Aggregator

Over 1,200 IceWarp servers still vulnerable to unauthenticated RCE flaw (CVE-2025-14500)

Help Net Security
1 month 3 weeks ago

A critical RCE vulnerability (CVE-2025-14500) in IceWarp, an EU-made business communication and collaboration platform, may be exploited by attackers to gain unauthorized access to exposed unpatched servers. According to the Shadowserver Foundation, there are currently over 1,200 internet-facing instances that have yet to receive a fix, and the organization is sending out alerts to the owners, urging them to update. About CVE-2025-14500 IceWarp, developed by the Czech company of the same name, is a business … More →

The post Over 1,200 IceWarp servers still vulnerable to unauthenticated RCE flaw (CVE-2025-14500) appeared first on Help Net Security.

Zeljka Zorz

When Cloud SaaS DDoS Mitigation Offerings Aren’t Enough

Netscout
1 month 3 weeks ago
For a large Asia-based financial group, protecting customer-facing services wasn’t just a security priority—it was a regulatory mandate. The group’s environment spanned multiple subsidiaries with a mix of on‑premises data centers plus rapidly expanding public cloud workloads. The organization needed a single...
Andrew Green

CVE-2026-21424 | Dell PowerScale OneFS up to 9.10.1.6/9.11.0.0/9.12.0.1 unnecessary privileges (dsa-2026-038)

VulDB Recent Entries
1 month 3 weeks ago
A vulnerability was found in Dell PowerScale OneFS up to 9.10.1.6/9.11.0.0/9.12.0.1. It has been declared as critical. The impacted element is an unknown function. Executing a manipulation can lead to execution with unnecessary privileges. This vulnerability appears as CVE-2026-21424. The attack requires local access. There is no available exploit. It is recommended to upgrade the affected component.
vuldb.com

CVE-2026-21422 | Dell PowerScale OneFS up to 9.10.0.0/9.10.1.5/9.11.0.0/9.12.0.1 external control of setting (dsa-2026-038)

VulDB Recent Entries
1 month 3 weeks ago
A vulnerability was found in Dell PowerScale OneFS up to 9.10.0.0/9.10.1.5/9.11.0.0/9.12.0.1. It has been classified as problematic. The affected element is an unknown function. Performing a manipulation results in external control of system or configuration setting. This vulnerability is reported as CVE-2026-21422. The attack requires a local approach. No exploit exists.
vuldb.com

CVE-2026-21421 | Dell PowerScale OneFS up to 9.10.1.6/9.11.0.0/9.12.0.1 unnecessary privileges (dsa-2026-038)

VulDB Recent Entries
1 month 3 weeks ago
A vulnerability was found in Dell PowerScale OneFS up to 9.10.1.6/9.11.0.0/9.12.0.1 and classified as critical. Impacted is an unknown function. Such manipulation leads to execution with unnecessary privileges. This vulnerability is documented as CVE-2026-21421. The attack needs to be performed locally. There is not any exploit available. It is suggested to upgrade the affected component.
vuldb.com

CVE-2026-21425 | Dell PowerScale OneFS up to 9.10.1.6/9.11.0.0/9.12.0.1 privileges assignment (dsa-2026-038)

VulDB Recent Entries
1 month 3 weeks ago
A vulnerability has been found in Dell PowerScale OneFS up to 9.10.1.6/9.11.0.0/9.12.0.1 and classified as critical. This issue affects some unknown processing. This manipulation causes incorrect privilege assignment. This vulnerability is registered as CVE-2026-21425. The attack needs to be launched locally. No exploit is available. The affected component should be upgraded.
vuldb.com

Coruna iOS Exploit Kit Uses 23 Exploits Across Five Chains Targeting iOS 13–17.2.1

The Hackers News
1 month 3 weeks ago
Google said it identified a "new and powerful" exploit kit dubbed Coruna (aka CryptoWaters) targeting Apple iPhone models running iOS versions between 13.0 and 17.2.1. The exploit kit featured five full iOS exploit chains and a total of 23 exploits, Google Threat Intelligence Group (GTIG) said. It's not effective against the latest version of iOS. The findings were first reported by WIRED. "The
The Hacker News

CVE-2026-21426 | Dell PowerScale OneFS up to 9.10.1.6/9.11.0.0/9.12.0.1 unnecessary privileges (dsa-2026-038)

VulDB Recent Entries
1 month 3 weeks ago
A vulnerability, which was classified as critical, was found in Dell PowerScale OneFS up to 9.10.1.6/9.11.0.0/9.12.0.1. This vulnerability affects unknown code. The manipulation results in execution with unnecessary privileges. This vulnerability is cataloged as CVE-2026-21426. The attack must be initiated from a local position. There is no exploit available. You should upgrade the affected component.
vuldb.com

CVE-2026-22270 | Dell PowerScale OneFS up to 9.10.1.6/9.11.0.0/9.12.0.1 uncontrolled search path (dsa-2026-038)

VulDB Recent Entries
1 month 3 weeks ago
A vulnerability, which was classified as problematic, has been found in Dell PowerScale OneFS up to 9.10.1.6/9.11.0.0/9.12.0.1. This affects an unknown part. The manipulation leads to uncontrolled search path. This vulnerability is listed as CVE-2026-22270. The attack must be carried out locally. There is no available exploit. It is advisable to upgrade the affected component.
vuldb.com

CVE-2026-21423 | Dell PowerScale OneFS up to 9.10.1.6/9.11.0.0/9.12.0.1 default permission (dsa-2026-038)

VulDB Recent Entries
1 month 3 weeks ago
A vulnerability classified as critical was found in Dell PowerScale OneFS up to 9.10.1.6/9.11.0.0/9.12.0.1. Affected by this issue is some unknown functionality. Executing a manipulation can lead to incorrect default permissions. This vulnerability is tracked as CVE-2026-21423. The attack is restricted to local execution. No exploit exists. Upgrading the affected component is advised.
vuldb.com

CVE-2026-25907 | Dell PowerScale OneFS 9.13.0.0 overly restrictive account lockout mechanism (dsa-2026-095)

VulDB Recent Entries
1 month 3 weeks ago
A vulnerability classified as problematic has been found in Dell PowerScale OneFS 9.13.0.0. Affected by this vulnerability is an unknown functionality. Performing a manipulation results in overly restrictive account lockout mechanism. This vulnerability is identified as CVE-2026-25907. The attack can be initiated remotely. There is not any exploit available.
vuldb.com

CVE-2026-23231 | Linux Kernel up to 6.1.164/6.6.127/6.12.74/6.18.13/6.19.3 netfilter nf_tables_addchain use after free

VulDB Recent Entries
1 month 3 weeks ago
A vulnerability marked as critical has been reported in Linux Kernel up to 6.1.164/6.6.127/6.12.74/6.18.13/6.19.3. This impacts the function nf_tables_addchain of the component netfilter. This manipulation causes use after free. The identification of this vulnerability is CVE-2026-23231. The attack needs to be done within the local network. There is no exploit available. It is suggested to upgrade the affected component.
vuldb.com

Groups Push Back on HHS' Proposed Health IT Rollbacks

BankInfoSecurity.com
1 month 3 weeks ago
CHIME, AHA, Others Contend Privacy, Security Burden Would Shift to Providers
Proposals to eliminate certain longstanding health IT certification criteria - including privacy and security related controls - will shift regulatory burden from health IT developers to healthcare providers, some industry groups contend in their public response to proposed federal rulemaking.

Managed ad