Aggregator

CVE-2026-22977 | Linux Kernel up to 6.19-rc4 net sk_buff.cb allocation of resources (Nessus ID 297728 / WID-SEC-2026-0194)

Vuldb Updates
19 hours 54 minutes ago
A vulnerability was found in Linux Kernel up to 6.19-rc4. It has been declared as critical. This affects an unknown function of the file sk_buff.cb of the component net. Such manipulation leads to allocation of resources. This vulnerability is uniquely identified as CVE-2026-22977. The attack can only be initiated within the local network. No exploit exists. It is recommended to upgrade the affected component.
vuldb.com

CVE-2026-21964 | Oracle MySQL Server up to 8.0.44/8.4.7/9.5.0 Thread Pooling denial of service (EUVD-2026-3548 / Nessus ID 297724)

Vuldb Updates
19 hours 54 minutes ago
A vulnerability identified as problematic has been detected in Oracle MySQL Server up to 8.0.44/8.4.7/9.5.0. This issue affects some unknown processing of the component Thread Pooling. The manipulation leads to denial of service. This vulnerability is documented as CVE-2026-21964. The attack can be initiated remotely. There is not any exploit available. You should upgrade the affected component.
vuldb.com

CVE-2026-21985 | Oracle VM VirtualBox 7.1.14/7.2.4 Core information disclosure (EUVD-2026-3527 / Nessus ID 297733)

Vuldb Updates
19 hours 54 minutes ago
A vulnerability was found in Oracle VM VirtualBox 7.1.14/7.2.4. It has been declared as problematic. The impacted element is an unknown function of the component Core. The manipulation results in information disclosure. This vulnerability is identified as CVE-2026-21985. The attack is only possible with local access. There is not any exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2026-1035 | Red Hat Keycloak Refresh Token TokenManager toctou (Nessus ID 297730 / WID-SEC-2026-0197)

Vuldb Updates
19 hours 54 minutes ago
A vulnerability described as problematic has been identified in Red Hat Keycloak. Affected by this vulnerability is the function TokenManager of the component Refresh Token Handler. The manipulation results in time-of-check time-of-use. This vulnerability is cataloged as CVE-2026-1035. The attack may be launched remotely. There is no exploit available.
vuldb.com

Threat Actors Abuse Microsoft & Google Platforms to Attack Enterprise Users

Cyber Security News
20 hours 11 minutes ago

Enterprise security teams are facing a sophisticated new challenge as cybercriminals increasingly exploit trusted cloud platforms to launch phishing attacks. Instead of relying on suspicious newly registered domains, threat actors now host their malicious infrastructure on legitimate services like Microsoft Azure Blob Storage, Google Firebase, and AWS CloudFront. This strategic shift allows attackers to hide […]

The post Threat Actors Abuse Microsoft & Google Platforms to Attack Enterprise Users appeared first on Cyber Security News.

Tushar Subhra Dutta

White House Nixes Biden-Era Software Security Rules

Ransomware DataBreachToday.com
20 hours 12 minutes ago
Analysts Warn of Patchwork Federal Assurance Standards After Rollback
The White House rescinded two key software security policies requiring vendors to attest to secure development practices, citing excessive compliance burdens - but analysts warn the move risks weakening federal software assurance without strong, agency-level replacements.

HHS Audit Flags Web App Security Gaps at Large Hospital

Ransomware DataBreachToday.com
20 hours 12 minutes ago
Experts: Problems Are Frequent Weaknesses Across Healthcare Sector Entities
Security weaknesses in web-facing apps used at a large U.S. hospital could leave the facility's IT systems and sensitive patient information vulnerable to cyberattacks, found federal auditors. Those same problems also haunt many other healthcare entities, experts said.

RapidFort Lands $42M to Scale Software Supply Chain Security

Ransomware DataBreachToday.com
20 hours 12 minutes ago
San Francisco-Based Startup Eyes AI Adjacencies and Supply Chain Risk Reduction
Software supply chain security firm RapidFort has raised $42 million in Series A funding to expand sales operations and build out its platform. Founder and CEO Mehran Farimani says the company will focus on reducing developer lift while addressing emerging risks tied to AI-enabled workloads.

Managed ad