Aggregator

CVE-2025-52882 | Anthropic claude-code up to 1.0.23 missing origin validation in websockets (GHSA-9f65-56v6-gxw7 / EUVD-2025-19068)

Vuldb Updates
2 weeks ago
A vulnerability identified as critical has been detected in Anthropic claude-code up to 1.0.23. This affects an unknown function. The manipulation leads to missing origin validation in websockets. This vulnerability is referenced as CVE-2025-52882. Remote exploitation of the attack is possible. No exploit is available. You should upgrade the affected component.
vuldb.com

小行星龙宫含有所有五种核碱基

Solidot
2 weeks ago
日本研究团队在《Nature Astronomy》期刊上报告,探测器隼鸟 2 号从小行星龙宫采集的沙粒样本中含有地球生命所需的五种核碱基,再次为小行星陨石将生命所需成分带到地球的假说提供了佐证。隼鸟 2 号探测器于 2018 年造访了小行星龙宫,向其表面发射了两枚金属弹丸——一枚较小,一枚较大——收集了撞击产生的碎片。隼鸟 2 号于 2020 年携带样本返回地球,此后研究人员一直在对其进行分析。日本北海道大学的 Yasuhiro Oba 和同事分析了两个样本,一个来自小行星表面,另一个由弹丸撞击出的地下物质组成。在两个样本中,研究团队都发现了全部五种主要核碱基,核碱基与糖和磷酸结合构成了核酸 DNA 和 RNA。

To Beat Alert Overload, Stop Wasting Time on False Positives 

Cyber Security News
2 weeks ago

At first glance, false positives in cybersecurity seem almost comforting.  An alert fires. A SOC analyst investigates. It turns out to be nothing malicious. Case closed. Systems are safe, detection works, and the organization moves on.  In theory, this looks like a healthy process. Better safe than sorry, right?  But every false alert consumes time. Every investigation diverts attention from real threats. And every unnecessary escalation chips […]

The post To Beat Alert Overload, Stop Wasting Time on False Positives  appeared first on Cyber Security News.

Balaji N

CVE-2025-13406 | Softing Industrial Automation smartLink SW-HT up to 1.43.0 Webserver null pointer dereference (EUVD-2025-208781)

VulDB Recent Entries
2 weeks ago
A vulnerability classified as problematic was found in Softing Industrial Automation smartLink SW-HT up to 1.43.0. Affected is an unknown function of the component Webserver Module. The manipulation results in null pointer dereference. This vulnerability is reported as CVE-2025-13406. The attack can be launched remotely. No exploit exists. Upgrading the affected component is advised.
vuldb.com

CVE-2026-3888 | Canonical Ubuntu Linux up to 2.75.0 snapd /tmp privilege chaining (EUVD-2026-12570)

VulDB Recent Entries
2 weeks ago
A vulnerability described as critical has been identified in Canonical Ubuntu Linux up to 2.75.0. This affects an unknown function of the file /tmp of the component snapd. Executing a manipulation can lead to privilege chaining. This vulnerability is registered as CVE-2026-3888. The attack needs to be launched locally. No exploit is available. Upgrading the affected component is recommended.
vuldb.com

CVE-2026-4324 | Red Hat Satellite 6 on Red Katello Plugin /api/hosts/bootc_images sort_by sql injection (EUVD-2026-12572)

VulDB Recent Entries
2 weeks ago
A vulnerability marked as critical has been reported in Red Hat Satellite 6 on Red. The impacted element is an unknown function of the file /api/hosts/bootc_images of the component Katello Plugin. Performing a manipulation of the argument sort_by results in sql injection. This vulnerability is cataloged as CVE-2026-4324. It is possible to initiate the attack remotely. There is no exploit available.
vuldb.com

Attackers Use SEO Poisoning and Signed Trojans to Steal VPN Credentials

Cyber Security News
2 weeks ago

A financially motivated threat actor known as Storm-2561 has been running a credential theft campaign since May 2025, manipulating search engine rankings to push fake VPN software toward enterprise users. The campaign targets employees searching for tools such as Pulse Secure, Fortinet, and Ivanti, redirecting them to spoofed websites that serve malicious download packages. Once […]

The post Attackers Use SEO Poisoning and Signed Trojans to Steal VPN Credentials appeared first on Cyber Security News.

Tushar Subhra Dutta

Managed ad