Aggregator

CVE-2026-24002 | gristlabs grist-core up to 1.7.8 GRIST_SANDBOX_FLAVOR injection (GHSA-7xvx-8pf2-pv5g)

2 months 3 weeks ago

A vulnerability was found in gristlabs grist-core up to 1.7.8. It has been rated as problematic. Affected by this vulnerability is an unknown functionality. This manipulation of the argument GRIST_SANDBOX_FLAVOR causes injection. This vulnerability is registered as CVE-2026-24002. Remote exploitation of the attack is possible. No exploit is available. Upgrading the affected component is advised.

vuldb.com

CVE-2026-24049 | pypa wheel up to 0.46.1 File path traversal (GHSA-8rrh-rw8j-w5fx)

VulDB Recent Entries

2 months 3 weeks ago

A vulnerability was found in pypa wheel up to 0.46.1. It has been declared as critical. Affected is an unknown function of the component File Handler. The manipulation results in path traversal. This vulnerability is cataloged as CVE-2026-24049. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

vuldb.com

2026年邮件安全怎么防？3大攻击案例+ 1套防护指南，管理员直接用

嘶吼

2 months 3 weeks ago

黑产攻击持续加剧，企业邮件安全如何破局？《2025年Q4企业邮箱安全性研究报告》给出了惊人数据：钓鱼邮件数量激增至4.25亿，环比暴涨近150%，同比翻倍，攻击规模呈“爆发式增长”！2025年，云服务滥用、网关漏洞和社会工程学诈骗等攻击场景频频出现，不少企业因一个疏忽，就中招。本文结合2025年3大典型攻击案例，为你拆解黑客核心套路，并附上可落地的2026年邮件安全防护指南。

案例1：AWS SES 遭滥用，钓鱼邮件日发5W+引发重大损失

事件复盘：黑客窃取企业AWS账号密钥，滥用SES服务批量发送伪装成银行、电商的钓鱼邮件，日发超5万封。这不仅造成直接诈骗损失，更损害了企业品牌声誉，并可能引发合规风险。

攻击根源：企业密钥管理松懈，黑客绕开发送限制，并伪装可信来源经过API批量发件，传统防护难以识别 “合法平台发出的恶意邮件”。

2026年防护建议：

－定期更换云服务密钥，开启密钥泄露提醒，为SES设置发送量阈值，超量自动告警。

－配齐SPF、DKIM、DMARC三重认证，从源头防范域名伪造。

－监测对外发信，配置严格的发送配额，超量时自动告警。

案例2：开源网关漏洞+境外钓鱼攻击，致内网失守与连锁感染

事件复盘：HW期间，多家厂商邮件网关因开源MTA组件漏洞+代码命令拼接缺陷，遭特定邮件攻击致服务器命令执行权限失守；同期，境外势力通过钓鱼邮件窃取机关单位账号，利用自动回复植入病毒，形成“连锁感染”。

攻击根源：、加密查杀措施落实不到位，叠加人员安全意识薄弱、违规操作，大幅降低攻击门槛。

2026年防护建议：

－全面排查弱密码，关键岗位强制开启MFA，优先使用硬件密钥或认证器APP，禁用短信验证。

－部署邮件安全网关加强防护，规避开源组件及代码拼接漏洞，提升防护稳定性。

案例3：高校邮件系统遭入侵，百万敏感数据泄露+诈骗频发

事件复盘：宾夕法尼亚大学邮件系统遭入侵，黑客盗取账号后大量发送挑衅邮件，并伪造高管转账指令进行诈骗，最终窃取120万名捐赠者及校友敏感数据。

攻击根源：黑客以社会工程学为核心，利用盗取的单点登录凭证发起攻击，凭借纯文字话术避开传统病毒检测，精准拿捏企业流程漏洞与人员心理弱点，致使传统网关无法识别这类
“干净”邮件而失效。

2026年防护建议：

－关键岗位（如高管、财务等）强制开启MFA，防止账号被盗。

－部署邮件安全网关，管控域内互发及外发流量，监测异常发件行为并触发告警。

－每季度开展反钓鱼演练，针对性培训，提升员工识别能力。

推荐防护方案

复盘2025年各类邮件攻击案例发现，单一防护工具难以应对批量外发滥用、开源网关漏洞、社会工程学诈骗等多场景风险。2026年企业需构建"智能技术防线"与"人员意识防线"双轮驱动的闭环体系。

智能技术防线：CACTER邮件安全网关

自研架构：自研 MTA 核心，摆脱开源组件漏洞桎梏，规避命令行注入风险

域内管控拦截：独家域内管控机制，精准拦截异常批量外发、新型 HTML 二维码钓鱼等攻击

态势可视溯源：提供收发信统计、异常溯源能力，助力管理员实时掌控安全态势

人员意识防线：CACTER反钓鱼演练

高仿真模拟：提供100+演练模板，精准复现25年高发的“高管冒充”“福利诱导”等套路

分钟级部署：5分钟快速上线，节省90%人工部署时间

闭环提升：全流程员工行为追踪、风险等级划分及薄弱人群定位，实现“演练－评估－培训”闭环优化

2025年的攻击案例警示我们：一个未更换的密钥、一次疏忽的点击、一台有漏洞的网关，都可能成为黑客突破防线的缺口。2026年，攻击手法只会更隐蔽、更精准，企业开年就需把防护做扎实。建议企业先落实三重认证、MFA部署、弱密码清理等基础防护动作，再搭配专业防护工具如CACTER邮件网关与反钓鱼演练，让技术拦截与人员赋能形成闭环，实现真正的风险可控。

CACTER邮件安全

CVE-2026-21932 | Oracle Java SE/GraalVM for JDK/GraalVM Enterprise Edition AWT/JavaFX Remote Code Execution (EUVD-2026-3577 / Nessus ID 294885)

Vuldb Updates

2 months 3 weeks ago

A vulnerability marked as critical has been reported in Oracle Java SE, GraalVM for JDK and GraalVM Enterprise Edition. Affected by this vulnerability is an unknown functionality of the component AWT/JavaFX. Performing a manipulation results in Remote Code Execution. This vulnerability is known as CVE-2026-21932. Remote exploitation of the attack is possible. No exploit is available. It is suggested to upgrade the affected component.

vuldb.com

CVE-2025-13878 | ISC BIND prior 9.18.44/9.20.18/9.21.17 BRID/HHIT assertion (Nessus ID 294904)

Vuldb Updates

2 months 3 weeks ago

A vulnerability was found in ISC BIND up to 9.18.43/9.18.43-S1/9.20.17/9.20.17-S1/9.21.16. It has been rated as problematic. This impacts an unknown function of the component BRID/HHIT. Performing a manipulation results in reachable assertion. This vulnerability was named CVE-2025-13878. The attack may be initiated remotely. There is no available exploit. Upgrading the affected component is advised.

vuldb.com

CVE-2024-31884 | Ceph Pybind certificate validation (Nessus ID 294905)

Vuldb Updates

2 months 3 weeks ago

A vulnerability described as critical has been identified in Ceph. This affects an unknown part of the component Pybind. Executing a manipulation can lead to improper certificate validation. This vulnerability is handled as CVE-2024-31884. The attack can be executed remotely. There is not any exploit available. Upgrading the affected component is recommended.

vuldb.com

New ClearFake Campaign Leveraging Proxy Execution to Run PowerShell Commands via Trusted Window Feature

Cyber Security News

2 months 3 weeks ago

ClearFake has entered a new and more dangerous phase, turning a familiar fake CAPTCHA scam into a highly evasive malware delivery chain. Across hundreds of hacked websites, visitors now see what looks like a routine verification challenge, but behind the scenes the page is preparing to launch hidden code. Victims only need to follow simple […]

The post New ClearFake Campaign Leveraging Proxy Execution to Run PowerShell Commands via Trusted Window Feature appeared first on Cyber Security News.

Tushar Subhra Dutta

国投智能“小码特工队”热血集结！解锁“三拓”进展新视角

嘶吼

2 months 3 weeks ago

国投智能“小‘码’特工队”化身“两稳三拓一服务”战略先行者、技术领航员、市场代言人，更是您的“脚替”，深入“三拓”业务一线，发现关键进展，感知业务动态，洞察核心价值，让战略进展看得见、摸得着。

【猎诈特工】专攻新金融安全与数字反欺诈，叠满“AI+数据”专属buff拓增量，向着世界一流反诈天花板全力冲刺，诈骗链路通通锁死！
【智控特工】以具身智能为核心战力，聚焦“服务安全”与“自身安全”双赛道，扎根前沿技术落地一线，解锁全场景应用新姿势！
【国际特工】肩负“中国方案”出海使命，以“全球警火商”身份出征，从澜湄区域到“一带一路”，把中国硬核科技带向全球舞台！
马年有小“码”，既锚定代码、密码的IT核心基因，彰显数据智能与安全服务硬实力；更自带“马”的灵动与坚毅，恰似骏马驰骋信息长河，精准挖掘业务价值、高效传递进展动态，为战略推进注入强劲动能！

国投智能

CVE-2025-11761 | HP Client Management Script Library up to 1.84 Installation uncontrolled search path (EUVD-2025-37501)

Vuldb Updates

2 months 3 weeks ago

A vulnerability categorized as problematic has been discovered in HP Client Management Script Library up to 1.84. This affects an unknown part of the component Installation Handler. Such manipulation leads to uncontrolled search path. This vulnerability is documented as CVE-2025-11761. The attack needs to be performed locally. There is not any exploit available. It is advisable to upgrade the affected component.

vuldb.com

CVE-2024-58339 | run-llama llama_index up to 0.12.2 VannaPack VannaQueryEngine custom_query allocation of resources (EUVD-2026-2397)

Vuldb Updates

2 months 3 weeks ago

A vulnerability was found in run-llama llama_index up to 0.12.2. It has been classified as critical. This affects the function custom_query of the component VannaPack VannaQueryEngine. This manipulation causes allocation of resources. This vulnerability appears as CVE-2024-58339. The attack may be initiated remotely. There is no available exploit.

vuldb.com

CVE-2026-22849 | Saleor up to 3.20.107/3.21.42/3.22.26 Refresh Token cross site scripting (GHSA-8jcj-r5g2-qrpv / EUVD-2026-3777)

Vuldb Updates

2 months 3 weeks ago

A vulnerability was found in Saleor up to 3.20.107/3.21.42/3.22.26. It has been declared as problematic. The impacted element is an unknown function of the component Refresh Token Handler. Executing a manipulation can lead to improper neutralization of script in attributes in a web page. This vulnerability is registered as CVE-2026-22849. It is possible to launch the attack remotely. No exploit is available. It is recommended to upgrade the affected component.

vuldb.com

CVE-2026-22598 | manageiq up to 5.0/jansa-4/kasparov-2/lasker-1 API denial of service (GHSA-m832-x3g8-63j3 / EUVD-2026-3776)

Vuldb Updates

2 months 3 weeks ago

A vulnerability identified as problematic has been detected in manageiq up to 5.0/jansa-4/kasparov-2/lasker-1. The impacted element is an unknown function of the component API. The manipulation leads to denial of service. This vulnerability is traded as CVE-2026-22598. It is possible to initiate the attack remotely. There is no exploit available. You should upgrade the affected component.

vuldb.com

当 i 人博士入职大厂，让硬核科技连接烟火人间

极客公园

2 months 3 weeks ago

成长并不总是来自更深的专业壁垒，有时恰恰来自对复杂性的正面迎接。

Плохие новости: за вами следят. Ужасные новости: всем на это плевать

Securitylab.ru

2 months 3 weeks ago

Кто на самом деле управляет рынком цифрового шпионажа в Европе?

Exposed training apps are showing up in active cloud attacks

Help Net Security

2 months 3 weeks ago

Security teams often spin up vulnerable applications for demos, training, or internal testing. A recent Pentera research report documents how those environments are being left exposed on the public internet and actively exploited. The research focuses on intentionally vulnerable apps such as OWASP Juice Shop, Damn Vulnerable Web Application, Hackazon, and similar projects. These tools are commonly deployed to teach secure coding, support product demonstrations, or give red and blue teams hands-on practice. According to … More →

The post Exposed training apps are showing up in active cloud attacks appeared first on Help Net Security.

Sinisa Markovic