Aggregator

抽奖啦 | “绒”意相伴 金榜题名

The New Frontier of Account Hijacking Account hijacking on Instagram is conventionally synonymous with stolen credentials or breached electronic mail. In a recent anomaly, however, adversaries successfully navigated an alternate vector. They manipulated Meta’s...

The post The AI Proxy: Meta’s Virtual Assistant Exploited in Instagram Takeovers appeared first on Information Security News.

A Fractured Consensus The escalating friction between Microsoft and the independent security research community has taken an unexpected turn. Following a wave of intense criticism, the technology titan was compelled to publicly clarify its...

The post The Vulnerability Rift: Microsoft Realigns Posture Toward Security Researchers appeared first on Information Security News.

A vulnerability classified as critical has been found in SourceCodester Online Boat Reservation System 1.0. Affected by this vulnerability is an unknown functionality of the component Administrative Endpoint. The manipulation leads to improper authorization. This vulnerability is documented as CVE-2026-10693. The attack can be initiated remotely. Additionally, an exploit exists. Multiple endpoints are affected.

A vulnerability classified as critical was found in SourceCodester Online Food Ordering System 2.0. Affected by this issue is the function include of the file /index.php. The manipulation of the argument page results in file inclusion. This vulnerability is reported as CVE-2026-10694. The attack can be launched remotely. Moreover, an exploit is present.

Emerging Perimeter Vulnerabilities Malicious actors have aggressively initiated exploitation of a critical vulnerability within a foundational Windows Server subsystem. Crucially, this activity manifested a mere few weeks following the deployment of the official patch....

The post The Netlogon Imperative: Critical Windows Server Exploitation Intensifies appeared first on Information Security News.

美国网络安全与基础设施安全局（CISA）已下发指令，要求各级政府机构紧急加固系统，封堵一款高危 Oracle WebLogic Server 漏洞。该漏洞早在两年前就已发布官方补丁，如今黑产团伙已在真实攻击中频繁利用此漏洞入侵系统。 Oracle WebLogic Server 是企业级 Java 应用中间件服务器，多用于搭建大型多层分布式业务系统。   漏洞编号CVE-2024-211...

An Overview of the Digital Syndicate A novel threat actor has emerged within the digital underground. Remarkably, this collective commercializes dangerous cyber weapons much like standard enterprise software. The group operates under the moniker...

The post The Cybercrime Continuum: Infrastructure Destruction Squad and the Blacknet Ecosystem appeared first on Information Security News.

正文发现 geonode.state.gov/proxy/?

Zohoが提供するWordPress用プラグインZoho Mail for WordPressには、クロスサイトリクエストフォージェリの脆弱性が存在します。

A vulnerability identified as critical has been detected in Google Android 14/15/16/16-qpr2. Affected is an unknown function of the file ubsan_throwing_runtime.cpp. The manipulation leads to integer overflow. This vulnerability is uniquely identified as CVE-2026-0039. The attack is possible to be carried out remotely. No exploit exists.

A vulnerability marked as critical has been reported in Google Android 14/15/16/16-qpr2. Affected by this issue is some unknown functionality of the file ubsan_throwing_runtime.cpp. This manipulation causes integer overflow. The identification of this vulnerability is CVE-2026-0040. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in Google Android 15/16/16-qpr2. It has been rated as critical. This vulnerability affects unknown code of the file AccessibilityManagerService.java. This manipulation causes denial of service. This vulnerability appears as CVE-2026-0018. The attack requires local access. There is no available exploit.

A vulnerability categorized as critical has been discovered in Google Android 14/15/16/16-qpr2. This issue affects the function startAnimation of the file StageCoordinator.java. Such manipulation leads to Local Privilege Escalation. This vulnerability is traded as CVE-2026-0036. An attack has to be approached locally. There is no exploit available.

A vulnerability labeled as critical has been found in Google Android 16/16-qpr2. This vulnerability affects the function updateProvidersWhenServiceRemoved of the file CredentialManagerService.java. Such manipulation leads to permission issues. This vulnerability is uniquely identified as CVE-2026-0016. Local access is required to approach this attack. No exploit exists.

六款微软 365 安卓客户端存在同源漏洞，数十亿次下载对应的用户设备均存在被入侵隐患。   漏洞由 AI 自动化漏洞挖掘厂商 Enclave 率先发现，相关研究原定周二对外公开，内容已独家交由《SecurityWeek》首发。问题根源是Word、PowerPoint、Excel、微软 365 Copilot、Microsoft Loop、OneNote 这六款安卓应用正式版代码里遗留了调...

一场名为 WeedHack 的大规模恶意软件攻击专门瞄准 Mincraft 玩家，自今年 1 月起已造成超 116000 台设备中毒。   该恶意软件依托 Mincraft 相关的恶意模组、游戏客户端、外挂作弊程序与辅助工具扩散，攻击者借助油管引流、搜索引擎投毒（SEO 污染）推广上述有害程序。 WeedHack 属于恶意软件即服务（MaaS）类信息窃取程序，搭建了后台控制面板，使用者可...

The Brute-Force Wave and Vault Compromise The password manager Dashlane recently dispatched urgent security notifications to numerous subscribers. The electronic correspondence stated that the platform temporarily deactivated their accounts to bolster defensive metrics. Specifically,...

The post The Dashlane Lockout: Security Countermeasures and User Disruption appeared first on Information Security News.