Aggregator

A vulnerability was found in SonicWall SMA1000. It has been declared as critical. Affected is an unknown function of the component AMC TOTP Authentication. The manipulation results in improper handling of unicode encoding. This vulnerability is identified as CVE-2026-4114. The attack can be executed remotely. There is not any exploit available.

A vulnerability was found in SonicWall SMA1000. It has been classified as problematic. This impacts an unknown function of the component SSL VPN. The manipulation leads to observable response discrepancy. This vulnerability is referenced as CVE-2026-4113. Remote exploitation of the attack is possible. No exploit is available.

FBI cyber chief Brett Leatherman told CyberScoop the Russian GRU campaign was unique in how it could propagate from routers to beyond.

The post Inside the FBI’s router takedown that cut off APT28’s ‘tremendous access’ appeared first on CyberScoop.

Как одна строчка из картинок заменяет подробный план кибератаки.

A vulnerability, which was classified as problematic, was found in Apple macOS. This vulnerability affects unknown code of the component ImageIO. Executing a manipulation can lead to denial of service. This vulnerability is handled as CVE-2022-1622. The attack can be executed remotely. There is not any exploit available. You should upgrade the affected component.

A vulnerability was found in vim and classified as critical. This affects the function vim_strncpy. Such manipulation leads to heap-based buffer overflow. This vulnerability is uniquely identified as CVE-2022-1621. The attack can be launched remotely. No exploit exists. It is suggested to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in LibTIFF. The affected element is the function LZWDecode of the file libtiff/tif_lzw.c of the component TIFF File Handler. Such manipulation leads to out-of-bounds read. This vulnerability is uniquely identified as CVE-2022-1622. The attack can be launched remotely. No exploit exists. It is best practice to apply a patch to resolve this issue.

NASA 的视频显示，Artemis II 宇航员的笔记本电脑运行了开源多媒体播放器 VLC，而 VLC 使用了 FFmpeg 多媒体库，这意味着两大开源项目都进入了太空，而且工作正常，不像微软的私有软件 Outlook。Artemis 宇航员除了使用开源软件，还用苹果最新的 iPhone 17 Pro Max 智能手机在飞船内自拍。飞船外的拍摄则使用了 2014 年款的 GoPro Hero 4 Black 相机。

A vulnerability classified as critical was found in GNU grub. The affected element is an unknown function. Such manipulation leads to use after free. This vulnerability is uniquely identified as CVE-2025-54771. Local access is required to approach this attack. No exploit exists.

A vulnerability classified as problematic was found in GNU grub2. This impacts an unknown function. Executing a manipulation can lead to expired pointer dereference. This vulnerability is handled as CVE-2025-61663. It is possible to launch the attack on the local host. There is not any exploit available.

A vulnerability identified as critical has been detected in GNU grub. The impacted element is an unknown function of the component gettext Module. This manipulation causes use after free. This vulnerability is registered as CVE-2025-61662. The attack needs to be launched locally. No exploit is available.

A vulnerability marked as problematic has been reported in GNU grub2. Affected by this issue is the function normal_exit. The manipulation leads to expired pointer dereference. This vulnerability is documented as CVE-2025-61664. The attack needs to be performed locally. There is not any exploit available.

A vulnerability was found in GNU grub. It has been classified as problematic. This impacts an unknown function. This manipulation causes incorrect calculation of buffer size. The identification of this vulnerability is CVE-2025-61661. It is feasible to perform the attack on the physical device. There is no exploit available.

A vulnerability was found in GNU grub2 and classified as problematic. Impacted is the function net_set_vlan of the component Network Module. Executing a manipulation can lead to expired pointer dereference. The identification of this vulnerability is CVE-2025-54770. The attack can only be executed locally. There is no exploit available.

In a statement to state-owned media, the FSB said the suspect joined a Telegram channel controlled by the Security Service of Ukraine (SBU) and passed information about a local print publication covering Russia’s war in Ukraine.

A vulnerability marked as critical has been reported in Apache Airflow up to 3.1.8. This affects an unknown function of the component DagRun Wait Endpoint. The manipulation leads to exposure of resource. This vulnerability is uniquely identified as CVE-2026-34538. The attack is possible to be carried out remotely. No exploit exists. It is suggested to upgrade the affected component.

A vulnerability categorized as critical has been discovered in Apache Airflow up to 3.1.x. This affects an unknown function of the component JWT Token Handler. Executing a manipulation can lead to session expiration. This vulnerability appears as CVE-2025-57735. The attack may be performed from remote. There is no available exploit. It is advisable to upgrade the affected component.