Aggregator
Breach Roundup: Cambodia Scam Center Crackdown
4 months ago
Also: EU Bans AI Tools, Notepad++ Secures Updater, Apple Patches iOS Zero-Day
This week, Cambodia shuttered 200 scam centers. EU Parliament banned AI tools. Canada Goose disputed a ShinyHunters leak. Notepad++ patched an updater flaw. Apple fixed a decades-old iOS zero-day. BeyondTrust and Dell patched critical flaws under active exploitation.
This week, Cambodia shuttered 200 scam centers. EU Parliament banned AI tools. Canada Goose disputed a ShinyHunters leak. Notepad++ patched an updater flaw. Apple fixed a decades-old iOS zero-day. BeyondTrust and Dell patched critical flaws under active exploitation.
Treasury AI Plan Faces Calls for Enforceable Controls
4 months ago
Analysts Urge Mandatory Guardrails on AI Agents, Identity and Privilege
Security leaders are pressing Treasury to embed enforceable guardrails - covering adversarial testing, AI inventory, identity privilege mapping and real-time monitoring - into its forthcoming financial-sector AI guidance as deepfake fraud, data poisoning and autonomous agent risks escalate.
Security leaders are pressing Treasury to embed enforceable guardrails - covering adversarial testing, AI inventory, identity privilege mapping and real-time monitoring - into its forthcoming financial-sector AI guidance as deepfake fraud, data poisoning and autonomous agent risks escalate.
Univ. of Mississippi Medical Center Dealing With Cyberattack
4 months ago
Hospital, ER Open but All Clinics, Elective Care Cancelled Statewide; FBI Called In
The University of Mississippi Medical Center on Thursday said a ransomware attack has triggered its emergency operations plan and forced its hospitals to cancel all clinic and elective procedures at all locations statewide.
The University of Mississippi Medical Center on Thursday said a ransomware attack has triggered its emergency operations plan and forced its hospitals to cancel all clinic and elective procedures at all locations statewide.
Red Flags for OT Abound in Dragos Review of 2025
4 months ago
Ransomware, Lack of Visibility, Mischaracterizations and Nation-States, Oh My
There is a silent epidemic of ransomware attacks on commercial operational technology systems, which are mischaracterized as IT incidents even though they impact operational systems, claims a comprehensive annual review of cyberattacks targeting OT, published this week by security firm Dragos.
There is a silent epidemic of ransomware attacks on commercial operational technology systems, which are mischaracterized as IT incidents even though they impact operational systems, claims a comprehensive annual review of cyberattacks targeting OT, published this week by security firm Dragos.
WebClientRelayUp – an universal no-fix local privilege escalation in domain-joined windows workstations
4 months ago
WebClientRelayUp This is basically an universal no-fix local privilege escalation in domain-joined windows workstations in default configuration. Tested
The post WebClientRelayUp – an universal no-fix local privilege escalation in domain-joined windows workstations appeared first on Penetration Testing Tools.
ddos
ИИ верит всему, что написано на заборе. Эксперимент Томаса Жермена по взлому логики нейросетей
4 months ago
Как «король хот-догов» из BBC за 20 минут обманул Gemini и ChatGPT.
JVN: ジョブログ集計/分析ソフトウェア RICOHジョブログ集計ツールのインストーラにおけるDLL読み込みに関する脆弱性
4 months ago
株式会社リコーが提供するジョブログ集計/分析ソフトウェア RICOHジョブログ集計ツールのインストーラにはDLL読み込みに関する脆弱性が存在します。
JVN: WordPress用プラグインSurvey Makerにおけるクロスサイトスクリプティングの脆弱性
4 months ago
Ays Proが提供するWordPress用プラグインSurvey Makerには、クロスサイトスクリプティングの脆弱性が存在します。
点击劫持所造成的账户劫持
4 months ago
Sinobi
4 months ago
You must login to view this content
cohenido
Sinobi
4 months ago
You must login to view this content
cohenido
Splunk Enterprise for Windows Vulnerability Let Attackers Hijack DLLs and Gain SYSTEM Access
4 months ago
Splunk has disclosed a high-severity vulnerability in Splunk Enterprise for Windows that allows a low-privileged local user to escalate their privileges to SYSTEM level through a DLL search-order hijacking attack. Tracked as CVE-2026-20140 and published on February 18, 2026, under advisory SVD-2026-0205, the flaw carries a CVSSv3.1 score of 7.7 (High) and is classified under […]
The post Splunk Enterprise for Windows Vulnerability Let Attackers Hijack DLLs and Gain SYSTEM Access appeared first on Cyber Security News.
Guru Baran
昨天上线的Android初级题居然只有一百多位同学完成!忘了提醒大家,这其实是个游戏题,完全不需要逆向技术就能搞定。你们不会连游戏都打不过吧?😂 快来试试看!
4 months ago
Google сделала модель, которая читает целый репозиторий кода за один промпт. Программисты нервно смеются
4 months ago
Google представила Gemini 2.5 Pro — мультимодальную модель с контекстным окном до 1 миллиона токенов.
CVE-2026-26273 | idno known up to 1.6.2 Password Reset Page information disclosure
4 months ago
A vulnerability labeled as problematic has been found in idno known up to 1.6.2. Affected by this vulnerability is an unknown functionality of the component Password Reset Page. Such manipulation leads to information disclosure.
This vulnerability is referenced as CVE-2026-26273. It is possible to launch the attack remotely. No exploit is available.
The affected component should be upgraded.
vuldb.com
CVE-2026-24853 | Caido up to 0.54.x Service Port 8080 X-Forwarded-Host authentication spoofing (GHSA-3q5q-p8vj-8783)
4 months ago
A vulnerability marked as critical has been reported in Caido up to 0.54.x. Affected is an unknown function of the component Service Port 8080. Performing a manipulation of the argument X-Forwarded-Host results in authentication bypass by spoofing.
This vulnerability was named CVE-2026-24853. The attack may be initiated remotely. There is no available exploit.
It is suggested to upgrade the affected component.
vuldb.com
CVE-2025-70955 | TON Virtual Machine prior 2024.10 denial of service
4 months ago
A vulnerability has been found in TON Virtual Machine and classified as problematic. This issue affects some unknown processing. This manipulation causes denial of service.
This vulnerability appears as CVE-2025-70955. The attack may be initiated remotely. There is no available exploit.
The affected component should be upgraded.
vuldb.com
CVE-2025-70957 | TON Lite Server prior 2024.09 resource consumption
4 months ago
A vulnerability identified as problematic has been detected in TON Lite Server. Affected is an unknown function. This manipulation causes resource consumption.
The identification of this vulnerability is CVE-2025-70957. It is possible to initiate the attack remotely. There is no exploit available.
You should upgrade the affected component.
vuldb.com
CVE-2025-70956 | TON Virtual Machine 2024.10 VmState::run_child_vm denial of service
4 months ago
A vulnerability, which was classified as problematic, has been found in TON Virtual Machine 2024.10. This affects the function VmState::run_child_vm. The manipulation leads to denial of service.
This vulnerability is documented as CVE-2025-70956. The attack can be initiated remotely. There is not any exploit available.
It is advisable to upgrade the affected component.
vuldb.com