Aggregator

强势围观！

Новый отчёт Microsoft раскрывает масштаб скрытой слежки за пользователями.

The Google Threat Intelligence Group (GTIG) released its annual analysis, confirming that 90 zero-day vulnerabilities were actively exploited in the wild throughout 2025. While this marks a slight decrease from the record 100 zero-days in 2023, it represents a noticeable increase from 2024’s total of 78. According to Google’s researchers, attackers are shifting their focus […]

The post Google Confirms 90 Zero-Day Vulnerabilities Actively Exploited in 2025 appeared first on Cyber Security News.

The U.S. Federal Bureau of Investigation (FBI) confirmed on Thursday that it's investigating a breach that affected systems used to manage surveillance and wiretap warrants. [...]

A vulnerability classified as problematic was found in Craft CMS. Affected is the function Elements::parseRefs of the component GraphQL Directive Handler. Executing a manipulation can lead to authorization bypass. The identification of this vulnerability is CVE-2026-28696. The attack may be launched remotely. There is no exploit available. Upgrading the affected component is advised.

A vulnerability was found in Craft CMS and classified as critical. This vulnerability affects unknown code of the component Twig. Such manipulation leads to code injection. This vulnerability is listed as CVE-2026-28783. The attack may be performed from remote. There is no available exploit. It is suggested to upgrade the affected component.

A vulnerability categorized as problematic has been discovered in Craft CMS. The impacted element is an unknown function. The manipulation results in authorization bypass. This vulnerability is reported as CVE-2026-28782. The attack can be launched remotely. No exploit exists. It is advisable to upgrade the affected component.

A vulnerability identified as problematic has been detected in Craft CMS. This affects an unknown function of the component POST Request Handler. This manipulation causes authorization bypass. This vulnerability appears as CVE-2026-28781. The attack may be initiated remotely. There is no available exploit. You should upgrade the affected component.

A vulnerability was found in D-Link DIR-513 1.10. It has been declared as critical. This vulnerability affects unknown code of the file /goform/formAdvFirewall. Executing a manipulation can lead to stack-based buffer overflow. This vulnerability is tracked as CVE-2025-70218. The attack can be launched remotely. No exploit exists.

A vulnerability, which was classified as critical, was found in D-Link DIR-513 1.10. This vulnerability affects unknown code of the file /goform/formEasySetupWizard. Executing a manipulation of the argument curTime can lead to stack-based buffer overflow. This vulnerability appears as CVE-2025-70226. The attack may be performed from remote. There is no available exploit.

A vulnerability, which was classified as critical, has been found in Dell Device Management Agent up to 26.01. This impacts an unknown function. The manipulation leads to incorrect authorization. This vulnerability is uniquely identified as CVE-2026-26949. Local access is required to approach this attack. No exploit exists. It is advisable to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Craft CMS. The impacted element is the function create of the component Twig SSTI. This manipulation causes path traversal. This vulnerability is registered as CVE-2026-28695. Remote exploitation of the attack is possible. No exploit is available. It is advisable to upgrade the affected component.

A vulnerability described as critical has been identified in Silabs Zigbee Stack up to 4.3.4/2024.6.2. This vulnerability affects unknown code. The manipulation results in unchecked return value. This vulnerability was named CVE-2025-1394. The attack needs to be approached within the local network. There is no available exploit.

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Apple, Rockwell, and Hikvision flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Apple, Rockwell, and Hikvision flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws added to the catalog: CVE-2023-43000 is a use-after-free issue in the WebKit component. Apple […]

ADPulse — Active Directory Security Scanner ADPulse is an open-source Active Directory security auditing tool that connects to

The post Beyond the Perimeter: Auditing Active Directory Security with ADPulse’s 35-Point Automated Scan appeared first on Penetration Testing Tools.

复旦大学系统软件与安全实验室在跨设备认证安全领域取得新进展

Developers and analysts are using more AI tools to produce code and to test both the performance and security of the finished products. They are also embedding AI functionality in their products directly. But just how secure are these AI tools and routines themselves? Recent reports show they suffer from vulnerabilities just like any other code. For example, Google recently provided an update for CVE-2026-0628, associated with Gemini AI implemented in the Chrome browser. This … More →

The post March 2026 Patch Tuesday forecast: Is AI security an oxymoron? appeared first on Help Net Security.

A China-linked advanced persistent threat (APT) actor has been targeting critical telecommunications infrastructure in South America since 2024, targeting Windows and Linux systems and edge devices with three different implants. The activity is being tracked by Cisco Talos under the moniker UAT-9244, describing it as closely associated with another cluster known as FamousSparrow. It's worth

Новый вирус GHOSTFORM запускается в памяти компьютера и скрывается от антивирусов.

活动期间全线业务限时升级为高系数，更有新人启航礼・伯乐引荐礼！