Aggregator

A vulnerability has been found in Google Chrome and classified as critical. This affects an unknown function of the component V8. The manipulation leads to type confusion. This vulnerability is referenced as CVE-2026-1862. Remote exploitation of the attack is possible. No exploit is available. The affected component should be upgraded.

A vulnerability marked as problematic has been reported in GNU Tar up to 1.35. This affects an unknown function of the component TAR Archive Handler. This manipulation causes path traversal: '../filedir'. The identification of this vulnerability is CVE-2025-45582. It is possible to initiate the attack remotely. There is no exploit available.

队伍名：glzjin.. 阅读更多

BeyondTrust warned customers to patch a critical security flaw in its Remote Support (RS) and Privileged Remote Access (PRA) software that could allow unauthenticated attackers to execute arbitrary code remotely. [...]

Компилятор от ИИ-агентов успешно прошел 99% стресс-тестов GCC.

Cyber threats are no longer coming from just malware or exploits. They’re showing up inside the tools, platforms, and ecosystems organizations use every day. As companies connect AI, cloud apps, developer tools, and communication systems, attackers are following those same paths. A clear pattern this week: attackers are abusing trust. Trusted updates, trusted marketplaces, trusted apps, even

For the latest discoveries in cyber research for the week of 9th February, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES Romania’s national oil pipeline operator, Conpet, has suffered a cyberattack that disrupted its IT systems and took its website offline. The company said operational technology, including pipeline control and telecommunications systems, remained […]

The post 9th February – Threat Intelligence Report appeared first on Check Point Research.

Hackers are using Signal QR codes and fake support scams to spy on military and political leaders, German security agencies warn.

Huntress confirmed active SolarWinds Web Help Desk exploits, where attackers installed Zoho tools for persistence, and used Velociraptor for control. On February 7, 2026, Huntress investigated an active attack abusing SolarWinds Web Help Desk flaws. Attackers exploited unpatched versions to run code remotely, then quickly installed Zoho ManageEngine tools for persistent remote access and Cloudflare […]

亿万富翁、NASA 局长 Jared Isaacman 宣布允许执行 Crew-12 载人飞行和 Artemis II 绕月任务的宇航员携带智能手机。此举引发了很多争议，因为航空公司对智能手机使用的锂离子电池都有严格规定，而 NASA 竟然允许在更危险更封闭的环境中放置或使用锂离子电池。Isaacman 宣称此举是为了挑战他所谓的臃肿的认证要求，此前要允许硬件在太空中使用需要经历繁琐的审批流程，包括辐射特性分析、电池热测试、气体释放评估和振动测试等等。

В КНР нашли способ разогнать БПЛА до Маха 0,9.

A vulnerability was found in AprilRobotics apriltag up to 3.4.5. It has been classified as problematic. Affected by this vulnerability is the function apriltag_detector_detect of the file apriltag.c. The manipulation leads to memory corruption. This vulnerability is listed as CVE-2026-2246. The attack must be carried out locally. In addition, an exploit is available. It is suggested to install a patch to address this issue.

Microsoft Exchange Online is experiencing a service degradation that incorrectly flags legitimate customer emails as phishing, quarantining them and disrupting communications. The issue, identified as EX1227432, started on February 5, 2026, at 10:31 AM EST and remains ongoing. Microsoft classifies this as an incident affecting Exchange Online, with some users unable to send or receive […]

The post Microsoft Exchange Online Flags Customers Legitimate Email as Phishing appeared first on Cyber Security News.

Cybersecurity threats are swiftly evolving beyond easily spotted, poorly written phishing emails to sophisticated methods that leverage trusted digital infrastructure. Attackers are now exploiting legitimate business workflows within widely used platforms, effectively turning reputable services into unwitting accomplices for financial fraud. This strategic shift makes malicious communications significantly harder for traditional security filters to detect, […]

The post Hackers Exploit Legitimate Apple and PayPal Invoice Emails in DKIM Replay Attacks appeared first on Cyber Security News.

A vulnerability was found in WCFM Membership Plugin up to 2.11.8 on WordPress and classified as problematic. Affected is the function WCFMvm_Memberships_Payment_Controller::processing. Executing a manipulation can lead to improper control of resource identifiers. This vulnerability is tracked as CVE-2025-15147. The attack can be launched remotely. No exploit exists.

A vulnerability has been found in WCFM Plugin up to 6.7.24 on WordPress and classified as critical. This impacts the function WCFM_Settings_Controller::processing of the component Setting Handler. Performing a manipulation results in privilege escalation. This vulnerability is identified as CVE-2026-0845. The attack can be initiated remotely. There is not any exploit available.

Submit #753162 / VDB-344994

A vulnerability, which was classified as problematic, was found in CCExtractor up to 183. This affects the function parse_PAT/parse_PMT in the library src/lib_ccx/ts_tables.c of the component MPEG-TS File Parser. Such manipulation leads to out-of-bounds read. This vulnerability is referenced as CVE-2026-2245. The attack can only be performed from a local environment. Furthermore, an exploit is available. It is best practice to apply a patch to resolve this issue.

A vulnerability, which was classified as problematic, has been found in Loggro Pymes up to 1.0.123. The impacted element is an unknown function of the file /loggrodemo/jbrain/MaestraCuentasBancarias. This manipulation of the argument descripción causes cross site scripting. The identification of this vulnerability is CVE-2026-1959. It is possible to initiate the attack remotely. There is no exploit available. It is advisable to upgrade the affected component.

A vulnerability classified as critical was found in JetBrains Hub. The affected element is an unknown function. The manipulation results in missing authentication. This vulnerability was named CVE-2026-25848. The attack may be performed from remote. There is no available exploit. Upgrading the affected component is advised.