Aggregator

A vulnerability was found in Birtech Senseway up to 09022026. It has been declared as problematic. Affected by this issue is some unknown functionality. The manipulation results in insecure storage of sensitive information. This vulnerability is cataloged as CVE-2025-10464. The attack may be launched remotely. There is no exploit available.

A vulnerability described as critical has been identified in D-Link DIR-823X 250416. This vulnerability affects unknown code of the file /goform/set_ac_server of the component Web Management Interface. The manipulation of the argument ac_server results in os command injection. This vulnerability is reported as CVE-2026-2063. The attack can be launched remotely. Moreover, an exploit is present.

A vulnerability labeled as critical has been found in D-Link DIR-823X 250416. Affected by this issue is the function sub_424D20 of the file /goform/set_ipv6. Executing a manipulation can lead to os command injection. This vulnerability is registered as CVE-2026-2061. It is possible to launch the attack remotely. Furthermore, an exploit is available.

A vulnerability has been found in n8n-io n8n up to 1.120.x and classified as critical. This affects an unknown function of the component Credential Domain Validation. Performing a manipulation results in improper authentication. This vulnerability is identified as CVE-2026-25631. The attack can be initiated remotely. There is not any exploit available. The affected component should be upgraded.

A vulnerability, which was classified as problematic, was found in pyasn1 up to 0.6.1. The affected element is an unknown function. Executing a manipulation of the argument RELATIVE-OID can lead to allocation of resources. The identification of this vulnerability is CVE-2026-23490. The attack may be launched remotely. There is no exploit available. You should upgrade the affected component.

A vulnerability classified as problematic has been found in esnet iperf3 up to 3.19.0. Affected is an unknown function of the file iperf_auth.c. This manipulation causes off-by-one. This vulnerability is registered as CVE-2025-54349. Remote exploitation of the attack is possible. No exploit is available. It is recommended to upgrade the affected component.

A vulnerability was found in Fortinet FortiClientEMS 7.4.4. It has been classified as critical. Impacted is an unknown function. The manipulation leads to sql injection. This vulnerability is uniquely identified as CVE-2026-21643. The attack is possible to be carried out remotely. No exploit exists.

A vulnerability categorized as problematic has been discovered in Scrapy up to 2.13.2. Impacted is an unknown function of the component Brotli Decompression Handler. Such manipulation leads to resource consumption. This vulnerability is uniquely identified as CVE-2025-6176. The attack can be launched remotely. No exploit exists.

The European Commission believes Meta breached EU competition rules by blocking other AI assistants from accessing and interacting with users on WhatsApp. The case centers on a change Meta announced on 15 October 2025 to the WhatsApp Business Solution Terms. The update effectively blocked third-party, general-purpose AI assistants from operating on WhatsApp. Since 15 January 2026, Meta AI has been the only AI assistant available on the app. The Commission plans to impose interim measures … More →

The post EU targets Meta over WhatsApp AI access restrictions appeared first on Help Net Security.

A new critical vulnerability discovered by security research firm LayerX has exposed a fundamental architectural flaw in how Large Language Models (LLMs) handle trust boundaries. The zero-click remote code execution (RCE) flaw in Claude Desktop Extensions (DXT) allows attackers to compromise a system using nothing more than a maliciously crafted Google Calendar event. The vulnerability, […]

The post Claude Desktop Extensions 0-Click RCE Vulnerability Exposes 10,000+ Users to Remote Attacks appeared first on Cyber Security News.

Оказалось, что даже запертая на все замки дверь не гарантирует приватности.

Ivanti said it was aware “a very limited number of customers” had been attacked while two vulnerabilities were still unpatched.

A vulnerability has been found in Google Chrome and classified as critical. This affects an unknown function of the component V8. The manipulation leads to type confusion. This vulnerability is referenced as CVE-2026-1862. Remote exploitation of the attack is possible. No exploit is available. The affected component should be upgraded.

A vulnerability marked as problematic has been reported in GNU Tar up to 1.35. This affects an unknown function of the component TAR Archive Handler. This manipulation causes path traversal: '../filedir'. The identification of this vulnerability is CVE-2025-45582. It is possible to initiate the attack remotely. There is no exploit available.

队伍名：glzjin.. 阅读更多

BeyondTrust warned customers to patch a critical security flaw in its Remote Support (RS) and Privileged Remote Access (PRA) software that could allow unauthenticated attackers to execute arbitrary code remotely. [...]

Компилятор от ИИ-агентов успешно прошел 99% стресс-тестов GCC.

Cyber threats are no longer coming from just malware or exploits. They’re showing up inside the tools, platforms, and ecosystems organizations use every day. As companies connect AI, cloud apps, developer tools, and communication systems, attackers are following those same paths. A clear pattern this week: attackers are abusing trust. Trusted updates, trusted marketplaces, trusted apps, even

For the latest discoveries in cyber research for the week of 9th February, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES Romania’s national oil pipeline operator, Conpet, has suffered a cyberattack that disrupted its IT systems and took its website offline. The company said operational technology, including pipeline control and telecommunications systems, remained […]

The post 9th February – Threat Intelligence Report appeared first on Check Point Research.

Hackers are using Signal QR codes and fake support scams to spy on military and political leaders, German security agencies warn.