Aggregator

由于[email protected]是他用来在社交网站注册账号用的邮箱，大多只是通知邮件，所以，只放Jeffrey Epstein 的内容

A vulnerability has been found in EZCast Pro II 1.17478.146 and classified as problematic. The affected element is an unknown function of the component Admin UI. Performing a manipulation results in cross site scripting. This vulnerability is known as CVE-2026-24348. Remote exploitation of the attack is possible. No exploit is available.

A vulnerability was found in D-Link DCS-700L 1.03.09. It has been rated as critical. The affected element is the function uploadmusic of the file /setUploadMusic of the component Music File Upload Service. The manipulation of the argument UploadMusic leads to path traversal. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is uniquely identified as CVE-2026-1532. The attack can only be initiated within the local network. Moreover, an exploit is present.

A vulnerability marked as problematic has been reported in IBM DB2 and DB2 Connect Server up to 11.5.9/12.1.3. Affected is an unknown function of the component XML Column Handler. The manipulation leads to improper neutralization of special elements in data query logic. This vulnerability is traded as CVE-2025-36442. It is possible to initiate the attack remotely. There is no exploit available. It is suggested to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in IBM DB2 and DB2 Connect Server up to 11.5.9/12.1.3. This vulnerability affects unknown code of the component Table Handler. Performing a manipulation results in allocation of resources. This vulnerability was named CVE-2025-36070. The attack may be initiated remotely. There is no available exploit. It is advisable to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in IBM DB2 and DB2 Connect Server up to 11.5.9/12.1.3. This issue affects some unknown processing of the component XML Data Handler. Executing a manipulation can lead to allocation of resources. The identification of this vulnerability is CVE-2025-36123. The attack can only be executed locally. There is no exploit available. You should upgrade the affected component.

A vulnerability labeled as problematic has been found in IBM DB2 and DB2 Connect Server up to 11.5.9/12.1.3. Affected by this issue is some unknown functionality. The manipulation results in authorization bypass. This vulnerability is reported as CVE-2025-36365. The attack can be launched remotely. No exploit exists. The affected component should be upgraded.

A vulnerability marked as problematic has been reported in IBM DB2 and DB2 Connect Server up to 11.5.9/12.1.3. This affects an unknown part of the component Data Query Logic. This manipulation causes improper neutralization of special elements in data query logic. This vulnerability appears as CVE-2025-36353. The attack requires local access. There is no available exploit. It is suggested to upgrade the affected component.

A vulnerability classified as problematic was found in IBM DB2 and DB2 Connect Server up to 12.1.3. Impacted is an unknown function of the component Data Query Logic. Executing a manipulation can lead to improper validation of specified quantity in input. This vulnerability is handled as CVE-2025-36423. The attack can be executed remotely. There is not any exploit available. Upgrading the affected component is advised.

A vulnerability was found in IBM DB2 up to 12.1.3 on Windows. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. Executing a manipulation can lead to unquoted search path. This vulnerability is tracked as CVE-2025-36384. The attack is restricted to local execution. No exploit exists. It is recommended to upgrade the affected component.

A vulnerability marked as problematic has been reported in ixray-team ixray-1.6-stcop up to 1.2. This issue affects some unknown processing. This manipulation causes information disclosure. The identification of this vulnerability is CVE-2026-24870. It is possible to initiate the attack remotely. There is no exploit available. It is suggested to upgrade the affected component.

Varonis CEO Yaki Faitelson Warns Misconfigured AI Is an Accident Waiting to Happen
Varonis has acquired AllTrue.ai to close visibility gaps in AI security. CEO Yaki Faitelson said enterprises are deploying AI agents that access vast datasets at high speed without understanding permissions identity context or abnormal behavior creating urgent demand for data-first AI security.

Also, Active Exploits Hit SolarWinds, Ivanti as APT28 Targets EU, Ukraine
This week, Italy blocked Russian cyberattacks targeting the Olympics. Flaws in SolarWinds, Ivanti and Microsoft Office. Russia's APT28 ramped up attacks in Ukraine, supply chain attacks, regulators probed major breaches and a U.S. judge sentenced the operator of a darkweb drug marketplace.

Global Cyber Alliance: as AI Fuels Cybercrime, Outcomes Keep Getting Worse
Security teams report stronger controls and broader collaboration each year. Yet cybercrime outcomes continue to worsen. Brian Cute of the Global Cyber Alliance says artificial intelligence-based attacks are tipping the scales against cyber defenders.

Terminated Employee Accused of Stealing 1M Patient Records
A former Nuance Communications IT worker is facing additional federal charges in an ongoing criminal case alleging he downloaded and stored on a personal hard drive with more than 1 million patient records of a Nuance client two days after he was terminated from his job in 2023.

上周围绕“如何找到好的安全工作方向”，以及如何通过“度量”来破局2026年的企业安全工作，和大家做了交流。 这周我准备聚焦企业安全文化建设，继续和大家聊聊！ 我发现，企业的安全文化建设对安全工作的价值，其实是被严重低估的。它能很大程度地从源头上帮企业筑牢安全防线、减少隐患损失，但它却常常被当成“面子工程”。 很多人不知道应该怎么把安全文化落地，让它真正发挥作用，实现安全价值。还有很多朋友不知道应该从哪下手去建设，害怕工作流于表面变成走形式，也怕所做的投入没有效果。 所以本周日（2月8日）晚上19:30，我会围绕3个核心话题和大家好好聊： 一、企业安全文化的巨大价值，为何总被忽视？ 二、企业安全文化到底怎么帮企业实现安全价值、助力高质量发展？ 三、怎么才能一步步去做好安全文化建设，避开形式化误区？ 这周的内容，相信在企业做安全工作的朋友，都能有所收获！欢迎朋友们点击下方卡片预约直播！

扫码加入，一起做好应用安全；当码过期了，扫我微信拉你（备注加群）。