Aggregator

Submit #742678 / VDB-344485

Submit #742677 / VDB-344484

Permission sprawl is colliding with AI regulations, creating new compliance risks across hybrid and multi-cloud environments.

The post The Compliance Convergence Challenge: Permission Sprawl and AI Regulations in Hybrid Environments appeared first on Security Boulevard.

Securing AI agents can’t fall on customers. Platform providers must own data protection, prompt injection defense and agent guardrails.

The post Securing Agents Isn’t the Customer’s Job, It’s the Platform’s appeared first on Security Boulevard.

Police officers from Poland’s Central Bureau for Combating Cybercrime (CBZC) have arrested a 20-year-old man suspected of carrying out global DDoS attacks targeting high-profile and strategically important websites. Arrest (Source: Poland’s Central Bureau for Combating Cybercrime) The suspect faces six criminal charges, including disrupting IT systems and obtaining specialized software designed to conduct cyberattacks. If convicted, he could be sentenced to up to five years in prison. “The 20-year-old confessed to most of the charges … More →

The post Police shut down global DDoS operation, arrest 20-year-old appeared first on Help Net Security.

速更新

速修复

实战成效显著，360以AI辅助漏洞发现斩获天府杯双项荣誉

Зачем приближать изображение линзами, если можно «раздуть» саму клетку и увидеть всё?

A vulnerability classified as critical has been found in SiYuan up to 3.5.4. Affected by this vulnerability is an unknown functionality of the file /api/file/copyFile of the component File Endpoint. The manipulation of the argument dest leads to path traversal. This vulnerability is traded as CVE-2026-25539. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in devtron-labs devtron up to 2.0.0. It has been declared as critical. The impacted element is an unknown function of the component Attributes API Interface. The manipulation results in missing authorization. This vulnerability is identified as CVE-2026-25538. The attack can be executed remotely. There is not any exploit available. It is best practice to apply a patch to resolve this issue.

A vulnerability identified as problematic has been detected in OpenMage magento-lts up to 20.16.0. This affects an unknown part of the component Admin URL. The manipulation leads to information disclosure. This vulnerability is listed as CVE-2026-25523. The attack may be initiated remotely. There is no available exploit. You should upgrade the affected component.

The elusive Iranian threat group known as Infy (aka Prince of Persia) has evolved its tactics as part of efforts to hide its tracks, even as it readied new command-and-control (C2) infrastructure coinciding with the end of the widespread internet blackout the regime imposed at the start of January 2026. "The threat actor stopped maintaining its C2 servers on January 8 for the first time since we

A fresh wave of spam is hitting inboxes worldwide, with users reporting that they are once again being bombarded by automated emails generated through companies' unsecured Zendesk support systems. Some recipients say they are receiving hundreds of messages with strange or alarming subject lines. such as 'Activate account...' [...]

A vulnerability was found in Linux Kernel up to 6.12.53/6.17.3. It has been declared as critical. The impacted element is the function ioremap_cache of the component kvm. Such manipulation leads to improper initialization. This vulnerability is referenced as CVE-2025-40181. The attack needs to be initiated within the local network. No exploit is available. It is recommended to upgrade the affected component.

A vulnerability described as problematic has been identified in Cisco Evolved Programmable Network Manager and Prime Infrastructure. Impacted is an unknown function of the component Web-based Management Interface. Executing a manipulation can lead to open redirect. This vulnerability is tracked as CVE-2026-20123. The attack can be launched remotely. No exploit exists. Upgrading the affected component is recommended.

A vulnerability marked as problematic has been reported in Cisco Prime Infrastructure. Affected by this vulnerability is an unknown functionality of the component Web-based Management Interface. Performing a manipulation results in cross site scripting. This vulnerability is known as CVE-2026-20111. Remote exploitation of the attack is possible. No exploit is available. It is suggested to upgrade the affected component.

A vulnerability classified as critical was found in Linux Kernel up to 5.15.194/6.1.156/6.6.112/6.12.53/6.17.3. This issue affects the function kvmalloc of the component ext4. Executing a manipulation can lead to allocation of resources. This vulnerability appears as CVE-2025-40179. The attacker needs to be present on the local network. There is no available exploit. Upgrading the affected component is advised.

A vulnerability categorized as problematic has been discovered in x-crypto up to 0.42.x on Go. Affected is an unknown function. Executing a manipulation can lead to improper check or handling of exceptional conditions. This vulnerability is tracked as CVE-2025-47913. The attack can be launched remotely. No exploit exists. It is advisable to upgrade the affected component.

A vulnerability classified as critical has been found in Linux Kernel up to 6.17.3. This vulnerability affects the function pid_nr_ns. Performing a manipulation results in null pointer dereference. This vulnerability is reported as CVE-2025-40178. The attacker must have access to the local network to execute the attack. No exploit exists. It is recommended to upgrade the affected component.