Aggregator

A vulnerability, which was classified as critical, was found in Phoenix Contact FL SWITCH 2005, FL SWITCH 2008, FL SWITCH 2016, FL SWITCH 2105, FL SWITCH 2108, FL SWITCH 2116, FL SWITCH 2204-2TC-2SFX, FL SWITCH 2205, FL SWITCH 2206-2FX, FL SWITCH 2206-2FX SM, FL SWITCH 2206-2FX SM ST, FL SWITCH 2206-2FX ST, FL SWITCH 2206-2SFX, FL SWITCH 2206-2SFX PN, FL SWITCH 2206C-2FX, FL SWITCH 2207-FX, FL SWITCH 2207-FX SM, FL SWITCH 2208, FL SWITCH 2208 PN, FL SWITCH 2208C, FL SWITCH 2212-2TC-2SFX, FL SWITCH 2214-2FX, FL SWITCH 2214-2FX SM, FL SWITCH 2214-2SFX, FL SWITCH 2214-2SFX PN, FL SWITCH 2216, FL SWITCH 2216 PN, FL SWITCH 2304-2GC-2SFP, FL SWITCH 2306-2SFP, FL SWITCH 2306-2SFP PN, FL SWITCH 2308, FL SWITCH 2308 PN, FL SWITCH 2312-2GC-2SFP, FL SWITCH 2314-2SFP, FL SWITCH 2314-2SFP PN, FL SWITCH 2316, FL SWITCH 2316 PN, FL SWITCH 2404-2TC-2SFX, FL SWITCH 2406-2SFX, FL SWITCH 2406-2SFX PN, FL SWITCH 2408, FL SWITCH 2408 PN, FL SWITCH 2412-2TC-2SFX, FL SWITCH 2414-2SFX, FL SWITCH 2414-2SFX PN, FL SWITCH 2416, FL SWITCH 2416 PN, FL SWITCH 2504-2GC-2SFP, FL SWITCH 2506-2SFP, FL SWITCH 2506-2SFP PN, FL SWITCH 2508, FL SWITCH 2508 PN, FL SWITCH 2512-2GC-2SFP, FL SWITCH 2514-2SFP, FL SWITCH 2514-2SFP PN, FL SWITCH 2516, FL SWITCH 2516 PN, FL SWITCH 2608, FL SWITCH 2608 PN, FL SWITCH 2708, FL SWITCH 2708 PN, FL SWITCH 2303-8SP1, FL NAT 2008, FL NAT 2208, FL NAT 2304-2GC-2SFP, FL SWITCH 2008F, K1, FL SWITCH TSN 2316, FL SWITCH TSN 2312-2GC-2SFP, FL SWITCH TSN 2314-2SFP, FL SWITCH 5924-4GC, FL SWITCH 5916-8GC-4SFP+, FL SWITCH 5924SFP-4GC, FL SWITCH 5924-4SFP+ and FL SWITCH 5916SFP-8GC-4SFP+ up to 3.52. The affected element is an unknown function of the component Telnet/SSH. Such manipulation leads to stack-based buffer overflow. This vulnerability is referenced as CVE-2026-22321. It is possible to launch the attack remotely. No exploit is available. You should upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Phoenix Contact FL SWITCH 2005, FL SWITCH 2008, FL SWITCH 2016, FL SWITCH 2105, FL SWITCH 2108, FL SWITCH 2116, FL SWITCH 2204-2TC-2SFX, FL SWITCH 2205, FL SWITCH 2206-2FX, FL SWITCH 2206-2FX SM, FL SWITCH 2206-2FX SM ST, FL SWITCH 2206-2FX ST, FL SWITCH 2206-2SFX, FL SWITCH 2206-2SFX PN, FL SWITCH 2206C-2FX, FL SWITCH 2207-FX, FL SWITCH 2207-FX SM, FL SWITCH 2208, FL SWITCH 2208 PN, FL SWITCH 2208C, FL SWITCH 2212-2TC-2SFX, FL SWITCH 2214-2FX, FL SWITCH 2214-2FX SM, FL SWITCH 2214-2SFX, FL SWITCH 2214-2SFX PN, FL SWITCH 2216, FL SWITCH 2216 PN, FL SWITCH 2304-2GC-2SFP, FL SWITCH 2306-2SFP, FL SWITCH 2306-2SFP PN, FL SWITCH 2308, FL SWITCH 2308 PN, FL SWITCH 2312-2GC-2SFP, FL SWITCH 2314-2SFP, FL SWITCH 2314-2SFP PN, FL SWITCH 2316, FL SWITCH 2316 PN, FL SWITCH 2404-2TC-2SFX, FL SWITCH 2406-2SFX, FL SWITCH 2406-2SFX PN, FL SWITCH 2408, FL SWITCH 2408 PN, FL SWITCH 2412-2TC-2SFX, FL SWITCH 2414-2SFX, FL SWITCH 2414-2SFX PN, FL SWITCH 2416, FL SWITCH 2416 PN, FL SWITCH 2504-2GC-2SFP, FL SWITCH 2506-2SFP, FL SWITCH 2506-2SFP PN, FL SWITCH 2508, FL SWITCH 2508 PN, FL SWITCH 2512-2GC-2SFP, FL SWITCH 2514-2SFP, FL SWITCH 2514-2SFP PN, FL SWITCH 2516, FL SWITCH 2516 PN, FL SWITCH 2608, FL SWITCH 2608 PN, FL SWITCH 2708, FL SWITCH 2708 PN, FL SWITCH 2303-8SP1, FL NAT 2008, FL NAT 2208, FL NAT 2304-2GC-2SFP, FL SWITCH 2008F, K1, FL SWITCH TSN 2316, FL SWITCH TSN 2312-2GC-2SFP, FL SWITCH TSN 2314-2SFP, FL SWITCH 5924-4GC, FL SWITCH 5916-8GC-4SFP+, FL SWITCH 5924SFP-4GC, FL SWITCH 5924-4SFP+ and FL SWITCH 5916SFP-8GC-4SFP+ up to 3.52. Impacted is an unknown function of the component HTTP Handler. This manipulation causes command injection. The identification of this vulnerability is CVE-2026-22317. It is possible to initiate the attack remotely. There is no exploit available. It is advisable to upgrade the affected component.

Главное из исследования рынка Privacy.

A high-severity security flaw affecting default installations of Ubuntu Desktop versions 24.04 and later could be exploited to escalate privileges to the root level. Tracked as CVE-2026-3888 (CVSS score: 7.8), the issue could allow an attacker to seize control of a susceptible system. "This flaw (CVE-2026-3888) allows an unprivileged local attacker to escalate privileges to full root access

致力于打造一套完整的Agentic AI反欺诈生态系统

2025 年 11 月，Anthropic 披露，一名威胁行为者已将 Claude 武器化，并发起了一场智能体网络攻击，该攻击在极少人为干预的情况下自主运行。

A high-severity Windows vulnerability dubbed “RegPwn” (CVE-2026-24291) is an elevation-of-privilege flaw that allows low-privileged users to gain full SYSTEM access. The MDSec red team discovered the vulnerability and successfully used it in internal engagements since January 2025, before it was addressed in a recent Microsoft Patch Tuesday update. The attack targets the way Windows manages […]

The post Researchers Reveal ‘RegPwn,’ a Windows Registry Vulnerability That Granted SYSTEM Privileges appeared first on Cyber Security News.

A critical SQL injection vulnerability in Fortinet’s FortiClient Endpoint Management Server (EMS). Tracked as CVE-2026-21643, this severe flaw carries a CVSS score of 9.1. It allows unauthenticated attackers to execute arbitrary SQL commands and access sensitive database information. The issue specifically affects FortiClient EMS version 7.4.4 when multi-tenant mode is active. The root cause stems […]

The post Critical FortiClient SQL Injection Vulnerability Enables Arbitrary Database Access appeared first on Cyber Security News.

Хакеры научились подстраиваться под мировой хаос быстрее СМИ.

Unknown Worlds Entertainment 是知名水下生存游戏《Subnautica》的开发商，2021 年韩国游戏发行商 Krafton 以 5 亿美元收购了该游戏工作室，并在合同中承诺如果续作《Subnautica 2》销量足够好将额外支付 2.5 亿美元。Krafton 内部对《Subnautica 2》的销量预测相当乐观，因此 2.5 亿美元看起来不得不兑现了。然而 CEO Changhan Kim 不想支付这笔费用，他因此求助于 AI 聊天机器人 ChatGPT 而不是公司法务讨论如何避免支付 2.5 亿美元。公司法务认为奖金取消不了，但 Kim 在 ChatGPT 的帮助下设计了一个方案以莫须有理由突然解雇了 Unknown Worlds 的主要高管。被解雇的高管提起诉讼曝光了 ChatGPT 的阴谋。法官本周裁决 Unknown Worlds 前 CEO Ted Gill 恢复原职。拖延了很久的《Subnautica 2》预计将于今年 5 月发布抢先体验版本（early access）。

Почему ИИ нельзя оставлять без присмотра во второй половине пятницы.

Musi 是一款免费音乐串流应用，只有 iOS 版本，它本身并不托管音乐，而是利用了 YouTube 上的音乐。它诞生于 2013 年，2024 年 9 月因 YouTube 的投诉而被苹果下架，下架前其下载量超过 6600 万次。Musi 有广告，用户可以一次性支付 5.99 美元移除广告。在下架之后，Musi 起诉了苹果。加州北区联邦地区法院法官 Eumi Lee 本周裁决 Musi 败诉。法官称，根据苹果的开发者协议 Developer Program License Agreement(DPLA)，苹果“不论有没有原因”都可以下架应用，它只需要发出终止通知。苹果向 Musi 发出了终止通知，因此下架并没有违反 DPLA。法官还抨击 Musi 的律师在案件中捏造事实，下令由该律所支付诉讼费用。

Cancer research and treatment innovation - and the tech that powers that - requires a great deal of collaboration and data sharing among multiple parties. But keeping that sensitive information secure and private is crucial - and requires adherence to standards, said Baxter Lee of Clearwater.

Dell's AI Blueprint for Identity, Agents and Agentic Infrastructure
Going all-in on AI with a top down strategy and a ravenous appetite for innovation has helped Dell transform its operations and grow revenue by $30 billion, and the company's evolution lays out a blueprint for how CIOs should think about building infrastructure for AI and managing an army of agents.

Startup Native Targets Enterprise Policy-to-Architecture Gap Across Clouds
Startup Native emerged from stealth with $42 million to advance a proactive cloud security model that enforces policy-driven controls, helping enterprises manage AI-driven threats and maintain consistent protections across complex multi-cloud environments.

AI, Robotics Leaders Warn Chinese Robots Could Disrupt Sensitive Operations
Witnesses told a U.S. House Homeland Security panel that Chinese-developed AI robotics platforms could give Beijing new avenues for surveillance, disruption and physical harm across critical sectors, and urged restrictions on federal use as China expands its industrial dominance.

Chinese Hacking Firm iSoon and Iran's Emennet Pasargad Among Targets
The European Union sanctioned three Chinese and Iranian hacking operations that have been under U.S. indictments or sanctions for over a year - or, in one case, since 2019. The sanctions freeze assets and forbid EU citizens and companies from funding or otherwise doing business with the targets.

Government agencies faced the highest volume of cyberattack campaigns in 2025, according to new findings from HPE Threat Labs, which tracked 1,186 active campaigns over the course of the year. The data covers activity observed between January 1 and December 31, 2025, and reflects a broad mix of sectors and attack types. Top sectors targeted by threat campaigns in 2025 (Source: HPE) AI and automation drive faster, more powerful cyberattacks Government agencies were targeted in … More →

The post Cybercriminals scale up, government sector hit hardest appeared first on Help Net Security.

活动时间：3.18 15:00 ～ 4.3 23:59

Learn how exposed Ollama servers can allow unauthorized model access, prompt abuse, and GPU resource consumption when LLM inference APIs are publicly accessible.

The post Exposed Ollama Servers: Security Risks of Publicly Accessible LLM Infrastructure appeared first on Indusface.

The post Exposed Ollama Servers: Security Risks of Publicly Accessible LLM Infrastructure appeared first on Security Boulevard.