Aggregator

A vulnerability, which was classified as problematic, was found in dropbox/arekinath/handnot2 esaml. This affects an unknown part of the component SAML Handler. Such manipulation leads to xml external entity reference. This vulnerability is listed as CVE-2026-28809. The attack may be performed from remote. There is no available exploit. You should upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Nexxt Solutions Nebula 300+ up to 12.01.01.37. Affected by this issue is some unknown functionality. This manipulation causes cross-site request forgery. This vulnerability is tracked as CVE-2026-31849. The attack is possible to be carried out remotely. No exploit exists.

A vulnerability classified as problematic was found in Nexxt Solutions Nebula 300+ up to 12.01.01.37. Affected by this vulnerability is an unknown functionality of the component Cookie Handler. The manipulation of the argument ecos_pw results in risky cryptographic algorithm. This vulnerability is identified as CVE-2026-31848. The attack can be executed remotely. There is not any exploit available.

A vulnerability classified as critical has been found in Nexxt Solutions Nebula 300+ up to 12.01.01.37. Affected is an unknown function of the file /goform/setSysTools of the component Telnet Service. The manipulation leads to backdoor. This vulnerability is referenced as CVE-2026-31847. The attack needs to be initiated within the local network. No exploit is available.

A vulnerability described as critical has been identified in Nexxt Solutions Nebula 300+ up to 12.01.01.37. This impacts an unknown function of the file /goform/ate of the component HTTP Handler. Executing a manipulation can lead to missing authentication. The identification of this vulnerability is CVE-2026-31846. The attack needs to be done within the local network. There is no exploit available.

A vulnerability marked as critical has been reported in MB connect line mbCONNECT24 and mymbCONNECT24 up to 2.19.3. This affects an unknown function of the component Userinfo Endpoint. Performing a manipulation results in sql injection. This vulnerability was named CVE-2026-32969. The attack may be initiated remotely. There is no available exploit.

A vulnerability labeled as critical has been found in Cuantis. The impacted element is an unknown function of the file /search.php of the component Parameter Handler. Such manipulation of the argument Search leads to sql injection. This vulnerability is uniquely identified as CVE-2025-41007. The attack can be launched remotely. No exploit exists.

Black Duck has announced the general availability of Black Duck Signal, an agentic AI application security solution purpose-built to secure AI-generated code in autonomous development workflows. As agentic AI coding assistants increasingly design, code and deliver production software, organizations face a new class of application risk, created at unprecedented speed and scale. Black Duck Signal is designed to meet this shift head-on, delivering AI-native security that intelligently assesses risk, validates findings and automates remediation at … More →

The post Black Duck Signal secures AI-generated code with agentic application security appeared first on Help Net Security.

A vulnerability identified as critical has been detected in MB connect line mbCONNECT24 and mymbCONNECT24 up to 2.19.3. The affected element is an unknown function of the component com_mb24sysapi Module. This manipulation causes os command injection. This vulnerability is handled as CVE-2026-32968. The attack can be initiated remotely. There is not any exploit available.

A vulnerability categorized as problematic has been discovered in Red Hat Keycloak. Impacted is an unknown function of the component Identity-first Login. The manipulation results in information exposure through error message. This vulnerability is known as CVE-2026-4633. It is possible to launch the attack remotely. No exploit is available.

根据发表在《Environmental Pollution》期刊上的一项研究，烟头不会完全从环境中消失。由于分解缓慢而且会释放出有毒物质，烟头构成了长期的环境危害。研究人员调查了烟头在十年中的分解过程，发现在富氮条件下烟头的质量会在十年里减少 84%。烟头的分解分为四个过程，初始阶段出现一个峰值，然后在中期再次出现一个峰值，显示旧烟头会带来持续的生态风险。

Rubrik has unveiled its Semantic AI Governance Engine (SAGE), designed to secure and control autonomous agents in real time. SAGE powers Rubrik Agent Cloud, replacing static, manual oversight with intent-driven governance to safely scale the enterprise AI workforce while maintaining full control over agent behavior. Enterprise AI deployment is stalling at a governance bottleneck, as legacy systems rely on deterministic rules that cannot comprehend natural language nor adapt to dynamic and unforeseen actions taken by … More →

The post Rubrik SAGE enables semantic governance for enterprise AI agents at scale appeared first on Help Net Security.

Cisco today at the RSA Conference (RSAC) extended its cybersecurity portfolio to secure artificial intelligence (AI) agents while at the same time employing AI to automate security operations. At the core of that effort are extensions to the Cisco Duo identity and access management (IAM) platform that make it possible to discover them and apply..

The post Cisco Extends Security Reach to AI Agents appeared first on Security Boulevard.

Police shut down 373K dark web sites in a one-man CSAM and cybercrime network run by a 35-year-old man in China, with global probe ongoing.

В Вене представили проект нового полицейского союза.

AppGate has announced the launch of its Operational Technology (OT) ZTNA solution. Designed to secure industrial control systems, manufacturing plants, energy facilities, and other critical infrastructure, the offering extends AppGate’s direct-routed ZTNA architecture into OT environments. It enables secure remote access without compromising performance or operational stability. As IT and OT systems grow increasingly interconnected, remote access has become fundamental to industrial operations. This shift challenges legacy security models that were designed for isolated networks. … More →

The post AppGate delivers identity-based ZTNA for secure access across OT systems appeared first on Help Net Security.

What is the Cyber Resilience Act (EU)? The Cyber Resilience Act (CRA) is a European Union regulation designed to establish mandatory cybersecurity requirements for products with digital elements placed on the EU market. Proposed by the European Commission as part of the EU’s broader cybersecurity strategy, the CRA aims to ensure that hardware and software […]

The post Cyber Resilience Act (EU) appeared first on Centraleyes.

The post Cyber Resilience Act (EU) appeared first on Security Boulevard.

Microsoft is working to address an ongoing service issue that has intermittently prevented some users from accessing their cloud-based Exchange Online mailboxes via Outlook mobile and Mac desktop clients since Thursday. [...]