Aggregator

翻过一山，再攀一峰！

This daily article is intended to make it easier for those who want to stay updated with my regular Dark Web Informer and X/Twitter posts.

Zimbra Collaboration 10.0版本和10.1版本存在安全漏洞，该漏洞源于RestFilter servlet处理用户输入不当，可能导致本地文件包含。Webmail Classic UI中的RestFilter servlet对用户输入的处理不当。

A newly documented Linux botnet named SSHStalker is using the IRC (Internet Relay Chat) communication protocol for command-and-control (C2) operations. [...]

A vulnerability was found in Microsoft Windows and classified as critical. The impacted element is an unknown function of the component Shell. Executing a manipulation can lead to protection mechanism failure. This vulnerability is handled as CVE-2026-21510. The attack can be executed remotely. Additionally, an exploit exists. It is best practice to apply a patch to resolve this issue.

A vulnerability was found in Microsoft Windows. It has been rated as critical. Affected is an unknown function of the component MSHTML Framework. This manipulation causes protection mechanism failure. The identification of this vulnerability is CVE-2026-21513. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is suggested to install a patch to address this issue.

A vulnerability categorized as critical has been discovered in Microsoft Word. Affected by this vulnerability is an unknown functionality. Such manipulation leads to reliance on untrusted inputs in a security decision. This vulnerability is referenced as CVE-2026-21514. It is possible to launch the attack remotely. Furthermore, an exploit is available. A patch should be applied to remediate this issue.

A vulnerability described as critical has been identified in Microsoft Windows. This issue affects some unknown processing of the component Desktop Window Manager. The manipulation results in type confusion. This vulnerability is cataloged as CVE-2026-21519. The attack must be initiated from a local position. Furthermore, there is an exploit available. It is best practice to apply a patch to resolve this issue.

A vulnerability, which was classified as problematic, has been found in Microsoft Windows. The impacted element is an unknown function of the component Remote Access Connection Manager. Performing a manipulation results in null pointer dereference. This vulnerability is reported as CVE-2026-21525. The attack requires a local approach. Moreover, an exploit is present. It is suggested to install a patch to address this issue.

A vulnerability was found in Microsoft Windows. It has been declared as critical. Affected by this issue is some unknown functionality of the component Remote Desktop Services. Such manipulation leads to improper privilege management. This vulnerability is uniquely identified as CVE-2026-21533. Local access is required to approach this attack. Moreover, an exploit is present. It is best practice to apply a patch to resolve this issue.

Microsoft Patch Tuesday security updates for February 2026 fix six actively exploited zero-day vulnerabilities. Microsoft Patch Tuesday security updates for February 2026 fix 58 new security flaws across Windows, Office, Azure, Edge, Exchange, Hyper-V, WSL, and other components, rising to 62 CVEs when third-party updates are included. Five vulnerabilities are Critical, two Moderate, and most […]

North Korean hackers are running tailored campaigns using AI-generated video and the ClickFix technique to deliver malware for macOS and Windows to targets in the cryptocurrency sector. [...]

A global survey of 4,149 IT and security practitioners finds that while three-quarters (75%) expect a quantum computer will be capable of breaking traditional public key encryption within five years, only 38% at this point in time are preparing to adopt post-quantum cryptography. Conducted by the Ponemon Institute on behalf of Entrust, a provider of..

The post Survey Sees Little Post-Quantum Computing Encryption Progress appeared first on Security Boulevard.

Organizations that have exposed their instances of Web Help Desk to the public Internet have inadvertently made them prime targets for attackers.

Microsoft today released updates to fix more than 50 security holes in its Windows operating systems and other software, including patches for a whopping six "zero-day" vulnerabilities that attackers are already exploiting in the wild.

The Senate Armed Services Committee, which shares jurisdiction over the nomination due to the “dual-hat” leadership structure that governs both entities, approved Rudd by voice vote last month.

With access to SIM, location data, and a preview of recent SMSes, attackers have everything they need for account takeover or targeted social engineering.