Aggregator

A vulnerability identified as critical has been detected in itsourcecode News Portal Project 1.0. This vulnerability affects unknown code of the file /admin/index.php of the component Administrator Login. This manipulation of the argument email causes sql injection. This vulnerability is handled as CVE-2026-2225. The attack can be initiated remotely. Additionally, an exploit exists.

A vulnerability was found in Praskla-Technology assessment-placipy 1.0.0. It has been rated as critical. This vulnerability affects unknown code of the file backend/src/routes/student.routes.ts. Performing a manipulation results in missing authorization. This vulnerability is identified as CVE-2026-25806. The attack can be initiated remotely. There is not any exploit available.

A vulnerability described as critical has been identified in Praskla-Technology assessment-placipy 1.0.0. This affects an unknown function of the file backend/src/routes/student.submission.routes.ts. Such manipulation leads to missing authorization. This vulnerability is documented as CVE-2026-25810. The attack can be executed remotely. There is not any exploit available.

A vulnerability, which was classified as critical, has been found in Praskla-Technology assessment-placipy 1.0.0. Affected by this vulnerability is an unknown functionality of the file backend/src/routes/results.routes.ts. The manipulation leads to missing authorization. This vulnerability is traded as CVE-2026-25876. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability identified as critical has been detected in Praskla-Technology assessment-placipy 1.0.0. This affects an unknown function of the component Code Evaluation Endpoint. This manipulation causes improper authorization. This vulnerability is tracked as CVE-2026-25809. The attack is possible to be carried out remotely. No exploit exists.

A vulnerability marked as critical has been reported in code-projects Online Examination System 1.0. Affected by this issue is some unknown functionality of the file login.php. The manipulation of the argument username/password leads to sql injection. This vulnerability is listed as CVE-2026-2173. The attack may be initiated remotely. There is no available exploit.

A vulnerability described as critical has been identified in code-projects Contact Management System 1.0. This affects an unknown part of the component CRUD Endpoint. The manipulation of the argument ID results in improper authentication. This vulnerability is cataloged as CVE-2026-2174. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as critical was found in code-projects Contact Management System 1.0. This issue affects some unknown processing of the file index.py. Such manipulation of the argument selecteditem[0] leads to sql injection. This vulnerability is documented as CVE-2026-2176. The attack can be executed remotely. There is not any exploit available.

Почему крупнейший хостинг IT-проектов в мире перестал быть стабильным.

致力于第一时间为企业级用户提供权威漏洞情报和有效解决方案。

A significant chunk of the exploitation attempts targeting a newly disclosed security flaw in Ivanti Endpoint Manager Mobile (EPMM) can be traced back to a single IP address on bulletproof hosting infrastructure offered by PROSPERO. Threat intelligence firm GreyNoise said it recorded 417 exploitation sessions from 8 unique source IP addresses between February 1 and 9, 2026. An estimated 346

A critical denial-of-service (DoS) flaw in Palo Alto Networks’ PAN-OS software could let unauthenticated attackers crash firewalls into endless reboot cycles, potentially crippling enterprise networks. Dubbed CVE-2026-0229, the vulnerability lurks in the Advanced DNS Security (ADNS) feature. An attacker sends a maliciously crafted packet to trigger a system reboot. Repeated exploitation forces the firewall into […]

The post Palo Alto Networks Firewall Vulnerability Allows an Attacker to Force Firewalls into a Reboot Loop appeared first on Cyber Security News.

Пекин построил виртуальный мир, чтобы научиться ломать настоящий.

In this Help Net Security, Chris O’Ferrell, CEO at CodeHunter, talks about why malware keeps succeeding, where attackers insert malicious code in the SDLC, and how CI/CD pipelines can become a quiet entry point. He also breaks down the difference between behavioral detection and behavioral intent analysis, and why explainable results matter for security teams. What is the most common reason modern malware succeeds even in organizations with mature EDR and threat intel programs? Modern … More →

The post When security decisions come too late, and attackers know it appeared first on Help Net Security.

Google Threat Intelligence Group (GTIG) has published a new report warning about AI model extraction/distillation attacks, in which private-sector firms and researchers use legitimate API access to systematically probe models and replicate their logic and reasoning. [...]

ZLANが提供するZLAN5143Dには、複数の重要な機能に対する認証の欠如の脆弱性が存在します。

AVEVAが提供する複数の製品には、複数の脆弱性が存在します。

Cybercriminals are increasingly using valid administrative software to launch attacks, making their malicious activities much harder to spot. Instead of relying solely on custom computer viruses, these actors abuse legitimate workforce monitoring tools to hide inside business networks. By utilizing software designed for tracking employee productivity, they can control systems and steal sensitive data without […]

The post Threat Actors Leveraging Employee Monitoring and SimpleHelp Tools to Deploy Ransomware Attacks appeared first on Cyber Security News.

Meta 旗下的 WhatsApp 透露，俄罗斯正尝试全面屏蔽该消息应用。WhatsApp 以及 Telegram 都是俄罗斯最受欢迎的消息应用，用户数超过一亿。俄罗斯官方塔斯社（Tass Media）早些时候报道，俄罗斯预计在 2026 年永久封禁 WhatsApp。俄罗斯已将 WhatsApp 母公司 Meta 认定为极端组织，官员表示屏蔽 WhatsApp 是绝对正当的。俄罗斯正在努力推广本土消息应用 Max，该应用被誉为俄罗斯的微信，它组合了即时通讯和政府服务，但没有加密功能。

A new free, open source tool is available to help organizations detect where autonomous AI agents are operating across corporate environments. The OpenClaw Scanner identifies instances of OpenClaw, an autonomous AI assistant also known as MoltBot, that can execute tasks, access local files, and authenticate to internal systems without centralized oversight. OpenClaw gained usage in the past few months as an AI agent capable of performing actions on behalf of users. The software can run … More →

The post OpenClaw Scanner: Open-source tool detects autonomous AI agents appeared first on Help Net Security.