Aggregator

A vulnerability, which was classified as critical, has been found in CODESYS Control RTE, Control RTE SL, Control Win, HMI, Runtime Toolkit, Control for BeagleBone SL, Control for emPC-A, iMX6 SL, Control for IOT2000 SL, Control for Linux ARM SL, Control for Linux SL, Control for PFC100 SL, Control for PFC200 SL, Control for PLCnext SL, Control for Raspberry Pi SL, Control for WAGO Touch Panels 600 SL and Virtual Control SL 3.5.22.0. This issue affects some unknown processing of the component HTTP Request Handler. This manipulation causes improper validation of specified quantity in input. This vulnerability is handled as CVE-2026-8047. The attack can be initiated remotely. There is not any exploit available. It is advisable to upgrade the affected component.

AI时代，如何清晰地对外传达企业安全团队的能力和价值？

ЦБ поставил на особый контроль подростков.

极高、高系数业务60%额外奖励已启动、新人加成、现金buff尽在OSRC！

At the Span Cyber Security Arena conference, I sat down with Eric Woodruff, Chief Identity Architect at Semperis, to talk about how organizations perceive identity and the challenges those perceptions create for security. He shared his perspective on where organizations struggle with identity, why identity platforms can become difficult to manage, how phishing-resistant authentication is viewed in practice, and what non-human identities and AI could mean for security. Most boards still treat identity as an … More →

The post What happens when security teams inherit identity appeared first on Help Net Security.

致力于第一时间为企业级用户提供权威漏洞情报和有效解决方案。

致力于第一时间为企业级用户提供权威漏洞情报和有效解决方案。

The Indian Computer Emergency Response Team (CERT-In) has issued new guidelines requiring organizations to patch critical security vulnerabilities in internet-exposed systems within 12 hours of being flagged where "feasible" to safeguard against potential threats stemming from threat actors' abuse of artificial intelligence (AI) tools and large language models (LLMs) to automate vulnerability

The European Union is on the verge of issuing its largest-ever penalty under the Digital Markets Act, targeting Alphabet’s Google for allegedly manipulating search results to favor its own services over competitors, a move set to further strain transatlantic tech relations. Brussels has formally accused Google and its parent company, Alphabet, of violating the Digital Markets […]

The post EU Finalizes Record DMA Fine Against Google Over Search Self-Preferencing Abuse appeared first on Cyber Security News.

Iran's Nimbus Manticore pushes AI-built MiniFast backdoor via phishing and SEO poisoning

Nimbus Manticore accelerated cyberattacks during wartime, using AI-assisted malware, fake Zoom installers, and SEO poisoning. When the United States launched Operation Epic Fury against Iran at the end of February 2026, most analysts expected the country’s cyber apparatus to hunker down and weather the storm. That’s not what happened. Instead, researchers at Check Point have […]

Масштабная атака затронула более 700 версий, а защита даже не сработала.

A vulnerability, which was classified as critical, has been found in Acrel Electrical EEMS Enterprise Power Operation and Maintenance Cloud Platform 3000WEBV2. Affected by this vulnerability is an unknown functionality of the file /SubstationWEBV2/app/..;/calc/getCalcmeterDetailDayListTree. Performing a manipulation of the argument sort results in sql injection. This vulnerability is identified as CVE-2026-9523. The attack can be initiated remotely. Additionally, an exploit exists. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability, which was classified as critical, was found in xianrendzw EasyReport up to 2.0.17.0522_Beta. Affected by this issue is the function execute of the component REST Endpoint. Executing a manipulation of the argument reportParams can lead to sql injection. This vulnerability is tracked as CVE-2026-9524. The attack can be launched remotely. No exploit exists. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability has been found in itsourcecode Electronic Judging System 1.0 and classified as critical. This affects an unknown part of the file /admin/edit_judge.php. The manipulation of the argument judge_id leads to sql injection. This vulnerability is listed as CVE-2026-9525. The attack may be initiated remotely. In addition, an exploit is available.

A vulnerability was found in itsourcecode Electronic Judging System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/edit_team.php. The manipulation of the argument num_id results in sql injection. This vulnerability is cataloged as CVE-2026-9526. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as problematic, was found in BINGOS Archive::Tar up to 3.9 on Perl. This affects the function _read_tar of the component Header Handler. The manipulation results in uncontrolled memory allocation. This vulnerability was named CVE-2026-9538. The attack may be performed from remote. There is no available exploit. You should upgrade the affected component.

The malware pairs remote access capabilities with ready-made campaign tools, lowering the barrier for full device compromise

A vulnerability was found in Totolink CA750-PoE 6.2c.510 and classified as critical. The affected element is the function setUploadUserData of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. Such manipulation of the argument FileName leads to os command injection. This vulnerability is listed as CVE-2026-9532. The attack may be performed from remote. In addition, an exploit is available.