Aggregator

A vulnerability was found in Mattermost up to 10.11.9/11.2.x. It has been declared as problematic. The affected element is an unknown function of the file /common_teams of the component Channel Membership Handler. Such manipulation leads to time-of-check time-of-use. This vulnerability is referenced as CVE-2026-20796. It is possible to launch the attack remotely. No exploit is available. It is recommended to upgrade the affected component.

Пришло время проверить свои плагины для бэкапов.

Zr.Ms. Groningen is vandaag weer aangekomen in de haven van Den Helder. Het  schip was 5,5 maand van huis en opereerde in die periode als stationsschip in het Caribisch gebied. De Groningen vormde er de oren en ogen van Defensie. 

恭喜积分排名前五名，同时也感谢每一位参与其中的白帽，感谢你们的信任、锋芒与赤诚！

CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.

• CVE-2026-1731 BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA) OS Command Injection Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of KEV Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

Naar de Nederlandse wapeninzet tegen een ISIS bommenfabriek in 2015 in het Iraakse Hawija zijn aanvullende onderzoeken gedaan. Minister Ruben Brekelmans heeft de uitkomsten vandaag gedeeld met de Tweede Kamer.

A new phishing campaign has been observed delivering an updated variant of XWorm, a Remote Access Trojan (RAT) that can give attackers full remote control of infected Microsoft Windows systems. First tracked in 2022, XWorm is still actively distributed and is often traded through Telegram-based marketplaces, keeping it within easy reach of many threat actors. […]

The post New XWorm RAT Campaign Uses Themed Phishing Lures and CVE‑2018‑0802 Excel Exploit to Evade Detection appeared first on Cyber Security News.

Авиационные регуляторы начали проверку ИТ-подрядчиков после инцидента.

Cybersecurity researchers have discovered a malicious Google Chrome extension that's designed to steal data associated with Meta Business Suite and Facebook Business Manager. The extension, named CL Suite by @CLMasters (ID: jkphinfhmfkckkcnifhjiplhfoiefffl), is marketed as a way to scrape Meta Business Suite data, remove verification pop-ups, and generate two-factor authentication (2FA) codes.

Hundreds of thousands of users have downloaded malicious AI extensions masquerading as ChatGPT, Gemini, Grok and others, warn cybersecurity researchers at LayerX

AI-driven crypto scams surge as cybercrime hits $17B, with deepfakes, fraud kits, and industrial social engineering reshaping digital asset threats and defenses.

Израильские спецслужбы задержали военных трейдеров-инсайдеров.

AI enables material handling systems to adapt to demand volatility through predictive design, dynamic control, and smarter maintenance without replacing core engineering.

关键词数据安全当欧盟以《数字市场法案》（DMA）强制要求苹果开放侧载、支持第三方支付之际，英国却走出了一条截然

关键词数据泄露总部位于荷兰的电信运营商 Odido 披露，其客户联络系统遭到未授权访问，约 620 万名用户的

关键词违法犯罪近日，浙江温州苍南县警方在“净网2025”专项行动中侦破一起破坏计算机信息系统案，打掉一条“收机

关键词网络攻击2026 年 2 月，运行飞牛私有云系统 fnOS 的 NAS 设备被大规模卷入 Netdrag