Aggregator

A vulnerability categorized as critical has been discovered in Microsoft .NET and Visual Studio. Impacted is an unknown function. Executing a manipulation can lead to denial of service. This vulnerability is registered as CVE-2024-38095. It is possible to launch the attack remotely. No exploit is available. Applying a patch is advised to resolve this issue.

A vulnerability was found in VMware Tools. It has been classified as critical. Impacted is an unknown function. The manipulation leads to improper authentication. This vulnerability is uniquely identified as CVE-2023-20867. Local access is required to approach this attack. Moreover, an exploit is present. Upgrading the affected component is recommended.

A vulnerability marked as critical has been reported in Grub2. The impacted element is an unknown function of the component Password Protection. This manipulation causes improper authentication. This vulnerability is registered as CVE-2023-4001. The attack requires access to the local network. No exploit is available.

LastPass is alerting users to a new active phishing campaign that's impersonating the password management service, which aims to trick users into giving up their master passwords. The campaign, which began on or around January 19, 2026, involves sending phishing emails claiming upcoming maintenance and urging them to create a local backup of their password vaults in the next 24 hours. The

Oracle has disclosed a severe security vulnerability affecting its Fusion Middleware suite, specifically targeting the Oracle HTTP Server and the Oracle WebLogic Server Proxy Plug-in. Assigned CVE-2026-21962, this flaw carries the maximum severity rating and poses an immediate threat to enterprise environments that use these proxy components. The vulnerability stems from a defect in how […]

The post Critical Oracle WebLogic Server Proxy Vulnerability Lets Attackers Compromise the Server appeared first on Cyber Security News.

Маленькое окно площадью в один пиксель теперь знает о вас всё.

A vulnerability was found in Oracle Database Server up to 19.29/21.20 and classified as critical. The impacted element is an unknown function of the component Java VM Component. Executing a manipulation can lead to privilege escalation. This vulnerability is tracked as CVE-2026-21975. The attack can be launched remotely. No exploit exists. It is suggested to upgrade the affected component.

A vulnerability marked as problematic has been reported in Oracle Life Sciences Central Designer 7.0.1.0. The affected element is an unknown function. This manipulation causes information disclosure. This vulnerability appears as CVE-2026-21970. The attack may be initiated remotely. There is no available exploit. It is suggested to upgrade the affected component.

A vulnerability described as critical has been identified in Oracle FLEXCUBE Investor Servicing 14.5.0.15.0/14.7.0.8.0/14.8.0.1.0. The impacted element is an unknown function of the component Oracle Financial Service. Such manipulation leads to improper authorization. This vulnerability is traded as CVE-2026-21973. The attack may be launched remotely. There is no exploit available. Upgrading the affected component is recommended.

A vulnerability marked as problematic has been reported in Oracle Life Sciences Central Designer 7.0.1.0. This impacts an unknown function of the component Platform. Performing a manipulation results in information disclosure. This vulnerability is reported as CVE-2026-21974. The attack is possible to be carried out remotely. No exploit exists. It is suggested to upgrade the affected component.

A vulnerability classified as problematic has been found in Oracle FLEXCUBE Universal Banking up to 14.8.0.0.0. This affects an unknown function of the component Oracle Financial Service. Performing a manipulation results in information disclosure. This vulnerability is known as CVE-2026-21978. Remote exploitation of the attack is possible. No exploit is available. It is recommended to upgrade the affected component.

A vulnerability has been found in Oracle Zero Data Loss Recovery Appliance Software up to 23.1.202509 and classified as problematic. The impacted element is an unknown function of the component Security. The manipulation leads to information disclosure. This vulnerability is uniquely identified as CVE-2026-21977. The attack is possible to be carried out remotely. No exploit exists. The affected component should be upgraded.

Festoが提供する複数の製品には、製品の機能に関する技術的な情報の提供が不十分な問題が存在します。

Criminal groups actively recruit, train, and retain people in structured ways. They move fast, pay in crypto, and place no weight on age. Young people are dealing with a new kind of addiction. It isn’t drugs, alcohol, or gambling. It’s screens. Constant time online chips away at attention, confidence, and judgment, and pushes young people toward views and choices that don’t always work in their favour. Children are drawn into organized crime for many reasons, … More →

The post Cybercriminals speak the language young people trust appeared first on Help Net Security.

Schneider Electricが提供するUni-Telwayドライバには、不適切な入力確認の脆弱性が存在します。

Schneider Electricが提供する複数の製品には、複数の脆弱性が存在します。

A critical architectural flaw in Microsoft Azure’s Private Endpoint implementation that enables denial-of-service (DoS) attacks against production Azure resources. The vulnerability affects over 5% of Azure storage accounts, exposing organizations to service disruptions across Key Vault, CosmosDB, Azure Container Registry, Function Apps, and OpenAI accounts. How the Vulnerability Works Palo Alto Networks uncovers that the […]

The post Azure Private Endpoint Deployments Exposes Azure Resources to DoS Attack appeared first on Cyber Security News.

Atlanta, GA, United States, January 20th, 2026, CyberNewsWire Airlock Digital, a leader in proactive application control and endpoint security, announced the release of The Total Economic Impact (TEI) of Airlock Digital, an independent study commissioned by Airlock Digital and conducted by Forrester Consulting. The study demonstrates a significant 224% return on investment (ROI) and a $3.8 […]

The post Airlock Digital Announces Independent TEI Study Quantifying Measurable ROI & Security Impact appeared first on Cyber Security News.

A security vulnerability has been disclosed in the popular binary-parser npm library that, if successfully exploited, could result in the execution of arbitrary JavaScript. The vulnerability, tracked as CVE-2026-1245 (CVSS score: 6.5), affects all versions of the module prior to version 2.3.0, which addresses the issue. Patches for the flaw were released on November 26, 2025. Binary-parser is a