Aggregator

Физики научились использовать квантовую запутанность для идеальных измерений.

Microsoft has released emergency security updates to patch a high-severity Office zero-day vulnerability exploited in attacks. [...]

Scammers are abusing Microsoft Teams invitations to send fake billing notices, with 12,866 emails reaching around 6,135 users in a phone-based phishing campaign.

Обновился каталог Awesome Deception с инструментами для киберобмана.

Remove unwanted alerts from your environment using plain language

via the comic artistry and dry wit of Randall Munroe, creator of XKCD

Permalink

The post Randall Munroe’s XKCD ‘High Altitude Cooking Instructions’ appeared first on Security Boulevard.

A vulnerability was found in Esri ArcGIS Pro up to 3.6.0. It has been rated as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. This vulnerability is documented as CVE-2026-1446. The attack needs to be performed locally. There is not any exploit available. Upgrading the affected component is advised.

Cloudflare has shared more details about a recent 25-minute Border Gateway Protocol (BGP) route leak affecting IPv6 traffic, which caused measurable congestion, packet loss, and approximately 12 Gbps of dropped traffic. [...]

A vulnerability was found in Hisense TransTech Smart Bus Management System up to 20260113. It has been declared as critical. Affected is the function Page_Load of the file YZSoft/Forms/XForm/BM/BusComManagement/TireMng.aspx. Executing a manipulation of the argument key can lead to sql injection. This vulnerability is registered as CVE-2026-1449. It is possible to launch the attack remotely. Furthermore, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

Submit #737032 / VDB-342881

A vulnerability was found in D-Link DIR-615 up to 4.10. It has been classified as critical. This impacts an unknown function of the file /wiz_policy_3_machine.php of the component Web Management Interface. Performing a manipulation of the argument ipaddr results in os command injection. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is cataloged as CVE-2026-1448. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in chillzhuang SpringBlade 4.5.0 and classified as critical. This affects the function importUser. Such manipulation leads to improper access controls. This vulnerability is listed as CVE-2025-70982. The attack may be performed from remote. There is no available exploit.

A vulnerability has been found in Microsoft Office, 365 Apps for Enterprise and Office LTSC and classified as critical. The impacted element is an unknown function. This manipulation causes reliance on untrusted inputs in a security decision. This vulnerability is tracked as CVE-2026-21509. The attack is possible to be carried out remotely. Moreover, an exploit is present.

A vulnerability, which was classified as problematic, was found in IObit Uninstaller 10 Pro. The affected element is an unknown function of the component Service. The manipulation results in unquoted search path. This vulnerability is identified as CVE-2020-36952. The attack is only possible with local access. Additionally, an exploit exists.

A vulnerability, which was classified as problematic, has been found in continuous.software aangine 2025.2. Impacted is an unknown function. The manipulation leads to information disclosure. This vulnerability is referenced as CVE-2025-67274. Remote exploitation of the attack is possible. No exploit is available.