Aggregator

Пока мировые шедевры под надёжной охраной, системы переживают свой худший кошмар.

A vulnerability classified as critical has been found in WellChoose Single Sign-On Portal System. This affects an unknown function. The manipulation leads to os command injection. This vulnerability is referenced as CVE-2026-1428. Remote exploitation of the attack is possible. No exploit is available. It is recommended to upgrade the affected component.

A vulnerability described as problematic has been identified in WellChoose Single Sign-On Portal System. The impacted element is an unknown function. Executing a manipulation can lead to cross site scripting. The identification of this vulnerability is CVE-2026-1429. The attack may be launched remotely. There is no exploit available. Upgrading the affected component is recommended.

An out-of-band (OOB) cumulative update, KB5078127, to address critical file system compatibility issues affecting Windows 11 users. The update resolves widespread problems introduced by the January 13, 2026, security update (KB5074109) that caused application freezes and cloud storage failures across multiple platforms. The most significant fix addresses file system corruption affecting cloud-based storage applications. Users […]

The post Microsoft Releases Out-of-Band Update KB5078127 to Fix Windows 11 File System and Outlook Freezes appeared first on Cyber Security News.

A sophisticated phishing campaign active between November 2025 and January 2026 has been exploiting Vercel’s legitimate hosting platform to distribute remote access tools to unsuspecting victims. The attack chain combines social engineering with trusted domain exploitation, making it particularly effective at bypassing traditional security layers. Attackers craft phishing emails using financially themed lures such as […]

The post New Phishing Attack Leverages Vercel Hosting Platform to Deliver a Remote Access Tool appeared first on Cyber Security News.

The North Korean threat actor known as Konni has been observed using PowerShell malware generated using artificial intelligence (AI) tools to target developers and engineering teams in the blockchain sector. The phishing campaign has targeted Japan, Australia, and India, highlighting the adversary's expansion of the targeting scope beyond South Korea, Russia, Ukraine, and European nations, Check

Starting March 2026, Microsoft Entra ID will automatically enable passkey profiles and introduce support for synced passkeys. Passkey profiles move into general availability The update brings passkey profiles and synced passkeys into general availability. Administrators gain access to a new passkey profiles experience that supports group-based configuration. This allows security teams to apply passkey policies to specific user groups instead of managing settings at a tenant-wide level. At the center of the change is a … More →

The post Microsoft Entra ID will auto-enable passkey profiles, synced passkeys appeared first on Help Net Security.

A critical server-side vulnerability in Instagram’s infrastructure allowed unauthenticated attackers to access private photos and captions without a login or follower relationship, according to a disclosure released this week by security researcher Jatin Banga. The vulnerability, which was reportedly patched silently by Meta in October 2025, relied on a specific configuration of HTTP headers to […]

The post New Instagram Vulnerability Exposes Private Posts to Anyone appeared first on Cyber Security News.

A vulnerability marked as critical has been reported in WellChoose Single Sign-On Portal System. The affected element is an unknown function. Performing a manipulation results in os command injection. This vulnerability was named CVE-2026-1427. The attack may be initiated remotely. There is no available exploit. It is suggested to upgrade the affected component.

对抗样本反编译手段升级、载荷投递流程升级

Запуск первых 16 спутников перенесли на 2026 год.

A vulnerability has been found in Oracle Communications Session Report Manager 8.2.0/8.2.1/8.2.2 and classified as critical. This affects an unknown part. This manipulation causes deserialization. This vulnerability appears as CVE-2020-14195. The attack may be initiated remotely. There is no available exploit. The affected component should be upgraded.

A vulnerability was found in Oracle Communications Session Route Manager 8.2.0/8.2.1/8.2.2 and classified as critical. This vulnerability affects unknown code. Such manipulation leads to deserialization. This vulnerability is traded as CVE-2020-14195. The attack may be launched remotely. There is no exploit available. It is suggested to upgrade the affected component.

A vulnerability described as critical has been identified in Oracle Banking Digital Experience up to 20.1. The impacted element is an unknown function of the component Framework. Executing a manipulation can lead to deserialization. This vulnerability is handled as CVE-2020-14195. The attack can be executed remotely. There is not any exploit available. Upgrading the affected component is recommended.

A vulnerability classified as critical was found in Oracle Communications Diameter Signaling Router up to 8.2.2. Affected is an unknown function of the component IDIH. Executing a manipulation can lead to deserialization. This vulnerability is registered as CVE-2020-14195. It is possible to launch the attack remotely. No exploit is available. Upgrading the affected component is advised.

A vulnerability, which was classified as critical, has been found in Oracle Communications Element Manager 8.2.0/8.2.1/8.2.2. Affected by this vulnerability is an unknown functionality. The manipulation leads to deserialization. This vulnerability is documented as CVE-2020-14195. The attack can be initiated remotely. There is not any exploit available. It is advisable to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Oracle Communications Evolved Communications Application Server 7.1. Affected by this issue is some unknown functionality of the component Universal Data Record. The manipulation results in deserialization. This vulnerability is reported as CVE-2020-14195. The attack can be launched remotely. No exploit exists. You should upgrade the affected component.

A vulnerability labeled as critical has been found in FasterXML jackson-databind up to 2.9.10.4. Affected by this vulnerability is an unknown functionality of the component oracle.jms.AQjmsQueueConnectionFactory. The manipulation results in deserialization (Serialized). This vulnerability is cataloged as CVE-2020-14061. The attack may be launched remotely. There is no exploit available. The affected component should be upgraded.

A vulnerability marked as critical has been reported in FasterXML jackson-databind up to 2.9.10.4. Affected by this issue is some unknown functionality of the component com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool. This manipulation causes deserialization (Serialized). This vulnerability is registered as CVE-2020-14062. Remote exploitation of the attack is possible. No exploit is available. It is suggested to upgrade the affected component.

A vulnerability has been found in FasterXML jackson-databind up to 2.9.10.4 and classified as critical. The affected element is an unknown function of the component org.jsecurity.realm.jndi.JndiRealmFactory. Performing a manipulation results in deserialization (Serialized). This vulnerability is cataloged as CVE-2020-14195. It is possible to initiate the attack remotely. There is no exploit available. The affected component should be upgraded.