Aggregator

A vulnerability classified as critical was found in SourceCodester Online Food Ordering System 2.0. Affected by this issue is the function include of the file /index.php. The manipulation of the argument page results in file inclusion. This vulnerability is reported as CVE-2026-10694. The attack can be launched remotely. Moreover, an exploit is present.

Emerging Perimeter Vulnerabilities Malicious actors have aggressively initiated exploitation of a critical vulnerability within a foundational Windows Server subsystem. Crucially, this activity manifested a mere few weeks following the deployment of the official patch....

The post The Netlogon Imperative: Critical Windows Server Exploitation Intensifies appeared first on Information Security News.

美国网络安全与基础设施安全局（CISA）已下发指令，要求各级政府机构紧急加固系统，封堵一款高危 Oracle WebLogic Server 漏洞。该漏洞早在两年前就已发布官方补丁，如今黑产团伙已在真实攻击中频繁利用此漏洞入侵系统。 Oracle WebLogic Server 是企业级 Java 应用中间件服务器，多用于搭建大型多层分布式业务系统。   漏洞编号CVE-2024-211...

An Overview of the Digital Syndicate A novel threat actor has emerged within the digital underground. Remarkably, this collective commercializes dangerous cyber weapons much like standard enterprise software. The group operates under the moniker...

The post The Cybercrime Continuum: Infrastructure Destruction Squad and the Blacknet Ecosystem appeared first on Information Security News.

正文发现 geonode.state.gov/proxy/?

Zohoが提供するWordPress用プラグインZoho Mail for WordPressには、クロスサイトリクエストフォージェリの脆弱性が存在します。

A vulnerability identified as critical has been detected in Google Android 14/15/16/16-qpr2. Affected is an unknown function of the file ubsan_throwing_runtime.cpp. The manipulation leads to integer overflow. This vulnerability is uniquely identified as CVE-2026-0039. The attack is possible to be carried out remotely. No exploit exists.

A vulnerability marked as critical has been reported in Google Android 14/15/16/16-qpr2. Affected by this issue is some unknown functionality of the file ubsan_throwing_runtime.cpp. This manipulation causes integer overflow. The identification of this vulnerability is CVE-2026-0040. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in Google Android 15/16/16-qpr2. It has been rated as critical. This vulnerability affects unknown code of the file AccessibilityManagerService.java. This manipulation causes denial of service. This vulnerability appears as CVE-2026-0018. The attack requires local access. There is no available exploit.

A vulnerability categorized as critical has been discovered in Google Android 14/15/16/16-qpr2. This issue affects the function startAnimation of the file StageCoordinator.java. Such manipulation leads to Local Privilege Escalation. This vulnerability is traded as CVE-2026-0036. An attack has to be approached locally. There is no exploit available.

A vulnerability labeled as critical has been found in Google Android 16/16-qpr2. This vulnerability affects the function updateProvidersWhenServiceRemoved of the file CredentialManagerService.java. Such manipulation leads to permission issues. This vulnerability is uniquely identified as CVE-2026-0016. Local access is required to approach this attack. No exploit exists.

六款微软 365 安卓客户端存在同源漏洞，数十亿次下载对应的用户设备均存在被入侵隐患。   漏洞由 AI 自动化漏洞挖掘厂商 Enclave 率先发现，相关研究原定周二对外公开，内容已独家交由《SecurityWeek》首发。问题根源是Word、PowerPoint、Excel、微软 365 Copilot、Microsoft Loop、OneNote 这六款安卓应用正式版代码里遗留了调...

一场名为 WeedHack 的大规模恶意软件攻击专门瞄准 Mincraft 玩家，自今年 1 月起已造成超 116000 台设备中毒。   该恶意软件依托 Mincraft 相关的恶意模组、游戏客户端、外挂作弊程序与辅助工具扩散，攻击者借助油管引流、搜索引擎投毒（SEO 污染）推广上述有害程序。 WeedHack 属于恶意软件即服务（MaaS）类信息窃取程序，搭建了后台控制面板，使用者可...

The Brute-Force Wave and Vault Compromise The password manager Dashlane recently dispatched urgent security notifications to numerous subscribers. The electronic correspondence stated that the platform temporarily deactivated their accounts to bolster defensive metrics. Specifically,...

The post The Dashlane Lockout: Security Countermeasures and User Disruption appeared first on Information Security News.

俄罗斯黑客组织 “鱼叉”（Gamaredon）持续利用 WinRAR 漏洞，投放多种旨在窃取数据和传播的恶意软件。   据安全公司 Sekoia 称，此次攻击利用了 WinRAR 中的路径遍历漏洞 CVE - 2025 - 8088，将其武器化以启动名为 GammaPhish 的 HTML 应用程序有效载荷，然后该程序会检索一个名为 GammaLoad 的中间 V...

A vulnerability categorized as critical has been discovered in Seagate openSeaChest up to 25.05.3/26.03.0. This affects an unknown part of the component SCSI Handler. The manipulation results in out-of-bounds write. This vulnerability is known as CVE-2026-10717. Attacking locally is a requirement. No exploit is available.

A vulnerability identified as critical has been detected in ahujasid blender-mcp up to 7636d13bded82eca58eb93c3f4cd8708dfdfbe8b. The impacted element is the function execute_blender_code of the file /src/blender_mcp/server.py. This manipulation of the argument code causes code injection. This vulnerability is tracked as CVE-2026-10688. The attack is possible to be carried out remotely. Moreover, an exploit is present. This product adopts a rolling release strategy to maintain continuous delivery. Therefore, version details for affected or updated releases cannot be specified. The project was informed of the problem early through an issue report but has not responded yet.

A vulnerability categorized as problematic has been discovered in QloApps up to 1.7.0. Affected is the function Tools::encrypt of the file classes/Tools.php. Executing a manipulation can lead to password hash with insufficient computational effort. This vulnerability is handled as CVE-2026-25861. The attack can be executed remotely. There is not any exploit available. It is advisable to upgrade the affected component.

A vulnerability has been found in Seagate openSeaChest up to 26.03.0 and classified as critical. This affects an unknown function. This manipulation causes out-of-bounds write. This vulnerability is registered as CVE-2026-10718. The attack needs to be launched locally. No exploit is available.

A vulnerability marked as critical has been reported in Seagate SeaChest up to 25.05.3. Impacted is the function showSupportedFormats of the component NVMe Handler. Performing a manipulation results in out-of-bounds write. This vulnerability was named CVE-2026-10719. The attack needs to be approached locally. There is no available exploit.