Aggregator

Cyber risk is becoming a hold-period problem for private equity firms

Help Net Security
2 days 3 hours ago

Private equity firms have spent years treating cybersecurity as an IT hygiene issue inside portfolio companies. That approach is getting harder to sustain as ransomware, data theft, and regulatory pressure interfere with value creation during the hold period. Has cybersecurity risk had any financial impact on your portfolio companies? (Source: Kroll) A recent Kroll survey of 325 private equity portfolio leaders found that 80% of firms experienced some form of disruption tied to cybersecurity risk … More →

The post Cyber risk is becoming a hold-period problem for private equity firms appeared first on Help Net Security.

Anamarija Pogorelec

CVE-2026-21877:n8n Git 节点任意文件写入漏洞分析 (三)

先知技术社区
2 days 4 hours ago
本篇是 n8n 漏洞分析系列的第三篇。在此前,我们分析了利用裸仓库特性的 CVE-2025-62726 和利用配置注入的 CVE-2025-65964。而今天要分析的 CVE-2026-21877,它利用 Git 节点的 `Clone` 操作,可以将恶意仓库的内容写入服务器的任意目录,进而导致远程命令执行漏洞。

CVE-2026-20634 | Apple macOS/watchOS/visionOS/iOS/iPadOS/tvOS up to 26.2 Image memory corruption

Vuldb Updates
2 days 4 hours ago
A vulnerability marked as critical has been reported in Apple macOS, watchOS, visionOS, iOS, iPadOS and tvOS up to 26.2. The impacted element is an unknown function of the component Image Handler. The manipulation leads to memory corruption. This vulnerability is documented as CVE-2026-20634. The attack can be initiated remotely. There is not any exploit available. It is suggested to upgrade the affected component.
vuldb.com

CVE-2026-20635 | Apple Safari/macOS/watchOS/visionOS/iOS/iPadOS/tvOS up to 26.2 Web memory corruption

Vuldb Updates
2 days 4 hours ago
A vulnerability, which was classified as critical, was found in Apple Safari, macOS, watchOS, visionOS, iOS, iPadOS and tvOS up to 26.2. This issue affects some unknown processing of the component Web Handler. The manipulation results in memory corruption. This vulnerability is known as CVE-2026-20635. It is possible to launch the attack remotely. No exploit is available. You should upgrade the affected component.
vuldb.com

CVE-2026-20644 | Apple Safari/macOS/visionOS/iOS/iPadOS up to 26.2 Web memory corruption

Vuldb Updates
2 days 4 hours ago
A vulnerability was found in Apple Safari, macOS, visionOS, iOS and iPadOS up to 26.2 and classified as critical. The affected element is an unknown function of the component Web Handler. Such manipulation leads to memory corruption. This vulnerability is uniquely identified as CVE-2026-20644. The attack can be launched remotely. No exploit exists. It is suggested to upgrade the affected component.
vuldb.com

CVE-2026-20650 | Apple macOS/watchOS/visionOS/iOS/iPadOS/tvOS up to 26.2 Bluetooth denial of service

Vuldb Updates
2 days 4 hours ago
A vulnerability was found in Apple macOS, watchOS, visionOS, iOS, iPadOS and tvOS up to 26.2. It has been declared as problematic. This affects an unknown function of the component Bluetooth Handler. Executing a manipulation can lead to denial of service. The identification of this vulnerability is CVE-2026-20650. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2026-20627 | Apple macOS/watchOS/visionOS/iOS/iPadOS up to 26.2 Environment Variable information disclosure

Vuldb Updates
2 days 4 hours ago
A vulnerability labeled as problematic has been found in Apple macOS, watchOS, visionOS, iOS and iPadOS up to 26.2. This issue affects some unknown processing of the component Environment Variable Handler. Executing a manipulation can lead to information disclosure. This vulnerability is tracked as CVE-2026-20627. The attack is restricted to local execution. No exploit exists. The affected component should be upgraded.
vuldb.com

Managed ad