Aggregator

A vulnerability described as critical has been identified in Oracle Financial Services Model Management and Governance 8.0.8.0/8.1.0.0/8.1.1.0. This affects an unknown part of the component Installer/Configuration. Executing a manipulation can lead to time-of-check time-of-use. This vulnerability is registered as CVE-2022-23181. The attack needs to be launched locally. No exploit is available.

Ukrainian entities have emerged as the target of a new campaign likely orchestrated by threat actors linked to Russia, according to a report from S2 Grupo's LAB52 threat intelligence team. The campaign, observed in February 2026, has been assessed to share overlaps with a prior campaign mounted by Laundry Bear (aka UAC-0190 or Void Blizzard) aimed at Ukrainian defense forces with a malware

Взломщик ByteToBreach опубликовал внутренности шведских госуслуг.

A vulnerability classified as problematic was found in SAP NetWeaver Application Server for ABAP up to 816. This vulnerability affects unknown code. The manipulation results in missing authorization. This vulnerability is reported as CVE-2026-24310. The attack can be launched remotely. No exploit exists. It is best practice to apply a patch to resolve this issue.

A vulnerability, which was classified as problematic, has been found in Python CPython up to 3.14.x. This affects an unknown function of the component Tarfile Module. This manipulation causes incorrect comparison. This vulnerability appears as CVE-2025-13462. The attack requires local access. There is no available exploit. It is advisable to upgrade the affected component.

A vulnerability identified as problematic has been detected in Cisco Secure Endpoint. This vulnerability affects unknown code of the component ClamAV. The manipulation leads to uncaught exception. This vulnerability is documented as CVE-2026-20031. The attack can be initiated remotely. There is not any exploit available. You should upgrade the affected component.

A vulnerability was found in thejoshwolfe yauzl up to 3.2.0. It has been declared as problematic. This affects the function getLastModDate of the component ZIP File Handler. Such manipulation leads to off-by-one. This vulnerability is traded as CVE-2026-31988. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in svgo up to 2.8.0/3.3.2/4.0.0. Affected by this vulnerability is an unknown functionality of the component SVG File Parser. Executing a manipulation can lead to xml entity expansion. This vulnerability is handled as CVE-2026-29074. The attack can be executed remotely. There is not any exploit available. Upgrading the affected component is advised.

检测业务是否受到此漏洞影响，请联系长亭应急服务团队！

A vulnerability has been found in libexpat up to 2.7.4 and classified as problematic. This affects the function setContext. The manipulation leads to null pointer dereference. This vulnerability is documented as CVE-2026-32778. The attack needs to be performed locally. There is not any exploit available. The affected component should be upgraded.

A vulnerability, which was classified as problematic, was found in libexpat up to 2.7.4. Affected by this issue is some unknown functionality. Executing a manipulation can lead to infinite loop. This vulnerability is registered as CVE-2026-32777. The attack needs to be launched locally. No exploit is available. You should upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in libexpat up to 2.7.4. Affected by this vulnerability is an unknown functionality. Performing a manipulation results in null pointer dereference. This vulnerability is cataloged as CVE-2026-32776. The attack must be initiated from a local position. There is no exploit available. It is advisable to upgrade the affected component.

A vulnerability classified as problematic was found in Mumble up to 1.6.869. Affected is an unknown function. Such manipulation leads to out-of-bounds read. This vulnerability is listed as CVE-2025-71264. The attack may be performed from remote. There is no available exploit. Upgrading the affected component is advised.

A vulnerability classified as critical has been found in thermalright TR-VISION HOME up to 2.0.4 on Windows. This impacts an unknown function. This manipulation causes inclusion of functionality from untrusted control sphere. This vulnerability is tracked as CVE-2026-4255. The attack is restricted to local execution. No exploit exists. It is recommended to upgrade the affected component.

A vulnerability described as critical has been identified in OpenHarmony up to 5.1.0.x. This affects an unknown function of the component Pre-installed Apps. The manipulation results in out-of-bounds write. This vulnerability is identified as CVE-2025-52458. The attack is only possible with local access. There is not any exploit available.

A vulnerability marked as critical has been reported in OpenHarmony up to 5.1.0.x. The impacted element is an unknown function of the component Pre-installed Apps. The manipulation leads to out-of-bounds write. This vulnerability is referenced as CVE-2025-41432. The attack can only be performed from a local environment. No exploit is available.

A vulnerability labeled as problematic has been found in OpenHarmony up to 5.1.0.x. The affected element is an unknown function. Executing a manipulation can lead to type confusion. The identification of this vulnerability is CVE-2025-25277. The attack can only be executed locally. There is no exploit available.

A vulnerability identified as critical has been detected in GROWI up to 7.4.5. Impacted is an unknown function of the component OpenAI API Endpoint. Performing a manipulation results in missing authorization. This vulnerability was named CVE-2026-25083. The attack may be initiated remotely. There is no available exploit.

嗯，用户让我用中文总结一下这篇文章，控制在一百个字以内，而且不需要用“文章内容总结”这样的开头。直接写描述就行。 首先，我需要通读整篇文章，抓住主要内容。文章主要讲的是Geordie AI这家公司入围了RSA Conference 2026的创新沙盒竞赛。他们专注于AI Agent的安全与治理，提供一个平台来监控和管理企业内部的AI智能体。 接下来，我需要提取关键信息：公司名称、入围比赛、专注领域、产品功能等。然后把这些信息浓缩到100字以内，同时保持语句通顺。 可能会遇到的问题是如何在有限的字数内涵盖所有重要点。比如，公司背景、产品功能、行业影响等。需要选择最重要的部分来突出。 最后，检查一下是否符合用户的要求：中文、100字以内、直接描述内容。确保没有遗漏关键信息，并且表达清晰。 Geordie AI 是一家专注于 AI Agent 安全与治理的网络安全初创公司，其平台能够实时发现、监控和管理企业内部部署的 AI 智能体行为与风险，帮助企业应对 AI Agent 带来的新型安全挑战。该公司入围 RSA Conference 2026 创新沙盒竞赛决赛，并展示了其在 AI 安全领域的创新技术与解决方案。

The Iranian syndicate designated “Handala Hack”—a collective inextricably intertwined with the Void Manticore cluster and the Iranian Ministry

The post Manual Malice: How Handala Hack Weaponizes AI Wipers and NetBird for Rapid Network Annihilation appeared first on Penetration Testing Tools.