU/Kimwolf botnet hit a record 31.4 Tbps DDoS attack lasting 35 seconds in Nov 2025, which Cloudflare automatically detected and blocked. The AISURU/Kimwolf botnet was linked to a record-breaking DDoS attack that peaked at 31.4 Tbps and lasted just 35 seconds. Cloudflare said the November 2025 incident was part of a surge in hyper-volumetric HTTP […]
Pierluigi Paganini

微软用 Rust 开发新安全操作系统 LiteBox

Solidot
2 months ago
内核开发者、微软 Linux 新兴技术团队负责人 James Morris 宣布了使用 Rust 语言开发的新操作系统项目 LiteBox。项目托管在 GitHub 上,采用 MIT 许可证。LiteBox 设计作为一个安全内核运行,通过虚拟化硬件保护客户机内核,它通过大幅减少与主机的接口缩小攻击面。它可被用于在 Windows 上运行未修改的 Linux 程序;在 Linux 上沙盒化 Linux 应用;运行在 Linux Virtualization Based Security“LVBS”之上;等等。LiteBox 目前在活跃开发之中,还没有发布稳定版本。

CVE-2026-2122 | Xiaopi Panel up to 20260126 WAF Firewall /demo.php ID sql injection

VulDB Recent Entries
2 months ago
A vulnerability classified as critical was found in Xiaopi Panel up to 20260126. This impacts an unknown function of the file /demo.php of the component WAF Firewall. The manipulation of the argument ID results in sql injection. This vulnerability is cataloged as CVE-2026-2122. The attack may be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

China-Linked DKnife AitM Framework Targets Routers for Traffic Hijacking, Malware Delivery

The Hackers News
2 months ago
Cybersecurity researchers have taken the wraps off a gateway-monitoring and adversary-in-the-middle (AitM) framework dubbed DKnife that's operated by China-nexus threat actors since at least 2019. The framework comprises seven Linux-based implants that are designed to perform deep packet inspection, manipulate traffic, and deliver malware via routers and edge devices. Its primary targets seem to
The Hacker News

State-backed phishing attacks targeting military officials and journalists on Signal

Help Net Security
2 months ago

German security authorities are warning that a likely state-backed hacking group is engaged in attempts at phishing senior political figures, military officials, diplomats, and investigative journalists across Germany and Europe via Signal. The authorities also noted that while these attacks are likely perpetrated by a state-controlled cyber actor, there’s nothing stopping non-state actors and financially motivated cybercriminals from using the same approach. The two approaches The attackers are approaching targets directly inside the messaging app … More →

The post State-backed phishing attacks targeting military officials and journalists on Signal appeared first on Help Net Security.

Zeljka Zorz

CVE-2026-2120 | D-Link DIR-823X 250416 Configuration Parameter set_server_settings terminal_addr/server_ip/server_port os command injection

VulDB Recent Entries
2 months ago
A vulnerability classified as critical has been found in D-Link DIR-823X 250416. This affects an unknown function of the file /goform/set_server_settings of the component Configuration Parameter Handler. The manipulation of the argument terminal_addr/server_ip/server_port leads to os command injection. This vulnerability is listed as CVE-2026-2120. The attack may be initiated remotely. In addition, an exploit is available.
vuldb.com

CVE-2026-2118 | UTT HiPER 810 1.7.4-141218 rehttpd formReleaseConnect sub_4407D4 Isp_Name command injection

VulDB Recent Entries
2 months ago
A vulnerability described as critical has been identified in UTT HiPER 810 1.7.4-141218. The impacted element is the function sub_4407D4 of the file /goform/formReleaseConnect of the component rehttpd. Executing a manipulation of the argument Isp_Name can lead to command injection. This vulnerability is tracked as CVE-2026-2118. The attack can be launched remotely. Moreover, an exploit is present.
vuldb.com

Generaal Eichelsheim bespreekt hectische situatie in de wereld

Defensie.nl - Nieuwsberichten
2 months ago
In het werk van Commandant der Strijdkrachten (CDS) generaal Onno Eichelsheim is absoluut geen sprake van rustig vaarwater. Grote thema’s als Groenland en Oekraïne houden de hoogste militair van ons land volop bezig. Daarnaast zijn er onderwerpen die hem persoonlijk raken, zoals de recente uitspraken van de Amerikaanse president Donald Trump over ‘achterblijvende’ NAVO-troepen in Afghanistan.

CISA Orders Removal of Unsupported Active Network Edge Devices to Reduce Security Risks

Cyber Security News
2 months ago

CISA has issued Binding Operational Directive (BOD) 26-02, ordering Federal Civilian Executive Branch (FCEB) agencies to eliminate “end of support” (EOS) edge devices from their networks. This directive, developed in coordination with the Office of Management and Budget (OMB), addresses the significant security risks posed by unsupported hardware that resides on network boundaries, such as […]

The post CISA Orders Removal of Unsupported Active Network Edge Devices to Reduce Security Risks appeared first on Cyber Security News.

Guru Baran

CVE-2026-2117 | itsourcecode Society Management System 1.0 /admin/edit_activity.php activity_id sql injection

VulDB Recent Entries
2 months ago
A vulnerability marked as critical has been reported in itsourcecode Society Management System 1.0. The affected element is an unknown function of the file /admin/edit_activity.php. Performing a manipulation of the argument activity_id results in sql injection. This vulnerability is identified as CVE-2026-2117. The attack can be initiated remotely. Additionally, an exploit exists.
vuldb.com

CVE-2026-2116 | itsourcecode Society Management System 1.0 /admin/edit_expenses.php expenses_id sql injection

VulDB Recent Entries
2 months ago
A vulnerability labeled as critical has been found in itsourcecode Society Management System 1.0. Impacted is an unknown function of the file /admin/edit_expenses.php. Such manipulation of the argument expenses_id leads to sql injection. This vulnerability is referenced as CVE-2026-2116. It is possible to launch the attack remotely. Furthermore, an exploit is available.
vuldb.com

CVE-2026-2115 | itsourcecode Society Management System 1.0 delete_expenses.php expenses_id sql injection

VulDB Recent Entries
2 months ago
A vulnerability identified as critical has been detected in itsourcecode Society Management System 1.0. This issue affects some unknown processing of the file /admin/delete_expenses.php. This manipulation of the argument expenses_id causes sql injection. The identification of this vulnerability is CVE-2026-2115. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.
vuldb.com

CVE-2026-2114 | itsourcecode Society Management System 1.0 /admin/edit_admin.php admin_id sql injection

VulDB Recent Entries
2 months ago
A vulnerability categorized as critical has been discovered in itsourcecode Society Management System 1.0. This vulnerability affects unknown code of the file /admin/edit_admin.php. The manipulation of the argument admin_id results in sql injection. This vulnerability was named CVE-2026-2114. The attack may be performed from remote. In addition, an exploit is available.
vuldb.com

CVE-2026-2113 | yuan1994 tpadmin up to 1.3.12 WebUploader preview.php deserialization

VulDB Recent Entries
2 months ago
A vulnerability was found in yuan1994 tpadmin up to 1.3.12. It has been rated as critical. This affects an unknown part in the library /public/static/admin/lib/webuploader/0.1.5/server/preview.php of the component WebUploader. The manipulation leads to deserialization. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is uniquely identified as CVE-2026-2113. The attack is possible to be carried out remotely. Moreover, an exploit is present.
vuldb.com

Managed ad