Aggregator

Иран привыкает к цифровому средневековью.

Cisco has released a critical security advisory warning of a severe vulnerability in its Secure Firewall Management Center (FMC) Software. This flaw allows an unauthenticated, remote attacker to bypass authentication and execute script files, thereby gaining full root access to the underlying operating system. The vulnerability, tracked as CVE-2026-20079, stems from an improper system process […]

The post Cisco Secure Firewall Management Vulnerability Allow Attackers to Bypass Authentication appeared first on Cyber Security News.

活动时间：2026年3月09日 10点 - 3月18日 18点

LeakBase, an open-web cybercrime forum facilitating the trade of leaked databases and “stealer logs” containing stolen credentials, has been taken down in an international law enforcement operation coordinated by Europol and involving authorities from 14 countries. Police in action (Source: Europol) Active since 2021, LeakBase hosted a large archive of breached databases and compromised credentials used to facilitate account takeover, fraud and further cyber intrusions. By December 2025, the forum had more than 142,000 registered … More →

The post LeakBase cybercrime forum with 142,000 users taken down in global operation appeared first on Help Net Security.

当所有人都在卷算力的时候，理想汽车开始卷「数学定律」了。

A new and carefully crafted phishing campaign is currently targeting LastPass users, with attackers sending fake support emails designed to steal vault master passwords. The campaign, which began on or around March 1, 2026, relies on social engineering tactics to trick users into believing their accounts have been compromised, pushing them to hand over their […]

The post Hackers Mimic LastPass Support Email to Steal Vault Passwords appeared first on Cyber Security News.

Tycoon 2FA, a phishing-as-a-service platform that allowed cybercriminals to bypass MFA and break into online accounts, has been disrupted by law enforcement agencies and cybersecurity partners. Takedown of the Tycoon 2FA phishing-as-a-service platform (Source: Europol) Active since August 2023, Tycoon 2FA was among the largest phishing operations worldwide. At its peak, the platform accounted for about 62% of phishing attempts blocked by Microsoft, according to investigators. The service operated on a subscription model and gave … More →

The post Authorities pull plug on Tycoon 2FA phishing-as-a-service platform appeared first on Help Net Security.

A vulnerability has been found in Dell PowerScale OneFS up to 9.10.1.6/9.11.0.0/9.12.0.1 and classified as critical. This issue affects some unknown processing. This manipulation causes incorrect privilege assignment. This vulnerability is registered as CVE-2026-21425. The attack needs to be launched locally. No exploit is available. The affected component should be upgraded.

A vulnerability classified as critical was found in Dell PowerScale OneFS up to 9.10.1.6/9.11.0.0/9.12.0.1. Affected by this issue is some unknown functionality. Executing a manipulation can lead to incorrect default permissions. This vulnerability is tracked as CVE-2026-21423. The attack is restricted to local execution. No exploit exists. Upgrading the affected component is advised.

A vulnerability was found in Dell PowerScale OneFS up to 9.10.1.6/9.11.0.0/9.12.0.1 and classified as critical. Impacted is an unknown function. Such manipulation leads to execution with unnecessary privileges. This vulnerability is documented as CVE-2026-21421. The attack needs to be performed locally. There is not any exploit available. It is suggested to upgrade the affected component.

A vulnerability was found in Dell PowerScale OneFS up to 9.10.1.6/9.11.0.0/9.12.0.1. It has been declared as critical. The impacted element is an unknown function. Executing a manipulation can lead to execution with unnecessary privileges. This vulnerability appears as CVE-2026-21424. The attack requires local access. There is no available exploit. It is recommended to upgrade the affected component.

A vulnerability was found in Dell PowerScale OneFS up to 9.10.0.0/9.10.1.5/9.11.0.0/9.12.0.1. It has been classified as problematic. The affected element is an unknown function. Performing a manipulation results in external control of system or configuration setting. This vulnerability is reported as CVE-2026-21422. The attack requires a local approach. No exploit exists.

Исследователи нашли странности в сетевом трафике мессенджера.

A Russian national pleaded guilty to a wire fraud conspiracy charge related to his role in administering the Phobos ransomware operation, which breached hundreds of victims worldwide. [...]

致力于第一时间为企业级用户提供权威漏洞情报和有效解决方案。

漏洞来源漏洞描述n8n 的工作流表达式求值系统存在严重的远程代码执行 (RCE) 漏洞。已认证用户在工作流配置期间提供的表达式可能会在与底层运行时隔离不足的执行上下文中进行求值。已认证的攻击者可以利用此漏洞，以 n8n 进程的权限执行任意代码。成功利用此漏洞可能导致受影响实例完全被攻陷，包括未经授权访问敏感数据、修改工作流以及执行系统级操作。漏洞分析漏洞入口点在packages/cli/src/s

漏洞简介n8n 在其工作流表达式评估系统中存在一个关键的远程代码执行（RCE）漏洞。经过认证的用户在工作流配置过程中提供的表达式，可以在与底层运行时隔离不足的执行上下文中进行评估。 经过认证的攻击者可能会滥用这种行为，以n8n进程的权限执行任意代码。成功的利用可能导致受影响实例的全面入侵，包括未经授权访问敏感数据、修改工作流程以及系统级作的执行。漏洞影响评分：9.9版本：<1.123.17,

New York, USA, March 4th, 2026, CyberNewswire The industry must pivot to Preemptive Defense: As agentic tools like Claude Code enable attackers to scan and exploit vulnerabilities at machine speed, a “prioritized list” is no longer a defense; it’s a liability. Reclaim Security, a preemptive exposure-remediation platform, today announced $26 million in total funding, including […]

The post Reclaim Security Raises $26M to Eliminate the 27-Day Remediation Gap appeared first on Cyber Security News.

3月13日十八周年开放注册即将到来，届时会提前发布公告通知，“星标”公众号以防错过。