Aggregator

CVE-2021-4473 | Beijing Topsec Network Security Tianxin Internet Behavior Management System prior 4.0.0.7_20210716.180815 Reporter objClass os command injection (CNVD-2021-41972 / EUVD-2021-34776)

VulDB Recent Entries
2 months 1 week ago
A vulnerability categorized as critical has been discovered in Beijing Topsec Network Security Tianxin Internet Behavior Management System. Impacted is an unknown function of the component Reporter Component. The manipulation of the argument objClass results in os command injection. This vulnerability is cataloged as CVE-2021-4473. The attack may be launched remotely. There is no exploit available. It is advisable to upgrade the affected component.
vuldb.com

Fast-moving Storm-1175 uses new exploits to breach networks and drop Medusa

Security Affairs
2 months 1 week ago
China-based actor Storm-1175 runs fast ransomware attacks, exploiting new flaws to breach systems and quickly deploy Medusa ransomware. China-based actor Storm-1175 carries out fast, financially driven ransomware attacks by exploiting newly disclosed vulnerabilities before organizations patch them. The group targets exposed systems and quickly moves from initial access to data theft and Medusa ransomware deployment, […]
Pierluigi Paganini

CVE-2026-3466 | Checkmk up to 2.2.0/2.3.0p45/2.4.0p24/2.5.0b2 Dashboard Dashlet Title Link cross site scripting

VulDB Recent Entries
2 months 1 week ago
A vulnerability was found in Checkmk up to 2.2.0/2.3.0p45/2.4.0p24/2.5.0b2. It has been rated as problematic. This issue affects some unknown processing of the component Dashboard Dashlet Title Link Handler. The manipulation leads to cross site scripting. This vulnerability is listed as CVE-2026-3466. The attack may be initiated remotely. There is no available exploit. Upgrading the affected component is advised.
vuldb.com

CVE-2025-39666 | Checkmk up to 2.2.0/2.3.0p45/2.4.0p24/2.5.0b2 untrusted search path

VulDB Recent Entries
2 months 1 week ago
A vulnerability was found in Checkmk up to 2.2.0/2.3.0p45/2.4.0p24/2.5.0b2. It has been declared as problematic. This vulnerability affects unknown code. Executing a manipulation can lead to untrusted search path. This vulnerability is tracked as CVE-2025-39666. The attack is restricted to local execution. No exploit exists. It is recommended to upgrade the affected component.
vuldb.com

CVE-2026-28808 | Erlang OTP up to 28.4.2 mod_alias.erl script_alias authorization

VulDB Recent Entries
2 months 1 week ago
A vulnerability was found in Erlang OTP up to 28.4.2. It has been classified as critical. This affects the function script_alias in the library lib/inets/src/http_server/mod_alias.erl. Performing a manipulation results in incorrect authorization. This vulnerability is identified as CVE-2026-28808. The attack can be initiated remotely. There is not any exploit available.
vuldb.com

New GPUBreach Attack Enables System-Wide Compromise Up to a Root Shell

Cyber Security News
2 months 1 week ago

A severe vulnerability, dubbed GPUBreach, that allows attackers to achieve a full system compromise, including a root shell. Scheduled for presentation at the IEEE Symposium on Security and Privacy, researchers from the University of Toronto show that this exploit elevates GPU Rowhammer attacks from simple data corruption to critical privilege escalation. Historically, GPU Rowhammer attacks […]

The post New GPUBreach Attack Enables System-Wide Compromise Up to a Root Shell appeared first on Cyber Security News.

Abinaya

Cloudflare moves up its post-quantum deadline as researchers narrow the path to Q-Day

Help Net Security
2 months 1 week ago

Cloudflare announced it is targeting 2029 to complete post-quantum security across its entire product suite, including post-quantum authentication. The company is following a revised roadmap that Google also adopted after announcing that it had improved the quantum algorithm used to break elliptic curve cryptography. Google stopped short of publishing the algorithm, disclosing only a zero-knowledge proof of its existence. The same day, a company called Oratomic published a resource estimate for breaking RSA-2048 and P-256 … More →

The post Cloudflare moves up its post-quantum deadline as researchers narrow the path to Q-Day appeared first on Help Net Security.

Mirko Zorz

Not Without My AI Agent: Models Break Rules to Save Peers

Ransomware DataBreachToday.com
2 months 1 week ago
Researchers Find Frontier Models Defy Humans to Protect AI Peers
Artificial intelligence systems will lie, falsify records and sabotage company systems to prevent their fellow models from being shut down - even when no one told them to care. Researchers at the University of California Berkeley and Santa Cruz campuses dub the behavior "peer-preservation."

Attackers Target Zero-Day Flaw in Fortinet Security Software

Ransomware DataBreachToday.com
2 months 1 week ago
Vendor Issues Hotfix for Critical Flaw in FortiClient Endpoint Management Server
Fortinet's endpoint management security server software is under fire from attackers, who are actively targeting two critical flaws, including a fresh zero-day that facilitates unauthenticated remote code or command execution. The vendor has issued a hotfix and promised a full patch.

Trump's Budget Proposal Would Slash CISA After Bruising Year

Ransomware DataBreachToday.com
2 months 1 week ago
White House Criticizes Cyber Defense Agency - and Proposes a Steep $700 Million Cut
The FY2027 proposal would cut roughly $707 million from CISA, reducing staffing, contractor support and coordination programs while shifting the agency toward a narrower focus on federal networks and critical infrastructure amid rising nation-state cyberthreats.

From Alert Overload to Rapid Response: Why Threat Intelligence Is a Top Solution for Fast MTTR 

Cyber Security News
2 months 1 week ago

Reducing Mean Time to Respond (MTTR) is one of the most persistent challenges for modern SOC teams.  Despite investments in SIEM, EDR, and automation, many organizations still struggle to investigate alerts quickly and make confident decisions under pressure. The issue is not a lack of tools, it is the growing gap between alert volume and investigation capacity.  As threat volume […]

The post From Alert Overload to Rapid Response: Why Threat Intelligence Is a Top Solution for Fast MTTR  appeared first on Cyber Security News.

Balaji N

Managed ad