Aggregator

A vulnerability was found in TP-Link VIGI C485 V1 and classified as critical. This issue affects some unknown processing. Such manipulation leads to stack-based buffer overflow. This vulnerability is traded as CVE-2026-1457. Access to the local network is required for this attack to succeed. There is no exploit available.

A vulnerability described as critical has been identified in TP-Link Archer RE605X. Affected by this issue is some unknown functionality of the component Backup Restore. Executing a manipulation can lead to improper input validation. This vulnerability is tracked as CVE-2025-15545. The attack is only possible within the local network. No exploit exists. Upgrading the affected component is recommended.

A vulnerability classified as critical has been found in TP-Link VX800v 1.0. This affects an unknown part of the component SFTP Service. The manipulation leads to link following. This vulnerability is listed as CVE-2025-15541. The attack must be carried out from within the local network. There is no available exploit.

A vulnerability was found in TP-Link VX800v 1.0. It has been rated as problematic. This affects an unknown part of the component INVITE Message Handler. Performing a manipulation results in improper check for unusual conditions. This vulnerability is known as CVE-2025-15542. Remote exploitation of the attack is possible. No exploit is available.

A vulnerability described as critical has been identified in TP-Link VX800v 1.0. The impacted element is an unknown function of the component USB HTTP Access Path. Such manipulation leads to link following. This vulnerability is referenced as CVE-2025-15543. The attack can be executed directly on the physical device. No exploit is available.

A vulnerability has been found in Totolink A3002RU 3.0.0-B20220304.1804 and classified as critical. This impacts the function formIpv6Setup. Performing a manipulation of the argument static_ipv6 results in stack-based buffer overflow. This vulnerability is reported as CVE-2026-26736. The attack is possible to be carried out remotely. No exploit exists.

A vulnerability labeled as critical has been found in Tenda AC21 1.1.1.1/1.dmzip/16.03.08.16. The impacted element is the function mDMZSetCfg of the file /goform/mDMZSetCfg. The manipulation of the argument dmzIp results in command injection. This vulnerability is identified as CVE-2026-1638. The attack can be executed remotely. Additionally, an exploit exists.

A sophisticated credential-stealing campaign built around a tool called VIP Keylogger has emerged as a serious threat to organizations and individuals. Unlike conventional malware that drops files onto a victim’s hard drive, this keylogger runs entirely in memory, making it far harder for traditional security tools to detect. The campaign was first spotted through suspicious […]

The post MaaS VIP Keylogger Campaign Uses Steganography and In-Memory Execution to Steal Credentials at Scale appeared first on Cyber Security News.

Researchers warn of a fake CleanMyMac site using a ClickFix attack to install SHub Stealer on macOS and steal passwords and crypto wallets.

The national cyber director is pitching an approach that blends cyber operations with diplomacy, law enforcement and pressure on CEOs to shore up their organizations.

The post Sean Cairncross lays out what’s coming next for Trump’s cyber strategy appeared first on CyberScoop.

A vulnerability has been found in linagora twake 2023.Q1.1223 and classified as critical. Impacted is an unknown function. This manipulation causes os command injection. The identification of this vulnerability is CVE-2025-70039. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in mscdex ssh2 1.17.0. This issue affects some unknown processing. The manipulation results in incorrect regular expression. This vulnerability was named CVE-2025-70034. The attack may be performed from remote. There is no available exploit.

A vulnerability, which was classified as problematic, has been found in linagora Twake 2023.Q1.1223. This vulnerability affects unknown code. The manipulation leads to open redirect. This vulnerability is uniquely identified as CVE-2025-70037. The attack is possible to be carried out remotely. No exploit exists.

A vulnerability classified as critical was found in linagora Twake 2023.Q1.1223. This affects an unknown part. Executing a manipulation can lead to improper neutralization. This vulnerability is handled as CVE-2025-70038. The attack can be executed remotely. There is not any exploit available.

A vulnerability classified as critical has been found in TP-Link Archer AXE75 up to 1.3.2 Build 20250107. Affected by this issue is some unknown functionality of the component Web Module. Performing a manipulation results in os command injection. This vulnerability is known as CVE-2025-15568. Access to the local network is required for this attack. No exploit is available.

Спиновые волны в магнитном кристалле повторили поведение электронов и открыли путь к новым микроволновым устройствам.

Microsoft says Teams will soon automatically tag third-party bots in lobbies, allowing organizers to control whether they can join meetings. [...]

Salesforce is warning customers that hackers are targeting websites with misconfigured Experience Cloud platforms that give guest users access to more data than intended. However, the ShinyHunters extortion gang claims to be actively exploiting a new bug to steal data from instances. [...]

Signal has officially confirmed an ongoing wave of targeted phishing campaigns resulting in successful account takeovers for high-profile users, including journalists and government officials. The encrypted messaging service explicitly stated that its core infrastructure and end-to-end encryption protocols remain intact and entirely uncompromised. Rather than exploiting technical vulnerabilities, threat actors are bypassing security boundaries by […]

The post Signal Confirms Targeted Phishing Attacks Resulting in Account Takeovers appeared first on Cyber Security News.

照片管理系统 DigiKam 释出了v9.0.0 版本。新版本改进了性能、易用性和工作流效率，对用户界面进行了现代化、增强了元数据管理以及扩展对新相机型号和文件格式的支持。其它变化包括：新工具 Survey 帮助摄影师更高效的查看工作流项目；更先进的搜索和排序选项；批量编辑地理位置坐标，等等。