KRYBIT
You must login to view this content
Aggregator
Shai-Hulud Worm Steals npm, GitHub, AWS, and Kubernetes Secrets From Developers
1 month ago
A dangerous new piece of malware called Shai-Hulud has emerged as one of the most alarming supply chain threats of 2026. It is a self-propagating worm that quietly tunnels through developer environments, stealing credentials from npm, GitHub, AWS, and Kubernetes all at once. Hundreds of malicious packages have already been tied to this campaign, making […]
The post Shai-Hulud Worm Steals npm, GitHub, AWS, and Kubernetes Secrets From Developers appeared first on Cyber Security News.
Tushar Subhra Dutta
英国对 MS Office 涉嫌垄断展开调查
1 month ago
英国竞争市场管理局(CMA)正式启动调查,查明微软将 Windows、Office、Teams、Copilot 及相关产品捆绑销售是否构成不公平竞争。CMA CEO Sarah Cardell 表示,商业软件是英国经济的基石,数十万客户依赖微软的系统。她表示 CMA 的目标是了解市场的发展情况,微软在其中的地位,考虑是否需要采取任何有针对性的措施,以确保英国企业能从选择、创新和具有竞争力的价格中受益。微软捆绑销售办公软件、AI 和云计算的做法将是英国的调查对象。调查预计将于明年 2 月结束。
Debian обязал разработчиков доказывать «чистоту» своего кода
1 month ago
Система миграции Debian начала автоматически блокировать пакеты, которые не проходят тест воспроизводимости.
CVE-2026-22740 | Vmware Spring Framework up to 5.3.47/6.1.26/6.2.17/7.0.6 Multipart Request resource consumption (Nessus ID 314917 / WID-SEC-2026-1177)
1 month ago
A vulnerability, which was classified as problematic, was found in Vmware Spring Framework up to 5.3.47/6.1.26/6.2.17/7.0.6. The affected element is an unknown function of the component Multipart Request Handler. Executing a manipulation can lead to resource consumption.
The identification of this vulnerability is CVE-2026-22740. The attack may be launched remotely. There is no exploit available.
You should upgrade the affected component.
vuldb.com
CVE-2026-22741 | Vmware Spring Framework up to 5.3.47/6.1.26/6.2.17/7.0.6 MVC/WebFlux cache containing sensitive information (EUVD-2026-26206 / Nessus ID 314917)
1 month ago
A vulnerability marked as problematic has been reported in Vmware Spring Framework up to 5.3.47/6.1.26/6.2.17/7.0.6. This issue affects some unknown processing of the component MVC/WebFlux. This manipulation causes use of cache containing sensitive information.
This vulnerability appears as CVE-2026-22741. The attack may be initiated remotely. There is no available exploit.
It is suggested to upgrade the affected component.
vuldb.com
CVE-2026-22745 | Vmware Spring Framework up to 5.3.47/6.1.26/6.2.17/7.0.6 on Windows MVC/WebFlux resource consumption (EUVD-2026-26207 / Nessus ID 314917)
1 month ago
A vulnerability described as problematic has been identified in Vmware Spring Framework up to 5.3.47/6.1.26/6.2.17/7.0.6 on Windows. Impacted is an unknown function of the component MVC/WebFlux. Such manipulation leads to resource consumption.
This vulnerability is traded as CVE-2026-22745. The attack may be launched remotely. There is no exploit available.
Upgrading the affected component is recommended.
vuldb.com
CVE-2026-44573 | vercel next.js up to 15.5.15/16.2.4 /_next/data/.json authorization (Nessus ID 314910 / WID-SEC-2026-1401)
1 month ago
A vulnerability was found in vercel next.js up to 15.5.15/16.2.4 and classified as problematic. Impacted is an unknown function of the file /_next/data/.json. The manipulation results in incorrect authorization.
This vulnerability is cataloged as CVE-2026-44573. The attack may be launched remotely. There is no exploit available.
It is suggested to upgrade the affected component.
vuldb.com
Hackers Abuse OAuth Device Authorization Flow to Steal Microsoft 365 Tokens
1 month ago
Hackers are exploiting a little-known feature of Microsoft’s authentication system to steal account credentials at scale. Device code phishing campaigns now target organizations worldwide by manipulating the OAuth device authorization flow, turning a security feature into a major vulnerability. This emerging threat has surged dramatically since late 2024, catching security teams unprepared for attacks that […]
The post Hackers Abuse OAuth Device Authorization Flow to Steal Microsoft 365 Tokens appeared first on Cyber Security News.
Tushar Subhra Dutta
Microsoft backpedals: Edge to stop loading passwords into memory
1 month ago
Microsoft is updating the Edge web browser to ensure it no longer loads saved passwords into process memory in clear text at startup after previously stating it was "by design." [...]
Sergiu Gatlan
CVE-2017-3310 | Oracle Database Server 11.2.0.4/12.1.0.2 OJVM information disclosure (Nessus ID 96611 / ID 20030)
1 month ago
A vulnerability classified as critical has been found in Oracle Database Server 11.2.0.4/12.1.0.2. This vulnerability affects unknown code of the component OJVM. The manipulation leads to information disclosure.
This vulnerability is traded as CVE-2017-3310. It is possible to initiate the attack remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2017-3311 | Oracle Enterprise Manager 12.4.0.2/12.5.0.2/12.5.0.3 Application Testing Suite access control (BID-95584 / ID 1037633)
1 month ago
A vulnerability, which was classified as critical, has been found in Oracle Enterprise Manager 12.4.0.2/12.5.0.2/12.5.0.3. Affected by this vulnerability is an unknown functionality of the component Application Testing Suite. The manipulation leads to improper access controls.
This vulnerability is traded as CVE-2017-3311. It is possible to initiate the attack remotely. There is no exploit available.
It is advisable to upgrade the affected component.
vuldb.com
CVE-2017-3303 | Oracle XML Gateway up to 12.2.6 Transport Agent access control (Nessus ID 96608 / BID-95602)
1 month ago
A vulnerability identified as critical has been detected in Oracle XML Gateway up to 12.2.6. Affected by this vulnerability is an unknown functionality of the component Transport Agent. Performing a manipulation results in improper access controls.
This vulnerability is identified as CVE-2017-3303. The attack can be initiated remotely. There is not any exploit available.
You should upgrade the affected component.
vuldb.com
CVE-2017-3300 | Oracle PeopleSoft 8.54/8.55 PeopleTools mcfIM.jar access control (BID-95505 / ID 1037634)
1 month ago
A vulnerability identified as problematic has been detected in Oracle PeopleSoft 8.54/8.55. This vulnerability affects unknown code of the file PORTAL.war/WEB-INF/lib/mcfIM.jar of the component PeopleTools. The manipulation leads to improper access controls.
This vulnerability is referenced as CVE-2017-3300. Remote exploitation of the attack is possible. Furthermore, an exploit is available.
You should upgrade the affected component.
vuldb.com
CVE-2017-3298 | Oracle PeopleSoft 8.54/8.55 PeopleTools 7pk security (BID-95504 / ID 1037634)
1 month ago
A vulnerability labeled as critical has been found in Oracle PeopleSoft 8.54/8.55. This issue affects some unknown processing of the component PeopleTools. The manipulation results in 7pk security features.
This vulnerability is identified as CVE-2017-3298. The attack can be executed remotely. There is not any exploit available.
The affected component should be upgraded.
vuldb.com
CVE-2017-3299 | Oracle PeopleSoft 8.54/8.55 PeopleTools access control (BID-95503 / ID 1037634)
1 month ago
A vulnerability marked as critical has been reported in Oracle PeopleSoft 8.54/8.55. Impacted is an unknown function of the component PeopleTools. This manipulation causes improper access controls.
This vulnerability is tracked as CVE-2017-3299. The attack is possible to be carried out remotely. No exploit exists.
It is suggested to upgrade the affected component.
vuldb.com
CVE-2017-3296 | Oracle Commerce Platform 10.0.3.5/10.2.0.5/11.2.0.2 Dynamo Application Framework information disclosure
1 month ago
A vulnerability was found in Oracle Commerce Platform 10.0.3.5/10.2.0.5/11.2.0.2 and classified as critical. Affected by this issue is some unknown functionality of the component Dynamo Application Framework. Such manipulation leads to information disclosure.
This vulnerability is traded as CVE-2017-3296. The attack may be launched remotely. There is no exploit available.
It is suggested to upgrade the affected component.
vuldb.com
CVE-2017-3314 | Oracle FLEXCUBE Universal Banking 12.0.0/12.1.0/12.2.0 access control (BID-95549 / ID 1037636)
1 month ago
A vulnerability was found in Oracle FLEXCUBE Universal Banking 12.0.0/12.1.0/12.2.0. It has been rated as critical. The impacted element is an unknown function. This manipulation causes improper access controls.
This vulnerability is handled as CVE-2017-3314. The attack can be initiated remotely. There is not any exploit available.
Upgrading the affected component is advised.
vuldb.com
CVE-2017-3297 | Oracle FLEXCUBE Direct Banking 12.0.2/12.0.3 Framework access control (BID-95603 / ID 1037636)
1 month ago
A vulnerability classified as critical has been found in Oracle FLEXCUBE Direct Banking 12.0.2/12.0.3. This affects an unknown part of the component Framework. This manipulation causes improper access controls.
This vulnerability is tracked as CVE-2017-3297. The attack is possible to be carried out remotely. No exploit exists.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2017-3301 | Oracle Solaris 11.3 Kernel (Nessus ID 96602 / ID 296008)
1 month ago
A vulnerability categorized as problematic has been discovered in Oracle Solaris 11.3. This impacts an unknown function of the component Kernel. Executing a manipulation can lead to an unknown weakness.
This vulnerability appears as CVE-2017-3301. The attack requires local access. There is no available exploit.
It is advisable to upgrade the affected component.
vuldb.com