Aggregator

A vulnerability labeled as problematic has been found in Wireshark up to 3.6.10/4.0.2. This impacts an unknown function of the component GNW Dissector. Such manipulation leads to denial of service. This vulnerability is traded as CVE-2023-0416. The attack may be launched remotely. There is no exploit available. The affected component should be upgraded.

A vulnerability was found in bPlugins PDF Poster Plugin up to 2.4.1 on WordPress. It has been rated as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to missing authorization. This vulnerability is listed as CVE-2026-27416. The attack may be initiated remotely. There is no available exploit.

A vulnerability marked as problematic has been reported in Wireshark up to 3.6.10/4.0.2. Affected is an unknown function of the component NFS Dissector. Performing a manipulation results in denial of service. This vulnerability is known as CVE-2023-0417. Remote exploitation of the attack is possible. No exploit is available. It is suggested to upgrade the affected component.

A vulnerability was found in Wireshark up to 3.6.10/4.0.2. It has been rated as problematic. The affected element is an unknown function of the component TIPC Dissector. The manipulation leads to denial of service. This vulnerability is documented as CVE-2023-0412. The attack can be initiated remotely. There is not any exploit available. Upgrading the affected component is advised.

A vulnerability was found in Phoenix Contact FL MGUARD 2102, FL MGUARD 2105, FL MGUARD 4102 PCI, FL MGUARD 4102 PCIE, FL MGUARD 4302, FL MGUARD 4305, FL MGUARD CENTERPORT VPN-1000, FL MGUARD CORE TX, FL MGUARD CORE TX VPN, FL MGUARD DELTA TX, TX, TX VPN, FL MGUARD GT, GT, GT VPN, FL MGUARD PCI4000, FL MGUARD PCI4000 VPN, FL MGUARD PCIE4000, FL MGUARD PCIE4000 VPN, FL MGUARD RS2000 TX, TX-B, FL MGUARD RS2005 TX VPN, FL MGUARD RS4000 TX, TX-M, TX-P, FL MGUARD RS4004 TX, DTX, DTX VPN, FL MGUARD SMART2, FL MGUARD SMART2 VPN, TC MGUARD RS2000 3G VPN, TC MGUARD RS2000 4G ATT VPN, TC MGUARD RS2000 4G VPN, TC MGUARD RS2000 4G VZW VPN, TC MGUARD RS4000 3G VPN, TC MGUARD RS4000 4G ATT VPN, TC MGUARD RS4000 4G VPN and TC MGUARD RS4000 4G VZW VPN up to 10.4.0. It has been declared as problematic. Affected is an unknown function. Executing a manipulation can lead to improper removal of sensitive information before storage or transfer. This vulnerability is tracked as CVE-2024-43384. The attack can be launched remotely. No exploit exists. It is recommended to upgrade the affected component.

Результаты исследования будут представлены на закрытом мероприятии.

A China-linked threat actor backdoored a version of Daemon Tools to infect thousands

Apache httpd CVE-2026-23918 HTTP/2 Double-Free|CVSS8.8全球数百万站点|Nix/Lix本地提权|OPNsense Root RCE|vm2沙箱逃逸

Developers managing JavaScript runtimes have a new major version to evaluate. Node.js 26.0.0 brings the long-awaited Temporal API to the platform alongside an updated V8 engine, a refreshed HTTP client, and several long-flagged removals that will require code changes in some applications. Temporal API ready for production code Temporal, a date and time API designed to replace the aging Date object, is now available in Node.js without an experimental flag. The API offers richer handling … More →

The post Node.js 26 ships with Temporal API enabled by default appeared first on Help Net Security.

最好的 AI，就是人不用去学，AI 自己能把自己给用好。

当最大的 AI 算力消费者决定自己建芯片厂，这件事的意义已经超出了商业范畴。

A zero-day vulnerability residing within the Chinese content management system MetInfo has entered a phase of active exploitation

The post Zero-Day Surge: The MetInfo CMS Flaw That Grants Unauthenticated Root Access to Servers appeared first on Penetration Testing Tools.

Disney has equipped select entrance lanes at Disneyland Park and Disney California Adventure Park with facial recognition technology, saying the system is intended to streamline re-entry procedures and help prevent fraud. According to the company, certain entrance lanes use cameras to capture an image linked to a guest’s ticket or pass and compare it with a newly taken image at the entrance. The system then converts both images into unique numerical values using biometric technology … More →

The post Facial recognition arrives at the gates of Disney’s magic kingdom appeared first on Help Net Security.

Cybersecurity researchers have discovered three packages on the Python Package Index (PyPI) repository that are designed to stealthily deliver a previously unknown malware family called ZiChatBot on Windows and Linux systems. "While these wheel packages do implement the features described on their PyPI web pages, their true purpose is to covertly deliver malicious files," Kaspersky 

The Chinese cyber-espionage collective Dragon Breath, also recognized by the designation APT-Q-27, has purportedly acquired a formidable new

The post Dragon Breath’s Leaked Driver Shatters Windows Security and Neutralizes EDRs appeared first on Penetration Testing Tools.

  今天介绍的这篇论文聚焦后量子密码硬件的侧信道安全，用严谨的形式化证明，解决了素域算术掩码长期存在的合成难题，直接指出并修复了微软一款主流后量子加速器的设计缺陷。   论文标题：《Prime-Field PINI: Machine-Checked Composition Theorems for Post-Quantum NTT Masking》 链接：https://arx...

Over the past year, BO Team has significantly recalibrated its approach to incursions against Russian organizations. The syndicate

The post BO Team’s Pivot to High-Stakes Industrial Espionage and the ZeroSSH Threat appeared first on Penetration Testing Tools.

Специалист потребовал от Cloudflare объяснений.

立即查看详情 →

Scams targeting Android users in India and across the Asia-Pacific region have grown around a long-standing curiosity gap: the desire to look up call records tied to a phone number. A cluster of 28 fraudulent apps on Google Play exploited that gap and pulled in more than 7.3 million downloads before the store removed them. ESET researchers, who tracked the campaign and named it CallPhantom, reported the apps to Google on December 16, 2025, and … More →

The post CallPhantom Android scam reached 7.3 million downloads on Google Play appeared first on Help Net Security.