Aggregator

A vulnerability described as critical has been identified in Grafana up to 11.6.8/12.0.7/12.1.4/12.2.2/12.3.0. Affected by this issue is some unknown functionality of the component Dashboard Permissions API. Executing a manipulation can lead to permission issues. This vulnerability is registered as CVE-2026-21721. It is possible to launch the attack remotely. No exploit is available. Upgrading the affected component is recommended.

A vulnerability labeled as problematic has been found in Grafana up to 11.6.8/12.0.7/12.1.4/12.2.2/12.3.0. Affected is an unknown function of the file /avatar/:hash of the component Gravatar Image Handler. Such manipulation leads to insufficiently random values. This vulnerability is listed as CVE-2026-21720. The attack may be performed from remote. There is no available exploit. The affected component should be upgraded.

A large-scale reconnaissance campaign is actively targeting SonicWall firewalls across the internet, with attackers using more than 4,000 unique IP addresses to map vulnerable devices before launching exploitation attempts. Between February 22 and February 25, 2026, threat actors generated 84,142 scanning sessions against SonicWall SonicOS infrastructure, originating from 4,305 distinct IP addresses across 20 autonomous […]

The post Hackers Attacking SonicWall Firewalls from 4,000+ unique IP Addresses to Exploit Vulnerabilities appeared first on Cyber Security News.

看到一道几何最值题，，，，求 最大值。高中生可飞速求解，心算能力强的能直接出值。

Claude appears to be having a major outage right now, with elevated errors reported across all platforms. [...]

A vulnerability marked as critical has been reported in Linux Kernel up to 6.12.60/6.17.10. Affected by this issue is the function lookup_mnt_ns. This manipulation causes improper update of reference count. This vulnerability is registered as CVE-2025-68300. The attack requires access to the local network. No exploit is available. It is suggested to upgrade the affected component.

A vulnerability marked as critical has been reported in Linux Kernel up to 6.12.63/6.18.2/6.19-rc1. Affected by this vulnerability is the function simple_offset_rename. Performing a manipulation results in information disclosure. This vulnerability is cataloged as CVE-2025-71072. The attack must originate from the local network. There is no exploit available. It is suggested to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.12.60/6.17.10. It has been classified as critical. This vulnerability affects the function btusb_mtk_claim_iso_intf. The manipulation leads to null pointer dereference. This vulnerability is referenced as CVE-2025-68298. The attack needs to be initiated within the local network. No exploit is available. Upgrading the affected component is recommended.

A vulnerability labeled as critical has been found in Linux Kernel up to 6.12.63/6.18.2/6.19-rc1. This issue affects the function alps_reconnect. Executing a manipulation can lead to use after free. This vulnerability is registered as CVE-2025-68822. The attack requires access to the local network. No exploit is available. The affected component should be upgraded.

A vulnerability classified as critical has been found in Linux Kernel up to 6.12.63/6.18.2/6.19-rc1. Affected is an unknown function of the component KVM. Performing a manipulation results in use after free. This vulnerability is reported as CVE-2025-68810. The attacker must have access to the local network to execute the attack. No exploit exists. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.12.63/6.18.3/6.19-rc3. It has been classified as critical. This vulnerability affects the function rtl92cu_tx_fill_desc of the file drivers/net/wireless/realtek/rtlwifi/rtl8192cu/trx.c of the component wifi. Performing a manipulation of the argument tids[] results in improper validation of array index. This vulnerability is known as CVE-2025-71100. Access to the local network is required for this attack. No exploit is available. Upgrading the affected component is recommended.

A vulnerability has been found in py-pdf pypdf up to 6.7.1 and classified as problematic. Impacted is an unknown function. The manipulation leads to infinite loop. This vulnerability is listed as CVE-2026-27628. The attack may be initiated remotely. There is no available exploit. The affected component should be upgraded.

When a breach occurs, most security teams move fast on containment. Systems get isolated, backups get activated, and logs get […]

The post Threat Attribution: Why Structure Beats Speculation And How Hawkeye Delivers Both appeared first on HawkEye.

Специалисты обнаружили связь между старыми игровыми аккаунтами и современными хакерскими атаками.

研究人员构建了迄今最详尽的图谱，展示了衰老如何影响21种哺乳动物组织中的数千种细胞亚型。他们通过分析不同年龄段小鼠的近 700 万个单细胞，确定了随时间推移最易受损的细胞，以及促使其衰老的因素。研究人员对 32 只小鼠21个器官中提取的数百万个单细胞进行分析。这些小鼠处于 3 个年龄段：1 个月（年轻成年小鼠）、5 个月（中年小鼠）、21 个月（老年小鼠）。研究人员识别出了超过 1800 种不同的细胞亚型，其中包括许多此前未被完整描述过的罕见类型。随后研究团队追踪了各年龄阶段小鼠不同类型细胞的数量变化情况。数十年来，科学家们一直认为衰老主要改变的是细胞功能，而非细胞数量。而研究团队的分析结果对这一观点提出了挑战。他们发现，约 1/4 的细胞类型在数量上随时间推移发生了显著变化，比如某些肌肉细胞和肾细胞的数量大幅减少，而免疫细胞数量则大幅增加。这些变化在不同器官的细胞中具有同步性，相似的细胞状态在不同器官中几乎同时出现和消失。这种模式表明，血液中循环中的共同信号可能有助协调全身的衰老过程。大约 40% 与衰老相关的改变因性别而异。例如女性衰老过程中，表现出更广泛的免疫激活情况。

In response to the evolving events in the Middle East, the NCSC is advising that UK organisations review their cyber security posture.

Most SaaS teams remember the day their user traffic started growing fast. Few notice the day bots started targeting them. On paper, everything looks great: more sign-ups, more sessions, more API calls. But in reality, something feels off: Sign-ups increase, but users aren’t activating. Server costs rise faster than revenue. Logs are filled with repeated requests from strange user agents. If

Сервис OnlyFake предлагал фото паспорта на столе для обхода банковских проверок.

A newly identified botnet trojan campaign, dubbed OCRFix, has been discovered combining social engineering tricks with blockchain-based command infrastructure to quietly build a network of compromised machines. The campaign blends the well-known ClickFix phishing technique with EtherHiding — a method that stores attacker instructions directly on a public blockchain, making takedowns nearly impossible.​ The attack […]

The post OCRFix Botnet Trojan Leveraging ClickFix Phishing and EtherHiding to Conceal Blockchain-Based Command Infrastructure appeared first on Cyber Security News.

Oasis Security reveals how a new ClawJacked vulnerability could allow attackers to silently take over a victim’s OpenClaw agent