Aggregator

An illicit ledger advertised within subterranean cybercrime forums is currently being cross-examined by security researchers following assertions that it encapsulates 340 million sensitive user records harvested from OnlyFans. While the preliminary manifesto suggested a...

The post The Proliferation of Synthetic Telemetry: Unmasking the Alleged OnlyFans Mass Exfiltration Campaign appeared first on Information Security News.

当行业还在卷参数和评测榜单时，一家港股 AI 医疗公司用 12 年沉淀，把 AI 真正「焊」进了三甲医院的诊疗工作流——并率先跑通了商业闭环。

​AI 算力的下一个增长点，在互连。

A vulnerability labeled as critical has been found in Totolink N300RH 6.1c.1353_B20190305. Affected is the function setPasswordCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Such manipulation of the argument admpass leads to os command injection. This vulnerability is documented as CVE-2026-9543. The attack can be executed remotely. Additionally, an exploit exists.

A vulnerability marked as critical has been reported in Shenzhen Sixun Software Sixun Shanghui Group Business Management System 10. Affected by this vulnerability is an unknown functionality of the file /api/Dinner/PayConfig. Performing a manipulation of the argument tableno results in sql injection. This vulnerability is reported as CVE-2026-9544. The attack is possible to be carried out remotely. Moreover, an exploit is present. The vendor was contacted early about this disclosure but did not respond in any way.

发布时间: 2026-0

A vulnerability labeled as critical has been found in Totolink N300RH 6.1c.1353_B20190305. Affected is the function setPasswordCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Such manipulation of the argument admpass leads to os command injection. This vulnerability is documented as CVE-2026-9543. The attack can be executed remotely. Additionally, an exploit exists.

A vulnerability identified as problematic has been detected in pacote up to 11.2.7. This impacts the function addGitSha. This manipulation causes inefficient regular expression complexity. This vulnerability is registered as CVE-2026-9496. Remote exploitation of the attack is possible. No exploit is available.

Submit #815425 / VDB-365608

Submit #815070 / VDB-201881

Submit #815069 / VDB-201880

A vulnerability categorized as problematic has been discovered in Hitachi Ops Center Analyzer, Ops Center Analyzer viewpoint and Infrastructure Analytics Advisor. This affects an unknown function. The manipulation results in missing password field masking. This vulnerability is cataloged as CVE-2026-3314. An attack on the physical device is feasible. There is no exploit available. It is advisable to upgrade the affected component.

Submit #815068 / VDB-365607

A vulnerability was found in koa router 14.x. It has been rated as critical. The impacted element is an unknown function. The manipulation leads to improper access controls. This vulnerability is listed as CVE-2026-9495. The attack may be initiated remotely. There is no available exploit. Upgrading the affected component is advised.

The state-sponsored Chinese threat collective known as Red Lamassu has spent years establishing persistent covert footprints within the core telecommunications architectures of Asia. Recent threat intelligence data has definitively correlated their operations with two...

The post The Strategic Encroachment of Red Lamassu Across the Eurasian Telecommunications Landscape appeared first on Information Security News.

A vulnerability marked as critical has been reported in F5 NGINX Plus and NGINX Open Source. Affected by this issue is some unknown functionality of the component ngx_http_rewrite_module. The manipulation leads to heap-based buffer overflow. This vulnerability is documented as CVE-2026-9256. The attack can be initiated remotely. There is not any exploit available. It is suggested to upgrade the affected component.

A vulnerability classified as problematic has been found in SPIP up to 4.4.14. Impacted is an unknown function of the file action/cookie.php of the component ecrire. Performing a manipulation results in open redirect. This vulnerability is cataloged as CVE-2026-48832. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in x-crypto up to 0.51.x on Go. It has been classified as problematic. This affects the function Close of the component SSH Peer Handler. This manipulation causes deadlock. This vulnerability is registered as CVE-2026-39830. Remote exploitation of the attack is possible. No exploit is available. Upgrading the affected component is recommended.

A vulnerability, which was classified as critical, has been found in x-crypto up to 0.51.x. This impacts the function Verify of the component FIDO/U2F. Performing a manipulation results in authentication bypass by spoofing. This vulnerability is identified as CVE-2026-39831. The attack may be carried out on the physical device. There is not any exploit available. It is advisable to upgrade the affected component.