Aggregator

A vulnerability was found in niteosoft Simple Job Script 1.66. It has been classified as critical. Affected is an unknown function of the file delete_application_ajax.php. This manipulation of the argument app_id causes sql injection. This vulnerability is tracked as CVE-2019-25501. The attack is possible to be carried out remotely. Moreover, an exploit is present.

A vulnerability was found in niteosoft Simple Job Script 1.66 and classified as critical. This impacts an unknown function of the file get_job_applications_ajax.php. The manipulation of the argument job_id results in sql injection. This vulnerability is identified as CVE-2019-25499. The attack can be executed remotely. Additionally, an exploit exists.

A vulnerability has been found in Blondish PHPads 2.0 and classified as critical. This affects an unknown function of the file click.php3. The manipulation of the argument bannerID leads to sql injection. This vulnerability is referenced as CVE-2019-25503. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

A vulnerability, which was classified as very critical, was found in Cisco Secure Firewall Management Center. The impacted element is an unknown function of the component Web-based Management Interface. Executing a manipulation can lead to deserialization. The identification of this vulnerability is CVE-2026-20131. The attack may be launched remotely. There is no exploit available. You should upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Cisco Secure Firewall Management Center. The affected element is an unknown function of the component REST API. Performing a manipulation results in sql injection. This vulnerability was named CVE-2026-20003. The attack may be initiated remotely. There is no available exploit. It is advisable to upgrade the affected component.

A vulnerability classified as critical was found in Cisco Secure Firewall Management Center. Impacted is an unknown function of the component REST API. Such manipulation leads to sql injection. This vulnerability is uniquely identified as CVE-2026-20001. The attack can be launched remotely. No exploit exists. Upgrading the affected component is advised.

A vulnerability classified as problematic has been found in Cisco Secure Firewall Adaptive Security Appliance Software. This issue affects some unknown processing of the component CLI. This manipulation causes incorrect execution-assigned permissions. This vulnerability is handled as CVE-2026-20062. It is possible to launch the attack on the local host. There is not any exploit available. It is recommended to upgrade the affected component.

A vulnerability described as problematic has been identified in Cisco Secure Firewall Adaptive Security Appliance Software and Secure Firewall Threat Defense Software. This vulnerability affects unknown code of the component Access SSL VPN/HTTP Management/MUS. The manipulation results in memory leak. This vulnerability is known as CVE-2026-20106. It is possible to launch the attack remotely. No exploit is available. Upgrading the affected component is recommended.

A vulnerability marked as problematic has been reported in Cisco Secure Firewall Adaptive Security Appliance Software and Secure Firewall Threat Defense Software. This affects an unknown part of the component Remote Access SSL VPN. The manipulation leads to memory leak. This vulnerability is traded as CVE-2026-20105. It is possible to initiate the attack remotely. There is no exploit available. It is suggested to upgrade the affected component.

The FBI has seized the LeakBase cybercrime forum, a major online forum used by cybercriminals buy and sell hacking tools and stolen data. [...]

Microsoft, Europol, and partners have dismantled the Tycoon 2FA phishing-as-a-service (PhaaS) platform, seizing 330 domains used for credential theft and MFA bypass. This coordinated action disrupts a service active since 2023 that powered tens of millions of phishing emails monthly. Tycoon 2FA enabled cybercriminals to bypass multifactor authentication (MFA) via adversary-in-the-middle (AiTM) techniques, capturing credentials, […]

The post Tycoon 2FA Phishing Kit Disrupted by Microsoft, Europol and Partners appeared first on Cyber Security News.

Как китайские спецслужбы подарили миру автоматический сканер уязвимостей.

Cybersecurity researchers have warned of a surge in retaliatory hacktivist activity following the U.S.-Israel coordinated military campaign against Iran, codenamed Epic Fury and Roaring Lion. "The hacktivist threat in the Middle East is highly lopsided, with two groups, Keymous+ and DieNet, driving nearly 70% of all attack activity between February 28 and March 2," Radware said in a Tuesday

Microsoft’s October 2025 Windows Recovery Environment update for Windows 10 introduced a critical boot failure issue, rendering WinRE inaccessible on affected systems, with a fix confirmed only in March 2026. Released on October 14, 2025, KB5068164 was designed to automatically apply Safe OS Dynamic Update KB5067017 to the Windows Recovery Environment (WinRE) on Windows 10 […]

The post Windows 10 Update KB5068164 Breaks Windows Recovery Environment appeared first on Cyber Security News.

Events and concepts from the Stranger Things television series illustrate how enterprises can defend their networks and stay "right side up."

Рекламный идентификатор внезапно стал идеальным цифровым ошейником.

An international law enforcement operation coordinated by Europol has disrupted Tycoon2FA, a major phishing-as-a-service (PhaaS) platform linked to tens of millions of phishing messages each month. [...]

这种变化并不只发生在防守侧。对蓝队来说，LLM 可以用来加速安全运营，做分析、做响应、做辅助决策。但站在红队视角，尤其是渗透测试场景，大模型同样展现出了极强的破坏力。从信息收集到漏洞利用，从脚本生成到攻击路径规划，很多原本需要经验积累的工作，正在被模型快速接管。

Best DeleteMe alternatives for 2026 compared, including Incogni, Optery, Aura, Kanary, and Privacy Bee for data broker removal and privacy protection.