Aggregator

CVE-2025-61662 | GNU grub gettext use after free (EUVD-2025-198071 / Nessus ID 275735)

3 weeks ago

A vulnerability identified as critical has been detected in GNU grub. The impacted element is an unknown function of the component gettext Module. This manipulation causes use after free. This vulnerability is registered as CVE-2025-61662. The attack needs to be launched locally. No exploit is available.

vuldb.com

CVE-2025-61664 | GNU grub2 normal_exit expired pointer dereference (EUVD-2025-198079 / Nessus ID 275740)

Vuldb Updates

3 weeks ago

A vulnerability marked as problematic has been reported in GNU grub2. Affected by this issue is the function normal_exit. The manipulation leads to expired pointer dereference. This vulnerability is documented as CVE-2025-61664. The attack needs to be performed locally. There is not any exploit available.

vuldb.com

CVE-2025-61661 | GNU grub buffer size (EUVD-2025-198081 / Nessus ID 275745)

Vuldb Updates

3 weeks ago

A vulnerability was found in GNU grub. It has been classified as problematic. This impacts an unknown function. This manipulation causes incorrect calculation of buffer size. The identification of this vulnerability is CVE-2025-61661. It is feasible to perform the attack on the physical device. There is no exploit available.

vuldb.com

CVE-2025-54770 | GNU grub2 Network net_set_vlan expired pointer dereference (EUVD-2025-198077 / Nessus ID 275747)

Vuldb Updates

3 weeks ago

A vulnerability was found in GNU grub2 and classified as problematic. Impacted is the function net_set_vlan of the component Network Module. Executing a manipulation can lead to expired pointer dereference. The identification of this vulnerability is CVE-2025-54770. The attack can only be executed locally. There is no exploit available.

vuldb.com

Pear

Dark Feed IO

3 weeks ago

You must login to view this content

cohenido

Pear

Dark Feed IO

3 weeks ago

You must login to view this content

cohenido

Pear

Dark Feed IO

3 weeks ago

You must login to view this content

cohenido

Russia accuses former Radio Free Europe journalist of aiding cyberattacks for Ukraine

The Record

3 weeks ago

In a statement to state-owned media, the FSB said the suspect joined a Telegram channel controlled by the Security Service of Ukraine (SBU) and passed information about a local print publication covering Russia’s war in Ukraine.

CVE-2026-34538 | Apache Airflow up to 3.1.8 DagRun Wait Endpoint exposure of resource (EUVD-2026-20878)

Vuldb Updates

3 weeks ago

A vulnerability marked as critical has been reported in Apache Airflow up to 3.1.8. This affects an unknown function of the component DagRun Wait Endpoint. The manipulation leads to exposure of resource. This vulnerability is uniquely identified as CVE-2026-34538. The attack is possible to be carried out remotely. No exploit exists. It is suggested to upgrade the affected component.

vuldb.com

CVE-2025-57735 | Apache Airflow up to 3.1.x JWT Token session expiration (EUVD-2025-209371)

Vuldb Updates

3 weeks ago

A vulnerability categorized as critical has been discovered in Apache Airflow up to 3.1.x. This affects an unknown function of the component JWT Token Handler. Executing a manipulation can lead to session expiration. This vulnerability appears as CVE-2025-57735. The attack may be performed from remote. There is no available exploit. It is advisable to upgrade the affected component.

vuldb.com

CVE-2026-34185 | Hydrosystem Control System up to 9.8.4 sql injection (EUVD-2026-20886)

Vuldb Updates

3 weeks ago

A vulnerability identified as critical has been detected in Hydrosystem Control System up to 9.8.4. This impacts an unknown function. The manipulation leads to sql injection. This vulnerability is traded as CVE-2026-34185. It is possible to initiate the attack remotely. There is no exploit available. You should upgrade the affected component.

vuldb.com

CVE-2026-21388 | Mattermost Plugins up to 2.3.1 Lifecycle Webhook Endpoint allocation of resources (EUVD-2026-20880)

Vuldb Updates

3 weeks ago

A vulnerability marked as problematic has been reported in Mattermost Plugins up to 2.3.1. Affected by this vulnerability is an unknown functionality of the component Lifecycle Webhook Endpoint. This manipulation causes allocation of resources. This vulnerability is handled as CVE-2026-21388. The attack can be initiated remotely. There is not any exploit available. It is suggested to upgrade the affected component.

vuldb.com

CVE-2026-24661 | Mattermost Plugins up to 2.1.3 Changes Webhook Endpoint allocation of resources (EUVD-2026-20882)

Vuldb Updates

3 weeks ago

A vulnerability described as problematic has been identified in Mattermost Plugins up to 2.1.3. Affected by this issue is some unknown functionality of the component Changes Webhook Endpoint. Such manipulation leads to allocation of resources. This vulnerability is uniquely identified as CVE-2026-24661. The attack can be launched remotely. No exploit exists. Upgrading the affected component is recommended.

vuldb.com

CVE-2026-4901 | Hydrosystem Control System up to 9.8.4 log file (EUVD-2026-20888)

Vuldb Updates

3 weeks ago

A vulnerability labeled as problematic has been found in Hydrosystem Control System up to 9.8.4. Affected is an unknown function. The manipulation results in sensitive information in log files. This vulnerability is known as CVE-2026-4901. It is possible to launch the attack remotely. No exploit is available. The affected component should be upgraded.

vuldb.com

New ClickFix Campaign Uses macOS Script Editor to Deliver Atomic Stealer

Cyber Security News

3 weeks ago

A newly discovered ClickFix campaign is targeting macOS users through a technique that completely bypasses Terminal, using Script Editor to drop the Atomic Stealer infostealer onto compromised systems. This campaign marks a clear shift in how attackers are responding to Apple’s tightening security controls — a sharp reminder that social engineering can work around almost […]

The post New ClickFix Campaign Uses macOS Script Editor to Deliver Atomic Stealer appeared first on Cyber Security News.

Tushar Subhra Dutta

Работа мечты: вы нам код, мы вам вирус. Тестовые задания стали опаснее сомнительных сайтов

Securitylab.ru

3 weeks ago

Привычный запуск кода в терминале превращает личную систему в открытую книгу.

Investigating Storm-2755: “Payroll pirate” attacks targeting Canadian employees

Threat intelligence | Microsoft Security Blog

3 weeks ago

Microsoft Incident Response – Detection and Response Team (DART) researchers observed an emerging, financially motivated threat actor, tracked as Storm-2755, compromising Canadian employee accounts to gain unauthorized access to employee profiles and divert salary payments to attacker-controlled accounts.

The post Investigating Storm-2755: “Payroll pirate” attacks targeting Canadian employees appeared first on Microsoft Security Blog.

Microsoft Incident Response

Investigating Storm-2755: “Payroll pirate” attacks targeting Canadian employees

Threat intelligence | Microsoft Security Blog

3 weeks ago

The post Investigating Storm-2755: “Payroll pirate” attacks targeting Canadian employees appeared first on Microsoft Security Blog.

Microsoft Incident Response

STX RAT Targets Finance Sector With Advanced Stealth Tactics

Information Security Magazine

3 weeks ago

STX RAT, a newly identified remote access trojan, attempted deployment in finance, showing advanced C2 and stealthy delivery methods

欧洲男性过去一万年摄入的肉量一直多于女性

Solidot

3 weeks ago

人体骨胶原中碳氮同位素比例能揭示其饮食信息，氮同位素比例反映了摄入的肉量，碳同位素比例则可以用于推断一个人摄入了多少小米以及多少可能比较稀有的海产品。研究人员分析了欧洲 673 个遗址的 12281 名成年人过去一万年间男性和女性消费肉类、小米和/或海产品的比例，发现几乎所有时期男性摄入的肉量都多于女性。新石器时代最平等，但也存在获取动物蛋白质上显著的性别差异。研究人员推测，这种肉食消费的不平等现象可能源自食物禁忌、创世信仰、对女性蛋白质需求的误解，或者将男性需求置于女性需求之上的社会规范。

Aggregator

Managed ad