Aggregator

A vulnerability classified as critical has been found in Vim up to 9.1.2131. This affects the function get_tagfname of the file src/tag.c. The manipulation of the argument helpfile leads to heap-based buffer overflow. This vulnerability is traded as CVE-2026-25749. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

Submit #778282 / VDB-349769

Submit #778282 / VDB-349769

Submit #778281 / VDB-349768

Submit #778281 / VDB-349768

Submit #778280 / VDB-349768

Submit #778280 / VDB-349768

Submit #778279 / VDB-349766

Submit #778279 / VDB-349766

Submit #778278 / VDB-353874

Submit #778278 / VDB-353874

A South Asian financial institution has become the latest target of a focused cyberattack involving two custom-built malware tools — BRUSHWORM, a modular backdoor, and BRUSHLOGGER, a keylogger disguised as a trusted system file. The attack combined file theft, persistent system access, and real-time keystroke capture, underlining the growing risk that financial organizations across South […]

The post Hackers Deploy BRUSHWORM and BRUSHLOGGER Against South Asian Financial Firm appeared first on Cyber Security News.

Почему Европа больше не доверяет алгоритмам своего самого популярного мессенджера?

‘Q-Day’ and the cybersecurity problems it brings could come as early as 2029 as Google accelerates its post-quantum cryptography migration

A vulnerability categorized as critical has been discovered in NEC Platforms Aterm WG2600HS, Aterm WF1200CR, Aterm WG1200CR, Aterm WG2600HP4, Aterm WG2600HM4, Aterm WG2600HS2, Aterm WX3000HP and Aterm WX3000HP2. This affects an unknown part. Executing a manipulation can lead to os command injection. This vulnerability is tracked as CVE-2026-4622. The attack can be launched remotely. No exploit exists.

A vulnerability was found in NEC Platforms Aterm W1200EX, Aterm WG1200HP2, Aterm WG1900HP, Aterm WG1200HS2, Aterm WG1800HP3, Aterm WG1200HP3, Aterm WG1900HP2, Aterm WG1200HS3, Aterm WG1800HP4, Aterm WG1200HP4, Aterm WG1200HS4, Aterm WX1500HP, Aterm WG2600HS, Aterm WF1200CR, Aterm WG1200CR, Aterm WG2600HP4, Aterm WG2600HM4, Aterm WG2600HS2, Aterm WX3000HP, Aterm WX3000HP2 and Aterm WX3600HP. It has been rated as critical. Affected by this issue is some unknown functionality. Performing a manipulation results in backdoor. This vulnerability is identified as CVE-2026-4621. The attack can be initiated remotely. There is not any exploit available.

A vulnerability was found in NEC Platforms Aterm WX1500HP and Aterm WX3600HP. It has been declared as critical. Affected by this vulnerability is an unknown functionality. Such manipulation leads to os command injection. This vulnerability is referenced as CVE-2026-4620. It is possible to launch the attack remotely. No exploit is available.

A vulnerability was found in Bludit up to 3.18.2. It has been classified as problematic. Affected is an unknown function of the component SVG Image Handler. This manipulation causes cross site scripting. The identification of this vulnerability is CVE-2026-25100. It is possible to initiate the attack remotely. There is no exploit available. Upgrading the affected component is recommended.

The European Commission, the European Union's main executive body, is investigating a security breach after a threat actor gained access to the Commission's Amazon cloud environment. [...]

Threat actors are using adversary-in-the-middle (AitM) phishing pages to seize control of TikTok for Business accounts in a new campaign, according to a report from Push Security. Business accounts associated with social media platforms are a lucrative target, as they can be weaponized by bad actors for malvertising and distributing malware. "TikTok has been historically abused to distribute