Aggregator

A vulnerability, which was classified as critical, was found in Linux Kernel up to 6.17.5. This issue affects the function enabled_monitors. Executing a manipulation can lead to denial of service. The identification of this vulnerability is CVE-2025-40232. The attack needs to be done within the local network. There is no exploit available. You should upgrade the affected component.

A vulnerability labeled as critical has been found in Linux Kernel up to 6.17.5. This impacts the function ocfs2_refcount_cal_cow_clusters of the component ocfs2. Executing a manipulation can lead to improper update of reference count. This vulnerability appears as CVE-2025-40233. The attacker needs to be present on the local network. There is no available exploit. The affected component should be upgraded.

A vulnerability has been found in Kashipara Society Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/edit_user.php of the component HTTP Request Handler. This manipulation of the argument Name causes cross site scripting. This vulnerability appears as CVE-2026-26464. The attack may be initiated remotely. In addition, an exploit is available.

A vulnerability, which was classified as critical, was found in a54552239 pearProjectApi up to 2.8.10. Affected is the function dateTotalForProject of the file application/common/Model/Task.php of the component Backend Interface. The manipulation of the argument projectCode results in sql injection. This vulnerability is reported as CVE-2026-3057. The attack can be launched remotely. Moreover, an exploit is present. The vendor was contacted early about this disclosure but did not respond in any way.

Исследователи зафиксировали аномальный рост квазара ID830 через 12 миллиардов лет после Большого взрыва.

Submit #757669 / VDB-347413

New York-based ad tech company Optimizely has notified an undisclosed number of customers of a data breach after threat actors compromised some of its systems in a voice phishing attack. [...]

Learn how Menlo Security identified a massive Sneaky 2FA phishing campaign using 3.4K domains to bypass Microsoft 365 MFA and steal session cookies.

The post Inside Attacker’s Defensive Funnel: How Sneaky 2FA Cloaks Itself from Security Scanners – Blog | Menlo Security appeared first on Security Boulevard.

A vulnerability, which was classified as problematic, has been found in Alinto SOGo 5.12.3/5.12.4. This impacts an unknown function. The manipulation of the argument hint leads to cross site scripting. This vulnerability is documented as CVE-2026-3054. The attack can be initiated remotely. Additionally, an exploit exists. The vendor was contacted early about this disclosure but did not respond in any way.

via the comic artistry and dry wit of Randall Munroe, creator of XKCD

Permalink

The post Randall Munroe’s XKCD ‘Early Arthropods’ appeared first on Security Boulevard.

Cybersecurity researchers have disclosed details of a new cryptojacking campaign that uses pirated software bundles as lures to deploy a bespoke XMRig miner program on compromised hosts. "Analysis of the recovered dropper, persistence triggers, and mining payload reveals a sophisticated, multi-stage infection prioritizing maximum cryptocurrency mining hashrate, often destabilizing the victim

A vulnerability classified as critical was found in DataLinkDC dinky up to 1.2.5. This affects the function addInterceptors of the file dinky-admin/src/main/java/org/dinky/configure/AppConfig.java of the component OpenAPI Endpoint. Executing a manipulation can lead to missing authentication. This vulnerability is registered as CVE-2026-3053. It is possible to launch the attack remotely. Furthermore, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability classified as critical has been found in DataLinkDC dinky up to 1.2.5. The impacted element is the function proxyUba of the file dinky-admin/src/main/java/org/dinky/controller/FlinkProxyController.java of the component Flink Proxy Controller. Performing a manipulation results in server-side request forgery. This vulnerability is cataloged as CVE-2026-3052. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability described as critical has been identified in DataLinkDC dinky up to 1.2.5. The affected element is the function getProjectDir of the file dinky-admin/src/main/java/org/dinky/utils/GitRepository.java of the component Project Name Handler. Such manipulation of the argument projectName leads to path traversal. This vulnerability is listed as CVE-2026-3051. The attack may be performed from remote. In addition, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

Submit #757609 / VDB-347412

Submit #757589 / VDB-347411

Submit #757587 / VDB-347410

Submit #757586 / VDB-347409