Aggregator

A vulnerability has been found in MacWarrior clipbucket-v5 up to 5.5.3 and classified as critical. The impacted element is an unknown function of the component Remote Play. The manipulation leads to server-side request forgery. This vulnerability is listed as CVE-2026-26005. The attack may be initiated remotely. There is no available exploit. To fix this issue, it is recommended to deploy a patch.

A vulnerability, which was classified as problematic, was found in inspektor-gadget Inspektor Gadget up to 0.49.0. The affected element is an unknown function of the component Control Character Handler/ANSI Escape Sequence Handler. Executing a manipulation can lead to improper neutralization of escape, meta, or control sequences. This vulnerability is tracked as CVE-2026-25996. The attack can be launched remotely. No exploit exists. You should upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in quic-go webtransport-go up to 0.9.x. Impacted is an unknown function. Performing a manipulation of the argument WT_CLOSE_SESSION results in allocation of resources. This vulnerability is identified as CVE-2026-21434. The attack can be initiated remotely. There is not any exploit available. It is advisable to upgrade the affected component.

A vulnerability classified as critical was found in jm33-m0 emp3r0r up to 3.21.0. This issue affects some unknown processing of the file /bin/sh. Such manipulation leads to command injection. This vulnerability is referenced as CVE-2026-26068. It is possible to launch the attack remotely. No exploit is available. Upgrading the affected component is advised.

A vulnerability classified as problematic has been found in quic-go webtransport-go up to 0.9.x. This vulnerability affects unknown code. This manipulation of the argument WT_CLOSE_SESSION causes resource consumption. The identification of this vulnerability is CVE-2026-21435. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability described as critical has been identified in php franken up to 1.11.1. This affects the function ToLower of the component Unicode Character Handler. The manipulation results in incorrect behavior order: validate before canonicalize. This vulnerability was named CVE-2026-24895. The attack may be performed from remote. There is no available exploit. Upgrading the affected component is recommended.

A vulnerability marked as critical has been reported in php franken up to 1.11.1. Affected by this issue is the function session_start. The manipulation of the argument $_SESSION leads to improper privilege management. This vulnerability is uniquely identified as CVE-2026-24894. The attack is possible to be carried out remotely. No exploit exists. It is suggested to upgrade the affected component.

A vulnerability labeled as critical has been found in Significant-Gravitas AutoGPT up to 0.6.47. Affected by this vulnerability is an unknown functionality. Executing a manipulation can lead to improper authorization. This vulnerability is handled as CVE-2026-26020. The attack can be executed remotely. There is not any exploit available. The affected component should be upgraded.

Ransomware Attack Update - February 12th, 2026

It's time to phase out the "patch and pray" approach, eliminate needless public interfaces, and enforce authentication controls, one expert says.

Bitwarden has launched a new system called 'Cupid Vault' that allows users to safely share passwords with trusted email addresses. [...]

 

The post Upgraded Custom ASPM Dashboards: Build Security Views That Match How Your Teams Work appeared first on Security Boulevard.

A critical pre-authentication remote code execution vulnerability in BeyondTrust Remote Support and Privileged Remote Access appliances is now being exploited in attacks after a PoC was published online. [...]

The research underscores how AI tools have matured in their cyber offensive capabilities, even as it doesn’t reveal novel or paradigm shifting uses of the technology.

The post Google finds state-sponsored hackers use AI at ‘all stages’ of attack cycle  appeared first on CyberScoop.

The AI-powered product delivers expert-grade malware analysis and reverse engineering in minutes.

Drawing on years of adversary tradecraft, SpecterOps experts work alongside customers to analyze and eliminate attack paths, protect critical assets, and stay ahead of emerging threats.

Men should take extra care on Valentine’s Day because they are nearly twice as likely as women to fall victim to romance scams.

Today, at Wild West Hackin' Fest, security researcher Wietze Beukema disclosed multiple vulnerabilities in Windows LK shortcut files that allow attackers to deploy malicious payloads. [...]

Microsoft uncovered AI recommendation poisoning in 31 companies across 14 industries, and turnkey tools make it trivially easy to pull off.