Aggregator

CVE-2026-1698 | arcinfo PcVue up to 15.2.13/16.3.3 HTTP Header /Authentication/Logout Host http headers for scripting syntax (EUVD-2026-8842)

3 months 3 weeks ago

A vulnerability labeled as problematic has been found in arcinfo PcVue up to 15.2.13/16.3.3. This vulnerability affects unknown code of the file /Authentication/Logout of the component HTTP Header Handler. Such manipulation of the argument Host leads to improper neutralization of http headers for scripting syntax. This vulnerability is documented as CVE-2026-1698. The attack can be executed remotely. There is not any exploit available.

vuldb.com

CVE-2026-1692 | arcinfo PcVue up to 12.0.0/15.2.13/16.3.3 WebVue/WebScheduler/TouchVue/SnapVue connect missing origin validation in websockets

VulDB Recent Entries

3 months 3 weeks ago

A vulnerability identified as problematic has been detected in arcinfo PcVue up to 12.0.0/15.2.13/16.3.3. This affects an unknown part of the file GraphicalData/js/signalR/connect of the component WebVue/WebScheduler/TouchVue/SnapVue. This manipulation causes missing origin validation in websockets. This vulnerability is registered as CVE-2026-1692. Remote exploitation of the attack is possible. No exploit is available.

vuldb.com

CVE-2026-1693 | arcinfo PcVue up to 12.0.0/15.2.13/16.3.3 WebVue/WebScheduler/TouchVue/Snapvue weak authentication

VulDB Recent Entries

3 months 3 weeks ago

A vulnerability categorized as problematic has been discovered in arcinfo PcVue up to 12.0.0/15.2.13/16.3.3. Affected by this issue is some unknown functionality of the component WebVue/WebScheduler/TouchVue/Snapvue. The manipulation results in weak authentication. This vulnerability is cataloged as CVE-2026-1693. The attack may be launched remotely. There is no exploit available.

vuldb.com

CISA mixup of IOC domains

NETRESEC Network Security Blog

3 months 3 weeks ago

Googles Threat Intelligence Group (GTIG) and Mandiants recent Disrupting the GRIDTIDE Global Cyber Espionage Campaign report is great and it has lots of good Indicators of Compromise (IOC). Many of these IOCs had already been shared by CISA last year as part of their Alert AA25-141A titled Russian G[...]

Erik Hjelmvik

Интернет защищён от перехвата маршрутов. Кроме случаев, когда DNS не защищён. А DNS не защищён почти везде

Securitylab.ru

3 months 3 weeks ago

Специалисты предупредили о риске масштабных перехватов трафика из-за ошибок в инфраструктуре реестров.

Global Cyber Agencies Urge Immediate Patching of Cisco SD-WAN Zero Day

Information Security Magazine

3 months 3 weeks ago

The US and allies are urging Cisco Catalyst SD-WAN customers to hunt for signs of exploitation

Stealth & Control: Mastering Linux Post-Exploitation with the Eden-RAT GUI

Penetration Testing Tools - Metepreter.org

3 months 3 weeks ago

Introduction Eden-RAT is a lightweight remote access tool (RAT) designed for the initial stage of penetration testing. It

The post Stealth & Control: Mastering Linux Post-Exploitation with the Eden-RAT GUI appeared first on Penetration Testing Tools.

ddos

The Rogue Peer Threat: CISA Issues Emergency Directive to Thwart Global Cisco SD-WAN Hijacking

Penetration Testing Tools - Metepreter.org

3 months 3 weeks ago

The offensives targeting Cisco networking infrastructure have reached such a critical magnitude that United States authorities have invoked

The post The Rogue Peer Threat: CISA Issues Emergency Directive to Thwart Global Cisco SD-WAN Hijacking appeared first on Penetration Testing Tools.

ddos

The Chatbot Saboteur: How Claude Was Coerced into a 150GB Heist of Mexican State Intelligence

Penetration Testing Tools - Metepreter.org

3 months 3 weeks ago

An unidentified adversary manipulated the Claude chatbot, developed by Anthropic, to orchestrate a series of surgical strikes against

The post The Chatbot Saboteur: How Claude Was Coerced into a 150GB Heist of Mexican State Intelligence appeared first on Penetration Testing Tools.

ddos

MicYou – 将 Android 手机变成电脑无线麦克风[跨平台]

不安全

3 months 3 weeks ago

嗯，用户让我总结一下这篇文章的内容，控制在100字以内，而且不需要用“文章内容总结”之类的开头。直接写描述就行。首先，我得通读一下文章。文章主要讲的是MicYou这款开源的Android应用，它可以把安卓设备变成电脑的无线麦克风。支持Windows、macOS和Linux系统，连接方式有Wi-Fi、USB和蓝牙。然后，功能方面提到了噪声抑制、自动增益控制和去混响这些音频处理功能。还有虚拟麦克风，配合VB-Cable使用。用户可以根据需要调整采样率、声道数和音频格式。使用方法的话，需要通过ADB连接手机和电脑，支持USB或者Wi-Fi模式。安装安卓应用和电脑客户端后就可以用了。macOS用户还需要额外安装两个软件包。最后，获取方式是通过GitHub或者网盘搬运。现在我要把这些信息浓缩到100字以内。重点包括：MicYou的功能、支持的系统、连接方式、主要功能以及使用方法中的关键点。可能的结构是：MicYou是一款开源Android应用，将安卓设备变为无线麦克风，支持多系统和多种连接方式，并提供音频处理功能。用户需通过ADB连接手机与电脑，并安装相应客户端即可使用。这样大概在100字左右了。 MicYou 是一款开源 Android 应用，可将安卓设备变为无线麦克风，支持多系统连接（Wi-Fi、USB、蓝牙），提供噪声抑制、自动增益控制等功能，并可通过虚拟麦克风输入系统。

CVE-2026-1565 | User Frontend Plugin up to 4.2.8 on WordPress Setting check_filetype_and_ext unrestricted upload

VulDB Recent Entries

3 months 3 weeks ago

A vulnerability was found in User Frontend Plugin up to 4.2.8 on WordPress. It has been rated as critical. Affected by this vulnerability is the function WPUF_Admin_Settings::check_filetype_and_ext of the component Setting Handler. The manipulation leads to unrestricted upload. This vulnerability is listed as CVE-2026-1565. The attack may be initiated remotely. There is no available exploit.

vuldb.com

The Spreadsheet Spy: How a Decadelong Chinese Espionage Campaign Hijacked Google Sheets to Bypass Global Defenses

Penetration Testing Tools - Metepreter.org

3 months 3 weeks ago

An international cyber-espionage campaign that languished in the shadows for a decade has abruptly surfaced across dozens of

The post The Spreadsheet Spy: How a Decadelong Chinese Espionage Campaign Hijacked Google Sheets to Bypass Global Defenses appeared first on Penetration Testing Tools.

ddos

Ghost in the Hull: How Ransomware is Paralyzing Global Fleets via Satellite and Shipboard Systems

Penetration Testing Tools - Metepreter.org

3 months 3 weeks ago

Cyber offensives targeting maritime vessels have transcended the realm of rarity, increasingly precipitating tangible disruptions within global fleet

The post Ghost in the Hull: How Ransomware is Paralyzing Global Fleets via Satellite and Shipboard Systems appeared first on Penetration Testing Tools.

ddos

Mozilla Crushes 50+ Vulnerabilities in Massive Firefox 148 Security Overhaul

Penetration Testing Tools - Metepreter.org

3 months 3 weeks ago

In the latest iteration of the Firefox browser, developers have mitigated dozens of critical vulnerabilities, many of which

The post Mozilla Crushes 50+ Vulnerabilities in Massive Firefox 148 Security Overhaul appeared first on Penetration Testing Tools.

ddos

日本 2025 年新生儿数连续十年减少

Solidot

3 months 3 weeks ago

日本厚生劳动省公布的人口动态统计（初值）显示，包含外国人的 2025 年新生儿数为 705,809 人，跌至 1899 年开始统计以来的新低。较上年减少 2.1%（15,179人）。这是连续 10 年刷新最少纪录，反映了少子化的加剧。减幅较上年有所收窄。死亡人数减去出生人数所得的人口“自然减少”为 899,845 人，创历史新高，人口减少势头未得到抑制。

CrowdStrike’s 2026 Report Warns of the Rise of the “Invisible Adversary”

Penetration Testing Tools - Metepreter.org

3 months 3 weeks ago

In 2025, cyber adversaries exhibited a meteoric surge in operational velocity, increasingly eschewing traditional malware in favor of

The post CrowdStrike’s 2026 Report Warns of the Rise of the “Invisible Adversary” appeared first on Penetration Testing Tools.

ddos

«Кризис интеллекта» и 800 пунктов вниз. Как один пост в блоге обвалил Dow Jones

Securitylab.ru

3 months 3 weeks ago

Почему ИИ может оставить нас без зарплат, а рынок — без денег.

年后邮箱怕踩坑？速领安全防护新解法

嘶吼

3 months 3 weeks ago

直播时间： 2月27日（周五）15：00

立即预约：领取千元好礼+《高发钓鱼邮件案例》合集

直播亮点

1、揭露年后高发钓鱼手法，快速识别风险

2、解读核心安全数据，指导配置与预算

3、拆解校企差异化场景，科学制定防护建议

立即扫码预约锁定席位，福利干货全都有，安全开工更省心！

CACTER邮件安全

年后邮箱怕踩坑？速领安全防护新解法

不安全

3 months 3 weeks ago

嗯，用户让我帮忙总结一篇文章的内容，控制在一百个字以内，而且不需要特定的开头。首先，我需要仔细阅读文章内容。看起来这篇文章是关于一个直播活动的宣传，时间在2月27日下午三点。文章里提到直播有三个亮点：揭露年后高发的钓鱼手法，解读核心安全数据，以及拆解校企场景下的防护建议。还有扫码预约可以领取千元好礼和案例合集。目标是帮助用户安全开工更省心。接下来，我需要把这些信息浓缩到100字以内。要抓住关键点：直播时间、主要内容、亮点和福利。同时，语言要简洁明了，直接描述内容。可能的结构是：直播时间、主题、亮点、福利和目标。这样既全面又简洁。现在开始组织语言：2月27日下午三点的直播将揭露年后钓鱼手法，解读安全数据，并提供校企防护建议。预约可领千元好礼和案例合集，助您安全开工。检查一下字数，刚好在限制内，并且涵盖了所有重要信息。 2月27日下午三点直播将揭露年后高发钓鱼手法、解读核心安全数据并提供校企防护建议。扫码预约可领取千元好礼及《高发钓鱼邮件案例》合集，助您安全开工更省心！

Seedance 2.0 登上春晚大屏：8K/50FPS背后的最佳拍档

字节跳动技术团队

3 months 3 weeks ago

Aggregator

Managed ad