Aggregator

A vulnerability has been found in Greenshot up to 1.3.310 and classified as critical. This affects the function FormatArguments of the file ExternalCommandDestination.cs. The manipulation leads to os command injection. This vulnerability is uniquely identified as CVE-2026-22035. Local access is required to approach this attack. No exploit exists. The affected component should be upgraded.

A vulnerability labeled as problematic has been found in Intel Processor. Affected by this issue is some unknown functionality. Such manipulation leads to improper handling of values. This vulnerability is documented as CVE-2025-31648. The attack needs to be performed locally. There is not any exploit available.

A vulnerability has been found in GitLab Community Edition and Enterprise Edition up to 18.7.4/18.8.4/18.9.0 and classified as problematic. This vulnerability affects unknown code of the component Mermaid Sandbox UI. Performing a manipulation results in cross site scripting. This vulnerability is cataloged as CVE-2026-0752. It is possible to initiate the attack remotely. There is no exploit available. The affected component should be upgraded.

A vulnerability, which was classified as critical, has been found in FreeRDP up to 3.22.x. The affected element is the function xf_SetWindowMinMaxInfo. Performing a manipulation results in use after free. This vulnerability is cataloged as CVE-2026-25952. It is possible to initiate the attack remotely. There is no exploit available. It is advisable to upgrade the affected component.

Астрономы нашли галактики, которых не должно быть.

Cybersecurity researchers have disclosed details of a now-patched security flaw in Google Chrome that could have permitted attackers to escalate privileges and gain access to local files on the system. The vulnerability, tracked as CVE-2026-0628 (CVSS score: 8.8), has been described as a case of insufficient policy enforcement in the WebView tag. It was patched by Google in early January 2026

Active Directory remains the backbone of enterprise identity. Despite years of modernization efforts, many organizations still rely on legacy authentication protocols that were never designed for today’s threat landscape. New reporting from Dark Reading highlights how attackers continue to abuse NTLM and Kerberos within Microsoft Active Directory environments to escalate privileges, move laterally, and maintain

The post When Trusted Authentication Enables Privilege Escalation appeared first on Seceon Inc.

The post When Trusted Authentication Enables Privilege Escalation appeared first on Security Boulevard.

各位T00ls坛友、网络安全同仁 👋： 上元月正圆 🌝，春满旧山河 🌸。在这灯月交辉 ✨、万家团圆 👨‍👩‍👧‍👦 的良辰美景，T00ls论坛向所有日夜坚守在网络安全一线的您 ，致以最深切的节日问候！🎉 我们深知，网络世界的每一个安全节点 ，都离不开您的默默守护 。正如海报上那碗热气腾腾 ♨️、象征团圆的元宵 🥣，是我们追求的安全防线的完整 ，是漏洞修补后的无瑕 。 愿这碗寓意美好的汤圆，能为您扫去敲代码和挖洞的疲惫 🍵。在这个美好的夜晚 🌃，不仅要保障业务上的“诸事成‘圆’” ，更祝您： 🔍 漏洞无处遁形 🏰 防线坚如磐石 ⚔️ 攻防技高一筹 ❤️ 生活阖家安康 T00ls始终与您并肩同行 🤝。 让我们在这团圆之夜，互道一声：元宵快乐 🏮，网安同行！🚀

A high-severity security vulnerability has been discovered in Google Chrome’s integrated Gemini AI assistant, exposing users to unauthorized camera and microphone access, local file theft, and phishing attacks, all without requiring any user interaction beyond launching the browser’s built-in AI panel. Tracked as CVE-2026-0628, the flaw was uncovered by researchers at Palo Alto Networks’ Unit […]

The post Chrome Gemini Vulnerability Lets Attackers Access Victims’ Camera and Microphone Remotely appeared first on Cyber Security News.

A vulnerability categorized as critical has been discovered in HPE AutoPass License Server up to 9.18. Affected by this vulnerability is an unknown functionality. Executing a manipulation can lead to improper authentication. This vulnerability is registered as CVE-2026-23600. It is possible to launch the attack remotely. No exploit is available. It is advisable to upgrade the affected component.

Open-source ecosystems power modern software development. Millions of developers rely on public repositories to accelerate innovation and reduce development time. That trust, however, is increasingly being weaponized. New reporting from The Hacker News reveals that North Korean threat actors have published 26 malicious packages to the npm registry in an attempt to compromise developer environments

The post North Korean Hackers Target Developers Through npm Packages appeared first on Seceon Inc.

The post North Korean Hackers Target Developers Through npm Packages appeared first on Security Boulevard.

Злоумышленники использовали Archive.org для скрытой доставки вирусов.

Google has announced a new program in its Chrome browser to ensure that HTTPS certificates are secure against the future risk posed by quantum computers. "To ensure the scalability and efficiency of the ecosystem, Chrome has no immediate plan to add traditional X.509 certificates containing post-quantum cryptography to the Chrome Root Store," the Chrome Secure Web and Networking Team said. "

A vulnerability has been found in NocoDB up to 0.301.2 and classified as problematic. The impacted element is an unknown function. This manipulation causes cross site scripting. This vulnerability is handled as CVE-2026-28357. The attack can be initiated remotely. There is not any exploit available. The affected component should be upgraded.

A vulnerability, which was classified as problematic, was found in NocoDB up to 0.301.2. The affected element is an unknown function of the component v-html. The manipulation results in HTML injection. This vulnerability is known as CVE-2026-28401. It is possible to launch the attack remotely. No exploit is available. You should upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in FreeType up to 2.13.3/2.14.1. Impacted is the function tt_var_load_item_variation_store of the component HVAR/VVAR/MVAR. The manipulation leads to out-of-bounds read. This vulnerability is traded as CVE-2026-23865. It is possible to initiate the attack remotely. There is no exploit available. It is advisable to upgrade the affected component.

A vulnerability classified as critical was found in Tenda AC6 15.03.06.23. This issue affects some unknown processing of the file /goform/WifiWpsStart. Executing a manipulation can lead to stack-based buffer overflow. This vulnerability appears as CVE-2025-70252. The attack may be performed from remote. There is no available exploit.