Aggregator

Phishing Schemes Abuse .arpa TLD and IPv6 Tunnels to Evade Detection

Cyber Security News
2 months ago

Cybersecurity researchers at Infoblox Threat Intel have uncovered a highly sophisticated phishing campaign that exploits the foundational plumbing of the internet to bypass enterprise security controls. In a novel evasion tactic, threat actors are weaponizing the .arpa top-level domain (TLD) and utilizing IPv6 tunnels to host malicious phishing content. This approach actively circumvents traditional domain reputation checks, […]

The post Phishing Schemes Abuse .arpa TLD and IPv6 Tunnels to Evade Detection appeared first on Cyber Security News.

Dhivya

当你需要帮助时狗的反应类似 2 岁小孩但猫只会旁观

Solidot
2 months ago
根据发表在《Animal Behaviour》期刊上的一项研究,匈牙利研究人员对比了人在需要帮助时 18-24 个月的幼儿、以及宠物狗和猫的反应。结果显示,狗的自发性亲社会行为与幼儿类似,而猫则是冷眼旁观。在实验中,熟人如父母或主人假装在寻找一个藏起来的东西,四分之三的情况下狗和幼儿会提供帮助。猫只有在符合自身利益时才会参与进来提供帮助。

Iran Has One Card Left—It’s Pointed at Your Network

Security Boulevard
2 months ago

In light of today’s attack by the U.S. and Israel on Iran, it is prudent to ask: What can Iran do? Strip away everything Iran had a year ago and ask yourself what’s left. Their nuclear program? Set back years, maybe a decade. Their air defenses? Dismantled across two conflicts. Hezbollah? Degraded to the point..

The post Iran Has One Card Left—It’s Pointed at Your Network appeared first on Security Boulevard.

Alan Shimel

CVE-2026-27571 | nats-io nats-server up to 2.11.11/2.12.2 WebSockets data amplification (Nessus ID 299911)

Vuldb Updates
2 months ago
A vulnerability labeled as problematic has been found in nats-io nats-server up to 2.11.11/2.12.2. Impacted is an unknown function of the component WebSockets Handler. The manipulation results in highly compressed data. This vulnerability is identified as CVE-2026-27571. The attack can be executed remotely. There is not any exploit available. The affected component should be upgraded.
vuldb.com

CVE-2026-26340 | Tattile Smart+ up to 1.181.5 RTSP Service missing authentication (ZSL-2026-5978)

Vuldb Updates
2 months ago
A vulnerability described as critical has been identified in Tattile Smart+, Tolling+, Smart+ Speed, Smart+ Traffic Light, Axle Counter, Vega53, Vega33, Vega11, Basic MK2 and ANPR Mobile up to 1.181.5. Affected is an unknown function of the component RTSP Service. Executing a manipulation can lead to missing authentication. This vulnerability is tracked as CVE-2026-26340. The attack can be launched remotely. No exploit exists.
vuldb.com

CVE-2026-27468 | Mastodon up to 4.4.13/4.5.6 FASP Feature EXPERIMENTAL_FEATURES authorization (GHSA-qgmm-vr4c-ggjg)

Vuldb Updates
2 months ago
A vulnerability classified as problematic was found in Mastodon up to 4.4.13/4.5.6. Affected by this issue is some unknown functionality of the component FASP Feature. The manipulation of the argument EXPERIMENTAL_FEATURES results in missing authorization. This vulnerability is cataloged as CVE-2026-27468. The attack may be launched remotely. There is no exploit available. Upgrading the affected component is advised.
vuldb.com

CVE-2025-33179 | NVIDIA Cumulus Linux GA/Cumulus Linux LTS/NVOS NVUE Interface privileges assignment

Vuldb Updates
2 months ago
A vulnerability, which was classified as critical, has been found in NVIDIA Cumulus Linux GA, Cumulus Linux LTS and NVOS. This affects an unknown part of the component NVUE Interface. This manipulation causes incorrect privilege assignment. This vulnerability is registered as CVE-2025-33179. The attack requires access to the local network. No exploit is available.
vuldb.com

CVE-2025-33180 | NVIDIA Cumulus Linux GA/Cumulus Linux LTS/NVOS NVUE Interface command injection

Vuldb Updates
2 months ago
A vulnerability, which was classified as critical, was found in NVIDIA Cumulus Linux GA, Cumulus Linux LTS and NVOS. This vulnerability affects unknown code of the component NVUE Interface. Such manipulation leads to command injection. This vulnerability is documented as CVE-2025-33180. The attack requires being on the local network. There is not any exploit available.
vuldb.com

CVE-2026-26341 | Tattile Smart+ up to 1.181.5 Management Interface default credentials (ZSL-2026-5977)

Vuldb Updates
2 months ago
A vulnerability was found in Tattile Smart+, Tolling+, Smart+ Speed, Smart+ Traffic Light, Axle Counter, Vega53, Vega33, Vega11, Basic MK2 and ANPR Mobile up to 1.181.5. It has been classified as very critical. The affected element is an unknown function of the component Management Interface. The manipulation leads to use of default credentials. This vulnerability is traded as CVE-2026-26341. It is possible to initiate the attack remotely. There is no exploit available.
vuldb.com

CVE-2026-1768 | Devolutions Server up to 2025.3.14 Permission Cache authorization (DEVO-2026-0004 / Nessus ID 300079)

Vuldb Updates
2 months ago
A vulnerability categorized as problematic has been discovered in Devolutions Server up to 2025.3.14. This impacts an unknown function of the component Permission Cache. Such manipulation leads to incorrect authorization. This vulnerability is uniquely identified as CVE-2026-1768. The attack can only be initiated within the local network. No exploit exists. It is advisable to upgrade the affected component.
vuldb.com

CVE-2025-14963 | Trellix Endpoint HX Agent Local Security Authority Subsystem Service lsass.exe input validation (EUVD-2025-208089 / WID-SEC-2026-0538)

Vuldb Updates
2 months ago
A vulnerability marked as critical has been reported in Trellix Endpoint HX Agent. Affected by this issue is some unknown functionality in the library fekern.sys of the file lsass.exe of the component Local Security Authority Subsystem Service. The manipulation leads to improper input validation. This vulnerability is referenced as CVE-2025-14963. The attack can only be performed from a local environment. No exploit is available.
vuldb.com

Managed ad