Aggregator

A vulnerability categorized as critical has been discovered in Linux Kernel up to 6.12.7. This vulnerability affects unknown code of the component megaraid_sas. Executing a manipulation can lead to deadlock. This vulnerability is registered as CVE-2024-57807. The attack requires access to the local network. No exploit is available. It is advisable to upgrade the affected component.

HackerNews 编译，转载请注明出处： 2026年1月20日，Everest在其暗网泄密网站上公布了此次入侵的相关信息，并威胁称，若企业未在其设定的期限内作出回应，将公开披露所窃取的数据。根据 Everest 勒索软件组织的说法，此次攻击导致大量公司内部文件及客户个人数据被泄露。 攻击者宣称：“你们客户的个人数据以及内部文件已被泄露并存储在我们的系统中”，其中包括“种类繁多的客户个人文件和信息”。 据称，被窃取的数据包含大量内部记录，可能在区域范围内引发严重的身份盗用和定向钓鱼攻击风险。 Everest是一个以俄语为主要交流语言的勒索软件组织，最早于2020年12月出现，起初以数据窃取为主，至2021年初发展为具备AES/DES双重加密能力的完整勒索软件体系。 该组织以“纯敲诈”策略而闻名，重点在于窃取并出售企业敏感数据，而不仅仅是对文件进行加密。其近期的高知名度受害者包括华硕、日产汽车，以及都柏林机场。 麦当劳在印度通过两家独立公司运营：负责北部和东部地区的Connaught Plaza Restaurants，以及负责西部和南部地区的 Hardcastle Restaurants。自1996年以来，这两家实体已为数百万印度消费者提供服务。 此前，该公司曾在 2017 年和 2024 年 遭遇过数据安全相关问题。 截至目前，麦当劳印度方面尚未确认此次数据泄露事件。 消息来源：cybersecuritynews； 本文由 HackerNews.cc 翻译整理，封面来源于网络； 转载请注明“转自 HackerNews.cc”并附上原文

A vulnerability was found in Mozilla Thunderbird up to up to 115.10 and classified as problematic. This affects an unknown function of the component Web Worker. Such manipulation leads to information exposure through error message. This vulnerability is listed as CVE-2024-4769. The attack may be performed from remote. There is no available exploit. It is suggested to upgrade the affected component.

A vulnerability described as critical has been identified in pki-core. This impacts an unknown function of the component Message Content Handler. Such manipulation leads to improper authorization. This vulnerability is traded as CVE-2022-2393. Access to the local network is required for this attack to succeed. There is no exploit available.

A vulnerability categorized as critical has been discovered in Microsoft .NET and Visual Studio. Impacted is an unknown function. Executing a manipulation can lead to denial of service. This vulnerability is registered as CVE-2024-38095. It is possible to launch the attack remotely. No exploit is available. Applying a patch is advised to resolve this issue.

A vulnerability was found in VMware Tools. It has been classified as critical. Impacted is an unknown function. The manipulation leads to improper authentication. This vulnerability is uniquely identified as CVE-2023-20867. Local access is required to approach this attack. Moreover, an exploit is present. Upgrading the affected component is recommended.

A vulnerability marked as critical has been reported in Grub2. The impacted element is an unknown function of the component Password Protection. This manipulation causes improper authentication. This vulnerability is registered as CVE-2023-4001. The attack requires access to the local network. No exploit is available.

LastPass is alerting users to a new active phishing campaign that's impersonating the password management service, which aims to trick users into giving up their master passwords. The campaign, which began on or around January 19, 2026, involves sending phishing emails claiming upcoming maintenance and urging them to create a local backup of their password vaults in the next 24 hours. The

Oracle has disclosed a severe security vulnerability affecting its Fusion Middleware suite, specifically targeting the Oracle HTTP Server and the Oracle WebLogic Server Proxy Plug-in. Assigned CVE-2026-21962, this flaw carries the maximum severity rating and poses an immediate threat to enterprise environments that use these proxy components. The vulnerability stems from a defect in how […]

The post Critical Oracle WebLogic Server Proxy Vulnerability Lets Attackers Compromise the Server appeared first on Cyber Security News.

Маленькое окно площадью в один пиксель теперь знает о вас всё.

A vulnerability was found in Oracle Database Server up to 19.29/21.20 and classified as critical. The impacted element is an unknown function of the component Java VM Component. Executing a manipulation can lead to privilege escalation. This vulnerability is tracked as CVE-2026-21975. The attack can be launched remotely. No exploit exists. It is suggested to upgrade the affected component.

A vulnerability marked as problematic has been reported in Oracle Life Sciences Central Designer 7.0.1.0. The affected element is an unknown function. This manipulation causes information disclosure. This vulnerability appears as CVE-2026-21970. The attack may be initiated remotely. There is no available exploit. It is suggested to upgrade the affected component.

A vulnerability described as critical has been identified in Oracle FLEXCUBE Investor Servicing 14.5.0.15.0/14.7.0.8.0/14.8.0.1.0. The impacted element is an unknown function of the component Oracle Financial Service. Such manipulation leads to improper authorization. This vulnerability is traded as CVE-2026-21973. The attack may be launched remotely. There is no exploit available. Upgrading the affected component is recommended.

A vulnerability marked as problematic has been reported in Oracle Life Sciences Central Designer 7.0.1.0. This impacts an unknown function of the component Platform. Performing a manipulation results in information disclosure. This vulnerability is reported as CVE-2026-21974. The attack is possible to be carried out remotely. No exploit exists. It is suggested to upgrade the affected component.

A vulnerability classified as problematic has been found in Oracle FLEXCUBE Universal Banking up to 14.8.0.0.0. This affects an unknown function of the component Oracle Financial Service. Performing a manipulation results in information disclosure. This vulnerability is known as CVE-2026-21978. Remote exploitation of the attack is possible. No exploit is available. It is recommended to upgrade the affected component.

A vulnerability has been found in Oracle Zero Data Loss Recovery Appliance Software up to 23.1.202509 and classified as problematic. The impacted element is an unknown function of the component Security. The manipulation leads to information disclosure. This vulnerability is uniquely identified as CVE-2026-21977. The attack is possible to be carried out remotely. No exploit exists. The affected component should be upgraded.

Festoが提供する複数の製品には、製品の機能に関する技術的な情報の提供が不十分な問題が存在します。

Criminal groups actively recruit, train, and retain people in structured ways. They move fast, pay in crypto, and place no weight on age. Young people are dealing with a new kind of addiction. It isn’t drugs, alcohol, or gambling. It’s screens. Constant time online chips away at attention, confidence, and judgment, and pushes young people toward views and choices that don’t always work in their favour. Children are drawn into organized crime for many reasons, … More →

The post Cybercriminals speak the language young people trust appeared first on Help Net Security.

Schneider Electricが提供するUni-Telwayドライバには、不適切な入力確認の脆弱性が存在します。

Schneider Electricが提供する複数の製品には、複数の脆弱性が存在します。