Aggregator

A vulnerability was found in Dolibarr ERP CRM 22.0.9. It has been declared as problematic. This issue affects some unknown processing of the file perms.php. Executing a manipulation of the argument notes can lead to cross-site request forgery. This vulnerability appears as CVE-2025-69634. The attack may be performed from remote. There is no available exploit.

National Cyber Director Sean Cairncross told attendees of the Munich Cyber Security Conference that Washington is looking to deepen cooperation with partners rather than act alone.

A vulnerability was found in Xiaomi Galaxy FDS Android SDK up to 3.0.8. It has been classified as critical. This vulnerability affects the function GalaxyFDSClientImpl.createHttpClient. Performing a manipulation results in certificate with host mismatch. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is reported as CVE-2026-26214. The attack is possible to be carried out remotely. No exploit exists.

New research reveals a 1-trillion-attribute threat landscape driven by machine speed and scale, and high-density credential consolidation. LOS ALTOS, CA — February 12, 2026 — Constella, the leader in Identity Risk Intelligence, today announced the release of its flagship 2026 Identity Breach Report. The report details a fundamental shift in the cyber threat landscape, moving from the …

The post Constella Intelligence Unveils 2026 Identity Breach Report: The Industrialization of Identity appeared first on Security Boulevard.

dyld（dynamic linker 动态链接器）是苹果操作系统（iOS、iPadOS、macOS、watc

A vulnerability was found in NTN Smart Panel and classified as critical. This affects an unknown part. Such manipulation leads to unrestricted upload. This vulnerability is documented as CVE-2025-14014. The attack can be executed remotely. There is not any exploit available. It is suggested to upgrade the affected component.

A vulnerability has been found in AMD Instinct MI210 and Instinct MI250 and classified as critical. Affected by this issue is some unknown functionality of the component PMFW. This manipulation causes unintended intermediary. This vulnerability is registered as CVE-2023-31313. The attack needs to be launched locally. No exploit is available. The affected component should be upgraded.

Microsoft запускает масштабную программу обновления.

A critical flaw in the WPvivid Backup & Migration WordPress plugin can let an unauthenticated attacker upload files and run code on the server, a path that often ends in full site takeover. The issue is tracked as CVE-2026-1357, scored 9.8 (Critical), and affects plugin versions up to and including 0.9.123, with a fix available […]

The post WordPress Backup Plugin Vulnerability Exposes 800,000 Sites to Remote Code Execution Attacks appeared first on Cyber Security News.

Bitdefender reports a surge in LummaStealer activity, showing the MaaS infostealer rebounded after 2025 law enforcement disruption. Bitdefender observed renewed LummaStealer activity, proving the MaaS infostealer recovered after 2025 takedowns. Active since 2022, it relies on affiliates, social engineering, fake cracked software, and fake CAPTCHA “ClickFix” lures. CastleLoader plays a key role in spreading it. […]

A vulnerability labeled as problematic has been found in Orbisius Random Name Generator Plugin up to 1.0.2 on WordPress. The impacted element is an unknown function of the component Shortcode Handler. Executing a manipulation of the argument btn_label can lead to cross site scripting. This vulnerability appears as CVE-2026-1893. The attack may be performed from remote. There is no available exploit.

A vulnerability categorized as problematic has been discovered in Pix Para Woocommerce Plugin up to 2.13.3 on WordPress. Affected by this vulnerability is an unknown functionality of the component Payment Gateway Configuration Handler. The manipulation results in missing authorization. This vulnerability is cataloged as CVE-2025-15400. The attack may be launched remotely. There is no exploit available.

A vulnerability identified as problematic has been detected in Roundcube Webmail up to 1.5.12/1.6.12. Affected by this issue is some unknown functionality of the component Cascading Style Sheet Handler. This manipulation causes inclusion of functionality from untrusted control sphere. This vulnerability is registered as CVE-2026-26079. Remote exploitation of the attack is possible. No exploit is available. You should upgrade the affected component.

A vulnerability was found in Beaver Builder Page Builder Plugin up to 2.10.0.5 on WordPress. It has been rated as problematic. Affected by this vulnerability is the function save_global_settings. The manipulation leads to cross site scripting. This vulnerability is documented as CVE-2026-1231. The attack can be initiated remotely. There is not any exploit available.

Oekraïne heeft dringend behoefte aan extra slagkracht. Nederland, het Verenigd Koninkrijk, Noorwegen en Zweden schieten daarom te hulp met een nieuwe levering van Amerikaanse wapens, materieel en munitie. Het gaat om militaire steun via het Prioritised Ukraine Requirements List (PURL) initiatief. Ook levert Nederland F-16-simulatoren.

Among the many security fixes released by Microsoft on February 2026 Patch Tuesday is one for CVE-2026-20841, a command injection vulnerability in Notepad that could be exploited by attackers to achieve remote code execution on targets’ Windows system. About CVE-2026-20841 For many, many years, Windows Notepad was a simple text editor and a staple tool for everyone who wanted a no-frills way to work with plain text, but in early 2022, Microsoft started redesigning it … More →

The post Windows Notepad Markdown feature opens door to RCE (CVE-2026-20841) appeared first on Help Net Security.

Этот космический левиафан — нечто среднее между планетой и звездой, окруженное стеной из пыли.

AI is giving online romance scammers even more ways to hide and accelerate their schemes while making it more difficult for people to detect fraud operations that are resulting in billions of dollars being stolen every year from millions of victims.

The post AI is Supercharging Romance Scams with Deepfakes and Bots appeared first on Security Boulevard.