Aggregator

A vulnerability categorized as problematic has been discovered in wren-lang wren up to 0.4.0. This affects the function peekChar of the file src/vm/wren_compiler.c of the component Source File Parser. Such manipulation leads to out-of-bounds read. This vulnerability is documented as CVE-2026-2858. The attack needs to be performed locally. Additionally, an exploit exists. The project was informed of the problem early through an issue report but has not responded yet.

Submit #754489 / VDB-347097

Google prevented more than 1.75 million policy-violating apps from being published on Google Play and banned over 80,000 developer accounts that attempted to publish harmful apps in 2025. Developer verification, mandatory pre-review checks, and testing requirements in the Google Play ecosystem have reduced entry points for bad actors. “User safety is at the core of everything we build. Over the years, we’ve introduced tools to help users stay safe and make informed app choices — … More →

The post Google cleans house, bans 80,000 developer accounts from the Play Store appeared first on Help Net Security.

A vulnerability was found in D-Link DWR-M960 1.01.07. It has been rated as critical. Affected by this issue is the function sub_423E00 of the file /boafrm/formPortFw of the component Port Forwarding Configuration Endpoint. This manipulation of the argument submit-url causes stack-based buffer overflow. This vulnerability is registered as CVE-2026-2857. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

A vulnerability was found in D-Link DWR-M960 1.01.07. It has been declared as critical. Affected by this vulnerability is the function sub_424AFC of the file /boafrm/formFilter of the component Filter Configuration Endpoint. The manipulation of the argument submit-url results in stack-based buffer overflow. This vulnerability is cataloged as CVE-2026-2856. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability was found in D-Link DWR-M960 1.01.07. It has been classified as critical. Affected is the function sub_4648F0 of the file /boafrm/formDdns of the component DDNS Settings Handler. The manipulation of the argument submit-url leads to stack-based buffer overflow. This vulnerability is listed as CVE-2026-2855. The attack may be initiated remotely. In addition, an exploit is available.

A vulnerability was found in D-Link DWR-M960 1.01.07 and classified as critical. This impacts the function sub_4611CC of the file /boafrm/formNtp of the component NTP Configuration Endpoint. Executing a manipulation of the argument submit-url can lead to stack-based buffer overflow. This vulnerability is tracked as CVE-2026-2854. The attack can be launched remotely. Moreover, an exploit is present.

A vulnerability has been found in D-Link DWR-M960 1.01.07 and classified as critical. This affects the function sub_462E14 of the file /boafrm/formSysLog of the component System Log Configuration Endpoint. Performing a manipulation of the argument submit-url results in stack-based buffer overflow. This vulnerability is identified as CVE-2026-2853. The attack can be initiated remotely. Additionally, an exploit exists.

Submit #754476 / VDB-347096

Submit #754474 / VDB-347095

Submit #754458 / VDB-347094

Submit #754457 / VDB-347093

Submit #754456 / VDB-347092

Mozilla 称，2023 年 7 月释出的 Firefox 115 ESR 是 Firefox 支持 Windows 7/8/8.1 的最后一个版本，它将在 2026 年 2 月底为 Firefox 115 ESR 释出最后一个安全更新，之后将停止对它的支持。它建议 Windows 7/8/8.1 用户升级到 Windows 10 或更新版本，如果他们的 PC 由于微软设定的限制无法升级到 Windows 10 或 11，Mozilla 建议用户切换到 Linux 发行版。

TXT-запись в Solana Name Service помогает быстро переключать инфраструктуру атакующих.

With one in three cyber-attacks now involving compromised employee accounts, insurers and regulators are placing far greater emphasis on identity posture when assessing cyber risk.  For many organizations, however, these assessments remain largely opaque. Elements such as password hygiene, privileged access management, and the extent of multi-factor authentication (MFA) coverage are

癌症是家猫常见死因，但家猫的癌症基因组却知之甚少。根据本周《科学》期刊上的一项研究，科学家对 13 种不同类型猫科癌症的 493 份样本以及相匹配的健康对照组织进行了癌症基因测序。家猫与人类不仅有着相同的生活环境，且常与人类主人罹患相同的非癌合并症（如糖尿病），这使得家猫成为肿瘤研究中重要但未尽其用的资源。研究人员在将近 1000 个人类癌症基因与其对应的猫科动物基因进行比对后发现，这两个物种中存在一些流行程度相似的致癌基因如 TP53。研究人员还在猫的致癌基因组中发现了癌症驱动基因、肿瘤易感基因以及存在某些病毒序列的证据。

A 19 February 2026 FBI FLASH (FLASH-20260219-001) warns banks and ATM operators about a rise in malware-enabled “jackpotting,” where criminals exploit physical access and software gaps to make machines pay out cash without a real transaction, a pattern now seen across the United States. The alert focuses on Ploutus, an ATM-targeting malware family that abuses […]

The post Ploutus Malware Drains U.S. ATMs Without a Card or Account — FBI Issues Emergency FLASH Alert appeared first on Cyber Security News.

Личная жизнь тысяч семей стала открытой книгой.

The FBI warned that Americans lost more than $20 million last year amid a massive surge in ATM "jackpotting" attacks, in which criminals use malware to force cash machines to dispense money. [...]