Aggregator

A vulnerability classified as critical has been found in iJason-Liu Books_Manager up to 298ba736387ca37810466349af13a0fdf828e99c. This vulnerability affects unknown code of the file controllers/books_center/upload_bookCover.php. Performing a manipulation of the argument book_cover results in unrestricted upload. This vulnerability was named CVE-2026-1445. The attack may be initiated remotely. In addition, an exploit is available. This product uses a rolling release model to deliver continuous updates. As a result, specific version information for affected or updated releases is not available.

Okta misconfigurations can quietly weaken identity security as SaaS environments evolve. Nudge Security shows six Okta security settings teams often overlook and how to fix them. [...]

Fortra researchers have discovered a new SEO poisoning operation known as “HaxorSEO”

A vulnerability described as problematic has been identified in iJason-Liu Books_Manager up to 298ba736387ca37810466349af13a0fdf828e99c. This affects an unknown part of the file controllers/books_center/add_book_check.php. Such manipulation of the argument mark leads to cross site scripting. This vulnerability is uniquely identified as CVE-2026-1444. The attack can be launched remotely. Moreover, an exploit is present. This product does not use versioning. This is why information about affected and unaffected releases are unavailable.

A critical authentication bypass vulnerability in the telnetd component of GNU Inetutils has exposed approximately 800,000 internet-accessible Telnet instances to unauthenticated remote code execution (RCE). Tracked as CVE-2026-24061 with a CVSS score of 9.8, the flaw allows attackers to gain root-level access without valid credentials, posing a severe risk to exposed infrastructure worldwide. Vulnerability Details […]

The post 800K+ Telnet Servers Exposed to RCE Attacks – PoC Released appeared first on Cyber Security News.

Submit #736971 / VDB-342874

Police seized devices and cryptocurrency in multiple raids aimed at an alleged assassins-for-hire platform, Romanian authorities said.

The European Commission has opened a new formal investigation into X under the Digital Services Act over risks linked to the deployment of its AI tool Grok in the EU. Regulators are examining whether X properly assessed and mitigated risks tied to the spread of illegal content following Grok’s introduction on the platform. The content under scrutiny includes manipulated sexually explicit images and material that may amount to child sexual abuse content. The Commission states … More →

The post EU opens new investigation into Grok on X appeared first on Help Net Security.

Специалисты восстановили форматы BIOS по «отпечаткам пальцев» и открытым данным.

Submit #736968 / VDB-342873

The curl project ended its bug bounty program in January 2026 because it received too many low-quality and useless bug reports. The decision reflects growing frustration within the open-source security community regarding the unintended consequences of financial incentive structures on vulnerability disclosure practices. The program, which was designed to encourage responsible vulnerability disclosure, paradoxically generated […]

The post Curl to End Bug Bounty Following Low-Quality AI-Generated Vulnerability Reports appeared first on Cyber Security News.

72 岁的 RMS（Richard Stallman）在佐治亚理工学院演讲时谈及了 DRM 并回答了观众有关盗版的问题。RMS 说，他鄙视 DRM，不想拥有任何包含 DRM 的东西的拷贝，不会为了任何东西而屈服于 DRM，所以他不使用 Spotify 或 Netflix。对于观众提出的是否有道德义务避免盗版的问题，RMS 表示他不会用盗版这个词去指代分享，分享是善行，应该是合法的。版权法是错误的，事实上是非正义的。他会毫不犹豫的分享任何东西，但因为鄙视 DRM 他没有任何非自由软件的副本。仅仅因为一项法律赋予某些人不公正的权力，并不意味着违反这项法律是错误的，“禁止人们互相帮助，分裂他们，这是卑鄙的。”他表示自己是通过他人的分享观看电影的。

A vulnerability marked as critical has been reported in code-projects Online Music Site 1.0. Affected by this issue is some unknown functionality of the file /Administrator/PHP/AdminDeleteUser.php. This manipulation of the argument ID causes sql injection. This vulnerability is handled as CVE-2026-1443. The attack can be initiated remotely. Additionally, an exploit exists.

A vulnerability labeled as critical has been found in Dassault Systèmes SOLIDWORKS eDrawings 2025/2026. Affected by this vulnerability is an unknown functionality of the component EPRT File Parser. The manipulation results in out-of-bounds write. This vulnerability is known as CVE-2026-1284. It is possible to launch the attack remotely. No exploit is available.

A vulnerability identified as critical has been detected in Dassault Systèmes SOLIDWORKS eDrawings 2025/2026. Affected is an unknown function of the component EPRT File Parser. The manipulation leads to heap-based buffer overflow. This vulnerability is traded as CVE-2026-1283. It is possible to initiate the attack remotely. There is no exploit available.

Submit #736967 / VDB-342872

Upwind has raised $250 million in Series B funding, bringing its total funding to $430 million. The round was led by Bessemer Venture Partners, with participation from Salesforce Ventures and Picture Capital. Existing investors include Greylock, Cyberstarts, Leaders Fund, Craft Ventures, TCV, Alta Park, Cerca Partners, Swish Ventures and Penny Jar Capital. The Series B marks the beginning of what Upwind calls “The Next Wave,” its next phase of growth focused on scaling runtime-first cloud … More →

The post Upwind secures $250 million to expand runtime-first cloud security for AI workloads appeared first on Help Net Security.

Zr.Ms. Schiedam heeft vandaag de marinehaven van Den Helder verlaten om deel te nemen aan de Standing NATO Mine Countermeasures Group 1 (SNMCMG1). Dit NAVO-vlootverband zet zich in om zeegebieden te ontdoen van zeemijnen, vliegtuigbommen en andere explosieven. Ook beschermt de vloot de onderzeese infrastructuur.

Skill（技能）作为AI Agent的核心组成单元，是智能体实现特定功能的原子能力，例如文件读写、API调用、数据库操作等。然而，Skill技术的开放性与交互性也使其成为安全风险的集中爆发点——恶意Skill可能窃取敏感数据、执行恶意代码，合法Skill的滥用则可能引发权限越界、数据泄露等问题。

Новый Global 8000 получил разрешение летать по всему миру.