Aggregator

A vulnerability was found in IBM DB2 and DB2 Connect Server up to 12.1.1 and classified as problematic. The impacted element is an unknown function. Such manipulation leads to race condition. This vulnerability is documented as CVE-2025-1493. The attack can be executed remotely. There is not any exploit available. It is suggested to upgrade the affected component.

A vulnerability identified as problematic has been detected in IBM DB2 and DB2 Connect Server up to 11.5.9/12.1.1. This impacts an unknown function of the component Configuration Handler. The manipulation leads to allocation of resources. This vulnerability is uniquely identified as CVE-2025-0915. The attack is possible to be carried out remotely. No exploit exists. You should upgrade the affected component.

A vulnerability labeled as problematic has been found in IBM DB2 and DB2 Connect Server up to 11.5.9/12.1.1. Affected is an unknown function of the component Automatic Client Rerouting. The manipulation results in allocation of resources. This vulnerability was named CVE-2025-1000. The attack may be performed from remote. There is no available exploit. The affected component should be upgraded.

A vulnerability labeled as problematic has been found in IBM DB2 and DB2 Connect Server up to 11.5.9/12.1.1. This impacts an unknown function of the component Q Replication. The manipulation results in allocation of resources. This vulnerability is reported as CVE-2025-3050. The attack can be launched remotely. No exploit exists. The affected component should be upgraded.

Corr-Serve, a South African value-added distributor of cybersecurity solutions, has strengthened its long-standing partnership with Seceon, a global provider of advanced cybersecurity technology, expanding local access to AI-driven threat detection and response capabilities. The enhanced agreement builds on more than seven years of collaboration between the two companies in Southern Africa and positions Corr-Serve as Seceon’s

The post Corr-Serve strengthens South Africa’s cybersecurity market through expanded Seceon partnership appeared first on Seceon Inc.

The post Corr-Serve strengthens South Africa’s cybersecurity market through expanded Seceon partnership appeared first on Security Boulevard.

Взрывали деды, а умирают внуки: доклад о том, как испытания 50-х годов продолжают ломать ДНК детей.

Week 04 (ending January 23, 2026) highlighted a strong convergence of high-impact patching requirements and evolving attacker tradecraft across enterprise […]

The post Weekly Threat Landscape Digest – Week 4 appeared first on HawkEye.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added four security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The list of vulnerabilities is as follows - CVE-2025-68645 (CVSS score: 8.8) - A PHP remote file inclusion vulnerability in Synacor Zimbra Collaboration Suite (ZCS) that could allow a

Defensie heeft een Loket Asbest geopend voor medewerkers, oud-medewerkers en derden. Zij kunnen hier terecht voor vragen en zorgen over de blootstelling aan asbest en mogelijk ziekte als gevolg daarvan. Onder derden vallen bijvoorbeeld onderaannemers en schoonmakers.

A vulnerability identified as critical has been detected in GNU gdb 13.0.50.20220805-git. This affects the function ada_decode of the file /gdb/ada-lang.c. Performing a manipulation results in stack-based buffer overflow. This vulnerability is cataloged as CVE-2023-39128. The attack must be initiated from a local position. There is no exploit available.

A vulnerability described as critical has been identified in BMC Control-M 9.0.20.200. Affected is an unknown function of the file /report/deleteReport. Executing a manipulation of the argument report-id can lead to sql injection. This vulnerability appears as CVE-2023-39122. The attacker needs to be present on the local network. There is no available exploit.

A vulnerability was found in Emlog 2.1.9. It has been declared as critical. This impacts an unknown function of the file /admin/user.php. Such manipulation leads to sql injection. This vulnerability is uniquely identified as CVE-2023-39121. The attack can only be initiated within the local network. No exploit exists.

A vulnerability identified as critical has been detected in NTSC-CRT 2.2.1. The affected element is the function loadBMP of the file bmp_rw.c. This manipulation of the argument width/height/BPP causes out-of-bounds write. This vulnerability appears as CVE-2023-39125. The attacker needs to be present on the local network. There is no available exploit.

A vulnerability was found in Campcodes Online Matrimonial Website System Script 3.3. It has been rated as problematic. Affected is an unknown function of the file install/aiz-uploader/upload of the component SVG Document Handler. The manipulation leads to cross site scripting. This vulnerability is referenced as CVE-2023-39115. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

В открытом доступе обнаружена база данных с 150 миллионами логинов и паролей пользователей популярных сервисов.

AI-generated code can introduce subtle security flaws when teams over-trust automated output. Intruder shows how an AI-written honeypot introduced hidden vulnerabilities that were exploited in attacks. [...]

A sophisticated macOS malware called MacSync has emerged as a dangerous new threat targeting cryptocurrency users through deceptive social engineering tactics. The infostealer operates as an affordable Malware-as-a-Service tool designed to harvest sensitive data from macOS systems by convincing victims to paste a single command into their Terminal application. Security researchers discovered MacSync while investigating […]

The post MacSync macOS Infostealer Leverage ClickFix-style Attack to Trick Users Pasting a Single Terminal Command appeared first on Cyber Security News.

Open letter by NHS technology leaders outlines plans to identify risks to software supply chain security across health and social care system

Для реализации этой угрозы не требуются права администратора или установка вредоносных программ.

在美国特种部队逮捕马杜罗（Nicolás Maduro）的同时，委内瑞拉首都加拉加斯陷入一片黑暗。这标志着现代冲突性质的深刻转变：物理战争与网络战的融合。断电并非是通过炸毁输电塔或切断电线造成的，而是通过对管理电力的工控系统进行精准而隐蔽的操控。恶意软件能入侵工业控制器，能拦截电网运营商发送的合法指令，替换为破坏电网稳定的恶意指令。恶意软件可以发送指令快速打开和关闭断路器，该操作会导致大型变压器或发电机过热或与电网失去同步，从而造成物理损坏，可能引发火灾或爆炸，而修复工作可能需要数月时间。攻击工控系统的历史案例包括 2009 年对伊朗铀浓缩离心机的 Stuxne 蠕虫攻击，2016 年俄罗斯对乌克兰能源部门的 Industroyer 攻击等。