Aggregator

A vulnerability classified as critical has been found in Zenitel TCIS-3+ prior 9.2.3.3. This vulnerability affects unknown code of the component Uploaded File Handler. Performing a manipulation results in command injection. This vulnerability is cataloged as CVE-2025-59818. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability labeled as critical has been found in Cisco Meeting Management up to 3.12.0. This vulnerability affects unknown code of the component Certificate Management. Such manipulation leads to unrestricted upload. This vulnerability is referenced as CVE-2026-20098. It is possible to launch the attack remotely. No exploit is available. The affected component should be upgraded.

A vulnerability marked as critical has been reported in Linux Kernel up to 6.6.121/6.12.67/6.18.7/6.19-rc6. This issue affects the function trace_event_raw_event_synth. Performing a manipulation results in memory corruption. This vulnerability is identified as CVE-2026-23088. The attack can only be performed from the local network. There is not any exploit available. It is suggested to upgrade the affected component.

A vulnerability labeled as critical has been found in Linux Kernel up to 6.6.121/6.12.67/6.18.7/6.19-rc6. The affected element is the function tcf_ife_encode of the component sched. Executing a manipulation can lead to null pointer dereference. The identification of this vulnerability is CVE-2026-23064. The attack needs to be done within the local network. There is no exploit available. The affected component should be upgraded.

The financial sector resembles a treasure vault under constant siege. Banks, insurers, and fintech firms are not just custodians of money. They are guardians of irreplaceable personal and corporate data, payment flows, transactional integrity, and trust itself.   When cybercriminals strike, the ripple effects cascade outward, threatening individual savings, corporate balance sheets, national infrastructures, and broader economic confidence.  The Biggest […]

The post How Threat Intelligence Helps Protect Financial Organizations from Business Risk appeared first on ANY.RUN's Cybersecurity Blog.

Нашелся вредонос на Perl, который никто не видит, но он уже везде.

As the compliance deadline quickly approaches for changes to align the federal rules for the confidentiality of substance use disorder records with HIPAA, entities that participate in so-called Part 2 programs still face critical unanswered questions, said attorney Aleksandra Vold of BakerHostetler.

Leaked Financial and Admissions Data Includes Contact Details for 'Top Donors'
Harvard University has been named as a victim and doxed by hack-and-leak group ShinyHunters, apparently as a result of the cybercrime group's ongoing "live phishing" attacks that often attempt to trick IT help desks into giving attackers direct access to a victim's network and cloud-based data.

Acquisition Adds Okta and Ping Coverage to Semperis' Identity Security Platform
Semperis has acquired MightyID to extend its identity-first security and cyber resilience strategy beyond Active Directory and Entra ID into Okta and Ping. CEO Mickey Bresman says the deal addresses customer demand for multi-identity provider protection backup recovery and migration.

Southern Connecticut State University CIO Tom Armstrong on Modernization Priorities
Like other schools, Southern Connecticut State University is under pressure to modernize legacy systems, strengthen security and adopt AI. CIO Tom Armstrong must balance expanding research ambitions, student expectations and operational efficiency in an increasingly complex risk environment.

Funding at $1B Valuation Targets AI-Driven Investigations and Compliance Tools
TRM Labs has secured $70 million in Series C funding led by Blockchain Capital reaching a $1 billion valuation. CEO Esteban Castano says the money will boost AI-powered investigations, compliance automation and intelligence as criminals use AI to scale cybercrime faster than defenders can respond.

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. 

• CVE-2025-11953 React Native Community CLI OS Command Injection Vulnerability
• CVE-2026-24423 SmarterTools SmarterMail Missing Authentication for Critical Function Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. 

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information. 

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of KEV Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

Attackers are leaning on a new EDR killer malware that can shut down 59 widely used endpoint security products by misusing a kernel driver that once shipped with Guidance Software’s EnCase digital forensics tool, Huntress researchers warn. This particular driver is legitimate but its certificate expired and was revoked more than ten years ago. Even so, Windows still allows it to load. The attack Huntress’ security experts spotted this intrusion earlier this month, and discovered … More →

The post Why a decade-old EnCase driver still works as an EDR killer appeared first on Help Net Security.

Actions by authorities from Italy, Romania, Spain, the United Kingdom, Canada, Kosovo and South Korea, supported by Eurojust and Europol, led to the seizure of multiple illegal streaming services. A total of 31 suspected members have been linked to the operation. The group engaged in unauthorised distribution of pay TV content, illegal access to information technology systems, computer fraud and money laundering. The activity expanded as revenue increased, enabling the distribution of illegal streaming services … More →

The post International sting dismantles illegal streaming empire serving millions appeared first on Help Net Security.

Researchers at Check Point link ‘Amarath-Dragon’ attacks to prolific Chinese cyber-espionage operation

A vulnerability was found in Chapa Payment Gateway Plugin for WooCommerce Plugin up to 1.0.3 on WordPress. It has been rated as problematic. This affects the function chapa_proceed of the component API Endpoint. The manipulation leads to information disclosure. This vulnerability is referenced as CVE-2025-15482. Remote exploitation of the attack is possible. No exploit is available.

A vulnerability categorized as critical has been discovered in MyRewards Plugin up to 5.6.0 on WordPress. This vulnerability affects the function ajax. The manipulation results in missing authorization. This vulnerability is identified as CVE-2025-15260. The attack can be executed remotely. There is not any exploit available.

A vulnerability identified as problematic has been detected in Magic Import Document Extractor Plugin up to 1.0.4 on WordPress. This issue affects the function get_frontend_settings. This manipulation causes information disclosure. This vulnerability is tracked as CVE-2025-15508. The attack is possible to be carried out remotely. No exploit exists.

A vulnerability labeled as problematic has been found in Fortis for WooCommerce Plugin up to 1.2.0 on WordPress. Impacted is the function check_fortis_notify_response of the component Order Status Update Handler. Such manipulation leads to missing authorization. This vulnerability is listed as CVE-2026-0679. The attack may be performed from remote. There is no available exploit.

A vulnerability described as critical has been identified in Michael Lups SEO Flow by LupsOnline Plugin up to 2.2.1 on WordPress. The impacted element is the function checkBlogAuthentication. Executing a manipulation can lead to improper authentication. This vulnerability is registered as CVE-2025-15285. It is possible to launch the attack remotely. No exploit is available.