Aggregator

The Supreme Court said Monday that it will hear a case stemming from the use of a Facebook tracking pixel to monitor the streaming habits of the user of a sports website.

CVE-2026-21509: Reliance on untrusted inputs in a security decision in Microsoft Office allows an unauthorized attacker to bypass a security feature locally

Физики научились использовать квантовую запутанность для идеальных измерений.

Microsoft has released emergency security updates to patch a high-severity Office zero-day vulnerability exploited in attacks. [...]

Scammers are abusing Microsoft Teams invitations to send fake billing notices, with 12,866 emails reaching around 6,135 users in a phone-based phishing campaign.

Обновился каталог Awesome Deception с инструментами для киберобмана.

Remove unwanted alerts from your environment using plain language

via the comic artistry and dry wit of Randall Munroe, creator of XKCD

Permalink

The post Randall Munroe’s XKCD ‘High Altitude Cooking Instructions’ appeared first on Security Boulevard.

A vulnerability was found in Esri ArcGIS Pro up to 3.6.0. It has been rated as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. This vulnerability is documented as CVE-2026-1446. The attack needs to be performed locally. There is not any exploit available. Upgrading the affected component is advised.

Cloudflare has shared more details about a recent 25-minute Border Gateway Protocol (BGP) route leak affecting IPv6 traffic, which caused measurable congestion, packet loss, and approximately 12 Gbps of dropped traffic. [...]

A vulnerability was found in Hisense TransTech Smart Bus Management System up to 20260113. It has been declared as critical. Affected is the function Page_Load of the file YZSoft/Forms/XForm/BM/BusComManagement/TireMng.aspx. Executing a manipulation of the argument key can lead to sql injection. This vulnerability is registered as CVE-2026-1449. It is possible to launch the attack remotely. Furthermore, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

Submit #737032 / VDB-342881

A vulnerability was found in D-Link DIR-615 up to 4.10. It has been classified as critical. This impacts an unknown function of the file /wiz_policy_3_machine.php of the component Web Management Interface. Performing a manipulation of the argument ipaddr results in os command injection. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is cataloged as CVE-2026-1448. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in chillzhuang SpringBlade 4.5.0 and classified as critical. This affects the function importUser. Such manipulation leads to improper access controls. This vulnerability is listed as CVE-2025-70982. The attack may be performed from remote. There is no available exploit.