Aggregator

Microsoft Confirms RoguePlanet Defender Zero-Day, Says Patch is in Development

The Hackers News
4 days 3 hours ago
Microsoft has formally disclosed that it's working to release a patch to address a Defender zero-day codenamed RoguePlanet. The vulnerability has now been assigned the CVE identifier CVE-2026-50656 (CVSS score: 7.8), with the tech giant describing it as a privilege escalation flaw. "Microsoft is aware of an elevation of privilege in the Microsoft Malware Protection Engine in Microsoft Defender
The Hacker News

Google Cloud Vertex AI Allows Attacker to Hijack Victim’s Model and Poison it

Cyber Security News
4 days 3 hours ago

A newly disclosed vulnerability in Google Cloud Vertex AI could have allowed attackers to hijack machine learning model uploads and execute malicious code in victim environments, according to research shared with Google under responsible disclosure. The issue affects the Vertex AI Python SDK (google-cloud-aiplatform) and stems from a combination of predictable cloud storage bucket naming […]

The post Google Cloud Vertex AI Allows Attacker to Hijack Victim’s Model and Poison it appeared first on Cyber Security News.

Abinaya

GitBait Phishing Campaign Abuses GitHub Pages to Attack Financial Institutions

Cyber Security News
4 days 4 hours ago

A sophisticated phishing campaign called “GitBait” has been caught targeting Mexico’s financial sector with a level of precision rarely seen in credential-theft operations. The campaign abuses GitHub Pages, a widely trusted free hosting service, to deliver fake banking portals that look nearly identical to the real thing. Victims who land on these pages are tricked […]

The post GitBait Phishing Campaign Abuses GitHub Pages to Attack Financial Institutions appeared first on Cyber Security News.

Tushar Subhra Dutta

CVE-2026-32652 | Dell AIOps up to 1.18.3 Installation default credentials (dsa-2026-231)

VulDB Recent Entries
4 days 4 hours ago
A vulnerability classified as critical was found in Dell AIOps up to 1.18.3. This vulnerability affects unknown code of the component Installation Handler. The manipulation results in use of default credentials. This vulnerability was named CVE-2026-32652. The attack needs to be approached locally. There is no available exploit. Upgrading the affected component is advised.
vuldb.com

CVE-2026-53875 | picklescan up to 1.0.2 torch.load eval injection

VulDB Recent Entries
4 days 4 hours ago
A vulnerability classified as critical has been found in picklescan up to 1.0.2. This affects the function torch.load. The manipulation leads to improper neutralization of directives in dynamically evaluated code. This vulnerability is uniquely identified as CVE-2026-53875. The attack is possible to be carried out remotely. No exploit exists. It is recommended to upgrade the affected component.
vuldb.com

CVE-2026-53872 | picklescan up to 0.0.34 urllib.request.urlopen path traversal

VulDB Recent Entries
4 days 4 hours ago
A vulnerability marked as critical has been reported in picklescan up to 0.0.34. Affected by this vulnerability is the function urllib.request.urlopen. Performing a manipulation results in path traversal. This vulnerability is known as CVE-2026-53872. Remote exploitation of the attack is possible. No exploit is available. It is suggested to upgrade the affected component.
vuldb.com

Managed ad