Aggregator

A vulnerability identified as problematic has been detected in Ollama 0.12.10. This vulnerability affects the function readGGUFV1String of the file fs/ggml/gguf.go of the component GGUF Metadata Handler. This manipulation causes denial of service. The identification of this vulnerability is CVE-2025-66960. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability categorized as critical has been discovered in TP-Link Archer C20 and Archer AX53. This affects an unknown part of the component TDDP Module. The manipulation results in authentication bypass by spoofing. This vulnerability was named CVE-2026-0834. The attack needs to be approached within the local network. There is no available exploit. It is advisable to upgrade the affected component.

A vulnerability was found in Tenda AX1803 1.0.0.1. It has been rated as critical. Affected by this issue is the function sub_727F4. The manipulation of the argument security_5g leads to stack-based buffer overflow. This vulnerability is uniquely identified as CVE-2025-70648. The attack is possible to be carried out remotely. No exploit exists.

A vulnerability was found in Tenda AX1803 1.0.0.1. It has been declared as critical. Affected by this vulnerability is the function sub_72290. Executing a manipulation of the argument Security can lead to stack-based buffer overflow. This vulnerability is handled as CVE-2025-70646. The attack can be executed remotely. There is not any exploit available.

A vulnerability was found in Tenda AX1806 1.0.0.1. It has been classified as critical. Affected is the function sub_60CFC. Performing a manipulation of the argument Time results in stack-based buffer overflow. This vulnerability is known as CVE-2025-70644. Remote exploitation of the attack is possible. No exploit is available.

A vulnerability was found in Cisco Packaged Contact Center Enterprise and Unified Contact Center Enterprise and classified as problematic. This impacts an unknown function of the component Web-based Management Interface. Such manipulation leads to cross site scripting. This vulnerability is traded as CVE-2026-20109. The attack may be launched remotely. There is no exploit available. It is suggested to upgrade the affected component.

«Национальный мессенджер» проигрывает битву за контент.

Microsoft has confirmed it is actively investigating a new service incident affecting multiple core services within the Microsoft 365 ecosystem. The company acknowledged the disruption on Wednesday evening, following reports of connectivity issues and service degradation for users relying on its cloud-based productivity tools. The incident, tracked under Issue ID MO1220495, officially began on January […]

The post Microsoft Investigating Issue Impacting Exchange Online, Teams, and M365 Suite appeared first on Cyber Security News.

As many as 3,136 individual IP addresses linked to likely targets of the Contagious Interview activity have been identified, with the campaign claiming 20 potential victim organizations spanning artificial intelligence (AI), cryptocurrency, financial services, IT services, marketing, and software development sectors in Europe, South Asia, the Middle East, and Central America. The new findings

Как старый трюк с перезагрузкой Windows обманывал время.

LastPass is warning of a new phishing campaign disguised as a maintenance notification from the service, asking users to back up their vaults in the next 24 hours. [...]

This publication provides guidance on the actions you should take in the critical moments after a compromise is detected to lessen the impact on your organization.

Oleg Evgenievich Nefedov, a 35-year-old Russian national, is accused of forming and running the ransomware outfit since 2022. He’s now on Europol and Interpol’s most-wanted lists.

The post Black Basta’s alleged ringleader identified as authorities raid homes of other members appeared first on CyberScoop.

LockBit, one of the most dangerous ransomware groups in the world, has released its newest version despite facing serious law enforcement actions. The group’s operations continue moving forward, displaying fresh variants that target different computer systems and platforms. Recently, leaked materials and screenshots have provided security experts with a detailed look at how this criminal […]

The post Researchers Uncovered LockBit’s 5.0 Latest Affiliate Panel and Encryption Variants appeared first on Cyber Security News.

A vulnerability has been found in Timesheets Plugin up to 4.23.5/4.23.6 on Jira and classified as problematic. This affects an unknown function of the component Issue Handler. This manipulation of the argument Summary causes cross site scripting. This vulnerability appears as CVE-2025-57681. The attack may be initiated remotely. There is no available exploit.

A vulnerability, which was classified as problematic, was found in Cisco Intersight Virtual Appliance. The impacted element is an unknown function. The manipulation results in incorrect permission assignment. This vulnerability is reported as CVE-2026-20092. The attack requires a local approach. No exploit exists. You should upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Cisco Packaged Contact Center Enterprise and Unified Contact Center Enterprise. The affected element is an unknown function. The manipulation leads to cross site scripting. This vulnerability is documented as CVE-2026-20055. The attack can be initiated remotely. There is not any exploit available. It is advisable to upgrade the affected component.

A vulnerability classified as problematic was found in Cisco IEC6400 Wireless Backhaul Edge Compute Software. Impacted is an unknown function of the component SSH. Executing a manipulation can lead to resource consumption. This vulnerability is registered as CVE-2026-20080. It is possible to launch the attack remotely. No exploit is available. Upgrading the affected component is advised.