Aggregator

A vulnerability was found in GNOME Glib and classified as critical. This affects an unknown part of the component Unicode Case Conversion. Such manipulation leads to out-of-bounds write. This vulnerability is traded as CVE-2026-1489. The attack may be launched remotely. There is no exploit available.

LevelBlue calls the move “all upside” for MDR customers, stressing that “nothing’s going to change.”

The post LevelBlue scoops up Alert Logic’s managed services from Fortra appeared first on CyberScoop.

A vulnerability has been found in Red Hat Keycloak and classified as problematic. Affected by this issue is some unknown functionality of the component org.keycloak.services.resources.admin. This manipulation causes information disclosure. This vulnerability appears as CVE-2025-13881. The attack may be initiated remotely. There is no available exploit.

A vulnerability, which was classified as problematic, was found in GNOME Glib. Affected by this vulnerability is an unknown functionality of the component Treemagic File Handler. The manipulation results in out-of-bounds read. This vulnerability is reported as CVE-2026-1485. The attack can be launched remotely. No exploit exists.

A vulnerability, which was classified as problematic, has been found in askbot up to 0.12.2. Affected is an unknown function of the component Profile Picture Handler. The manipulation leads to authorization bypass. This vulnerability is documented as CVE-2026-1213. The attack can be initiated remotely. There is not any exploit available. It is suggested to install a patch to address this issue.

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Microsoft Office, GNU InetUtils, SmarterTools SmarterMail, and Linux Kernel flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Microsoft Office, GNU InetUtils, SmarterTools SmarterMail, and Linux Kernel flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws added to the catalog: […]

A vulnerability classified as critical was found in GNOME GLib. This impacts an unknown function of the component Base64 Encoding Handler. Executing a manipulation can lead to out-of-bounds write. This vulnerability is registered as CVE-2026-1484. It is possible to launch the attack remotely. No exploit is available.

A vulnerability classified as critical has been found in n8n up to 1.123.16/2.4.4/2.5.0. This affects an unknown function of the component Workflow Expression Evaluation System. Performing a manipulation results in improper neutralization of directives in dynamically evaluated code. This vulnerability is cataloged as CVE-2026-1470. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A malware delivery campaign detailed by Blackpoint researchers employs an impressive array of tricks to deliver an infostealer to employees without triggering enterprise defenses or close examination by security researchers. The attackers aim to get the Amatera Stealer installed on target Windows computers by using fake human verification pages – i.e., CAPTCHA pages – to trick users into manually pasting and executing a command via the Run dialog. And here is where things get interesting. … More →

The post Attackers use Windows App-V scripts to slip infostealer past enterprise defenses appeared first on Help Net Security.

AI agents are booking travel at scale. Learn how to enable agentic commerce, stop agent hijacking and loyalty fraud, and protect your revenue.

The post AI Agents Are Booking Travel: How Businesses Can Enable Revenue & Minimize Risk appeared first on Security Boulevard.

Tenable announced general availability of Tenable One AI Exposure. With this release, the Tenable One Exposure Management Platform unifies AI protection, discovery and usage governance across the enterprise, including SaaS platforms, cloud services, APIs and agents. AI is deeply embedded and interconnected throughout organizations, creating the “AI Exposure Gap,” a largely invisible form of exposure that emerges across applications, infrastructure, identities, agents and data, and that most security teams are not equipped to manage. Many … More →

The post Tenable One AI Exposure delivers unified visibility and governance across AI, cloud and SaaS appeared first on Help Net Security.

Зачем изобретать «велосипед», если его можно украсть? Краткая история северокорейского «импортозамещения».

记一次Java项目分析思路

Cybersecurity researchers have disclosed details of a new campaign that combines ClickFix-style fake CAPTCHAs with a signed Microsoft Application Virtualization (App-V) script to distribute an information stealer called Amatera. "Instead of launching PowerShell directly, the attacker uses this script to control how execution begins and to avoid more common, easily recognized execution paths,"

MEDUSA, an AI-first Static Application Security Testing (SAST) tool boasting 74 specialized scanners and over 180 AI agent security rules. This open-source CLI scanner targets modern development challenges like false positives and multi-language coverage. MEDUSA consolidates security scanning across 42+ languages and file types, including Python, JavaScript, Go, Rust, Java, Dockerfiles, Terraform, and Kubernetes manifests. […]

The post MEDUSA Security Testing Tool With 74 Scanners and 180+ AI Agent Security Rules appeared first on Cyber Security News.

Полная инструкция по настройке разрешений, защите от RAT-троянов и выбору шторки для веб-камеры.

复现了PoisonedRAG，顺便把整个攻击链和检测机制拆了一遍，记录一下

«Взрослеть в интернете» теперь придётся гораздо дольше.

Nonprofit security organization Shadowserver has found over 6,000 SmarterMail servers exposed online and likely vulnerable to attacks exploiting a critical authentication bypass vulnerability. [...]