Aggregator

A vulnerability has been found in Linux Kernel up to 6.18.9 and classified as critical. Affected by this vulnerability is the function ptype_seq_next/ptype_seq_show of the file /proc/net/ptype of the component net. This manipulation causes state issue. This vulnerability is handled as CVE-2026-23255. The attack can only be done within the local network. There is not any exploit available. The affected component should be upgraded.

A vulnerability was found in Linux Kernel up to 6.18.9 and classified as critical. Affected by this issue is the function setup_nic_devices of the component net. Such manipulation leads to improper initialization. This vulnerability is uniquely identified as CVE-2026-23256. The attack can only be initiated within the local network. No exploit exists. It is suggested to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.18.9. It has been classified as critical. This affects the function io_req_rw_cleanup of the component io_uring. Performing a manipulation results in allocation of resources. This vulnerability was named CVE-2026-23259. The attack needs to be approached within the local network. There is no available exploit. Upgrading the affected component is recommended.

A vulnerability was found in Linux Kernel up to 6.18.9. It has been declared as critical. This vulnerability affects the function setup_nic_devices of the component liquidio. Executing a manipulation can lead to memory leak. The identification of this vulnerability is CVE-2026-23258. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.18.9. It has been rated as critical. This issue affects the function setup_nic_devices of the component liquidio. The manipulation leads to improper initialization. This vulnerability is referenced as CVE-2026-23257. The attack needs to be initiated within the local network. No exploit is available. Upgrading the affected component is advised.

A vulnerability identified as critical has been detected in Linux Kernel up to 6.6.123/6.12.69/6.18.9. The affected element is the function mas_store_gfp of the component regmap. This manipulation causes allocation of resources. This vulnerability is tracked as CVE-2026-23260. The attack is only possible within the local network. No exploit exists. You should upgrade the affected component.

A vulnerability labeled as critical has been found in Linux Kernel up to 6.18.9. The impacted element is an unknown function of the component gve. Such manipulation leads to memory corruption. This vulnerability is listed as CVE-2026-23262. The attack must be carried out from within the local network. There is no available exploit. The affected component should be upgraded.

A vulnerability described as critical has been identified in Linux Kernel up to 6.18.9. The affected element is the function io_uring of the component zcrx. Such manipulation leads to denial of service. This vulnerability is documented as CVE-2026-23263. The attack requires being on the local network. There is not any exploit available. Upgrading the affected component is recommended.

The choice to ban all foreign-made routers instead of targeting known risks could create legal and supply chain disruptions with unclear national security returns.

The post Critics call FCC router rule a ‘big swing’ that could create more supply chain uncertainty appeared first on CyberScoop.

Modern apps no longer have well-defined boundaries. In today’s SaaS ecosystem of cloud-native applications and hybrid setups, a mix of internal and third-party APIs often serve as the primary pipelines through which apps access information. Almost all transactions, whether authentication, data transfer or workflow automation, happen through APIs, which centralize access to business-critical data. The..

The post Effective API Security Testing Strategies for Modern Application Environments appeared first on Security Boulevard.

Весь интернет учил промптить неправильно. Теперь есть доказательства.

Mozilla released Firefox 149 with added privacy protection through a built-in VPN tool offering up to 50GB of monthly traffic. [...]

Cybercriminals behind Tycoon2FA, a phishing-as-a-service (PhaaS) platform, have resumed targeting cloud accounts with near-full force despite a coordinated law enforcement takedown on March 4, 2026. Europol, working alongside authorities from six countries, seized 330 domains that formed the backbone of the platform’s infrastructure in what became one of the more visible efforts to disrupt a […]

The post Tycoon2FA Operators Resume Cloud Account Phishing After Infrastructure Disruption appeared first on Cyber Security News.

Alleged Full Infrastructure Compromise of National Oil Ethiopia With 800GB ERP Database Exfiltration, Veeam and Kaspersky Compromise, and Ransomware Deployment

A threat actor known as TeamPCP has taken a sharp turn toward destruction with a new payload that goes far beyond credential theft or backdoor installation. The group, tracked as a cloud-native attacker since late 2025, has deployed a Kubernetes wiper that specifically targets systems configured for Iran — a geopolitical targeting tactic that marks […]

The post CanisterWorm Gets Destructive as TeamPCP Deploys Iran-Focused Kubernetes Wiper appeared first on Cyber Security News.

Похоже, в Редмонде лучше знают предел возможностей вашего железа.

A large-scale malvertising campaign active since January 2026 has been observed targeting U.S.-based individuals searching for tax-related documents to serve rogue installers for ConnectWise ScreenConnect that drop a tool named HwAudKiller to blind security programs using the bring your own vulnerable driver (BYOVD) technique. "The campaign abuses Google Ads to serve rogue ScreenConnect (

A persistent threat actor known as Larva-26002 has been continuously targeting poorly managed Microsoft SQL (MS-SQL) servers, this time deploying a new scanner malware called ICE Cloud Client. The campaign has been active since at least January 2024 and continues into 2026, with the attacker upgrading their tools with every cycle. What started as a […]

The post Threat Actors Continuously Attacking MS-SQL Servers to Deploy ICE Cloud Scanner appeared first on Cyber Security News.

On February 25, 2026, Gartner published its inaugural Market Guide for Guardian Agents, marking an important milestone for this emerging category. For those unfamiliar with the various Gartner report types, “a Market Guide defines a market and explains what clients can expect it to do in the short term. With the focus on early, more chaotic markets, a Market Guide does not rate or position

A vulnerability has been found in Xen and classified as critical. This vulnerability affects unknown code of the component Linux privcmd Driver. The manipulation leads to privilege escalation. This vulnerability is uniquely identified as CVE-2026-31788. The attack can only be initiated within the local network. No exploit exists. It is suggested to install a patch to address this issue.