Aggregator

A vulnerability was found in ChurchCRM up to 6.7.1 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Create Events. Such manipulation of the argument Description leads to cross site scripting. This vulnerability is listed as CVE-2026-24855. The attack may be performed from remote. There is no available exploit. It is suggested to upgrade the affected component.

A vulnerability has been found in NaturalIntelligence fast-xml-parser up to 5.3.3 and classified as problematic. Affected is an unknown function. This manipulation causes denial of service. This vulnerability is tracked as CVE-2026-25128. The attack is possible to be carried out remotely. No exploit exists. The affected component should be upgraded.

A vulnerability, which was classified as problematic, was found in vendurehq vendure up to 3.5.2. This impacts the function NativeAuthenticationStrategy.authenticate of the file packages/core/src/config/auth/native-authentication-strategy.ts. The manipulation results in exposure of sensitive information through data queries. This vulnerability is identified as CVE-2026-25050. The attack can be executed remotely. There is not any exploit available. You should upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Silabs Zigbee Stack up to 4.4.6/2025.6.1. This affects an unknown function. The manipulation leads to improper handling of values. This vulnerability is referenced as CVE-2025-7964. Remote exploitation of the attack is possible. No exploit is available.

A vulnerability classified as critical was found in ChurchCRM up to 6.7.1. The impacted element is an unknown function of the file /PaddleNumEditor.php. Executing a manipulation of the argument PerID can lead to sql injection. The identification of this vulnerability is CVE-2026-24854. The attack may be launched remotely. There is no exploit available. Upgrading the affected component is advised.

想象一下，你打开一个飞机跟踪网站，本来想看看实时航班，突然发现一架标着美国“空军一号”的飞机，在美国佛罗里达的

Submit #742421 / VDB-343510

Week 05 maintained a high operational tempo across the cybersecurity landscape, with defenders balancing routine hardening and monitoring activities against […]

The post Weekly Threat Landscape Digest – Week 5 appeared first on HawkEye.

Ученые собрали структуру, которая тикает сама по себе, нарушая привычные законы.

CrowdStrike assessed that two new threat actor groups have spun off from North Korean Labyrinth Chollima hackers

这份文件是由台湾太空产业发展协会（TSIDA）与台湾太空中心（TASA）共同发布，是一份2025年度会员厂商目录与产业能力报告。

美国国家海洋和大气管理局启动一项水文测绘项目，旨在对美属萨摩亚近海超过 30,000 平方海里的联邦水域进行测绘与特征分析。该项目是美商务部落实《释放美国近海关键矿产与资源》行政令（第 14285 号）所制定的《美国近海关键矿产测绘计划》的重要组成部分。

The actions impaired some of IPIDEA’s proxy infrastructure, but not all of it. The effort underscores the back-and-forth struggle of taking out pieces of cybercriminals’ vast and growing infrastructure.

The post Google’s disruption rips millions out of devices out of malicious network appeared first on CyberScoop.

A new wave of targeted attacks has emerged against Internet Information Services (IIS) servers across Asia, with threat actors deploying sophisticated malware designed to compromise vulnerable systems. The campaign, active from late 2025 through early 2026, focuses primarily on victims in Thailand and Vietnam, marking a strategic shift toward region-specific operations. The attackers exploit unpatched […]

The post UAT-8099 Targets Vulnerable IIS Servers Using Web Shells, PowerShell, and Region-Customized BadIIS appeared first on Cyber Security News.

Another day, another Android malware campaign targeting unsuspecting users worldwide by masquerading as popular apps.

The trends from January offer useful clues about the risks and priorities that security teams are likely to contend with throughout the year

A significant security discovery reveals that approximately 175,000 Ollama servers remain publicly accessible across the internet, creating a serious risk for widespread code execution and unauthorized access to external systems. Ollama, an open-source framework designed to run artificial intelligence models locally, has become unexpectedly exposed due to simple configuration changes that administrators make without fully […]

The post 175,000 Exposed Ollama Hosts Enable Code Execution and External System Access appeared first on Cyber Security News.

Доверие, которое копили месяцами, исчезло за секунды из-за одной галочки.

根据发表在《Scientific Reports》期刊上的一项研究，虽然海冰面积减少但挪威 Svalbard 群岛上的北极熊却更胖更健康。北极熊以海冰为平台捕猎海豹，海豹是其获取富含脂肪食物的主要来源。脂肪储备提供了能量和保暖，让母熊能分泌乳汁哺育幼崽。研究人员分析了 1992-2019 年间 Svalbard 群岛捕获的 770 只成年北极熊的身体状况，发现它们明显变胖了。研究人员认为群岛上的北极熊通过捕食更多驯鹿和海象在内的陆地猎物去适应海冰面积的减少。研究期间全球气温上升使该地区每年的无冰天数增加了近 100 天——平均每年增加约 4 天。研究人员认为这种情况不太可能长期持续下去，随着海冰持续减少，北极熊将不得不跋涉更远的距离抵达猎场，它们将会消耗掉更多宝贵的脂肪储备。

Microsoft has fixed a known issue that prevented Microsoft 365 customers from opening encrypted emails in classic Outlook after a recent update. [...]