Aggregator

A vulnerability classified as very critical has been found in Soar Cloud System HRD Human Resource Management System up to 7.3.2025.0408. This issue affects some unknown processing. This manipulation causes deserialization. The identification of this vulnerability is CVE-2025-48780. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability classified as critical was found in Soar Cloud System HRD Human Resource Management System up to 7.3.2025.0408. Impacted is an unknown function. Such manipulation leads to missing authentication. This vulnerability is referenced as CVE-2025-5192. It is possible to launch the attack remotely. No exploit is available.

A vulnerability identified as problematic has been detected in Soar Cloud System HRD Human Resource Management System up to 7.3.2025.0408. Affected by this vulnerability is an unknown functionality. Performing a manipulation results in file inclusion. This vulnerability is known as CVE-2025-48781. Remote exploitation of the attack is possible. No exploit is available.

A vulnerability was found in Fortinet FortiDeceptor up to 5.3.0. It has been rated as problematic. Affected by this vulnerability is an unknown functionality. This manipulation causes cross site scripting. This vulnerability is tracked as CVE-2024-35280. The attack is possible to be carried out remotely. No exploit exists.

A vulnerability categorized as critical has been discovered in Fortinet FortiDeceptor up to 5.0.0/5.1.0/5.2.1/5.3.3/6.0.0. Affected by this vulnerability is an unknown functionality of the component Request Handler. Executing a manipulation can lead to improper access controls. The identification of this vulnerability is CVE-2024-45326. The attack may be launched remotely. There is no exploit available.

ConnectSecure announced the launch of a new cross-platform Linux operating system patching capability. The update eliminates the complexity of managing fragmented Linux environments by delivering a single, unified interface for deploying critical security updates across the four most widely used Linux distributions: Red Hat, Ubuntu, Debian, and CentOS. The new capability helps MSPs and security teams automate the identification and deployment of kernel and OS patches without requiring distribution-specific tools. As a result, organizations can … More →

The post ConnectSecure introduces Linux patching capability to simplify cross-distro updates appeared first on Help Net Security.

Leaked non-human identities like API keys and tokens are becoming a major breach driver in cloud environments. Flare shows how exposed machine credentials quietly grant attackers long-term access to enterprise systems. [...]

Nederlandse militairen die deel uitmaken van de Multinational Battlegroup in Litouwen (MNBG LTU), staan sinds vandaag onder het bevel van 45. Pantserbrigade uit Duitsland. Dat gebeurde symbolisch door de overdracht van een NAVO-vlag in het ijskoude en zonnige Kaunas. De commandowisseling werd vanochtend gevierd met een grote militaire parade.

The developers of Notepad++ disclosed a critical security breach on February 2, 2026, affecting their update infrastructure. The popular text editor, widely used by developers worldwide, became the target of a sophisticated supply chain attack that remained undetected for several months. According to the official statement, attackers gained unauthorized access through a hosting provider-level incident […]

The post Supply Chain Attack Abused Notepad++ Update Infrastructure to Deliver Targeted Malware appeared first on Cyber Security News.

ShadowSyndicate cluster expands with new SSH fingerprints connecting servers to other ransomware ops

A new spy campaign by Mustang Panda uses fake US diplomatic briefings to target government officials. Discover how this silent surveillance operation works.

GreyNoise spotted a dual-mode Citrix Gateway recon campaign using 63K+ residential proxies and AWS to find login panels and enumerate versions. Between Jan 28 and Feb 2, 2026, GreyNoise tracked a coordinated reconnaissance campaign targeting Citrix ADC and NetScaler Gateways. Attackers used over 63,000 residential proxies to discover login panels, then switched to AWS infrastructure […]

俄罗斯安全公司卡巴斯基发表了 Notepad++ 去年遭受供应链攻击的分析报告。安全研究人员发现，攻击者在 2025 年 7-10 月之间使用了三条感染链攻击十几台电脑，这些电脑属于：越南、萨尔瓦多和澳大利亚的个人；菲律宾的一家政府机构；萨尔瓦多的一家金融机构；越南的一家 IT 服务提供商。攻击者在 2025 年 7 月下旬首次部署了 Notepad++ 的恶意更新程序。恶意程序由合法的 Notepad++ 更新程序 GUP.exe 启动，启动之后会向攻击者发送包含系统信息的“心跳（heartbeat）”包，随后开始执行第二阶段的负荷。

Submit #742676 / VDB-344270

Submit #742671 / VDB-344269

Submit #742670 / VDB-344268

Submit #742666 / VDB-344267

Submit #742663 / VDB-344266

Submit #742662 / VDB-344265

The chatbot era has ended. For two years, we’ve interacted with digital assistants that summarize emails and suggest recipes, but the National Institute of Standards and Technology (NIST) now draws a definitive line between machines that talk and machines that act. Their newly released Request for Information (RFI) signals a fundamental paradigm shift in how..

The post Beyond the Chatbot: Why NIST is Rewriting the Rules for Autonomous AI appeared first on Security Boulevard.