Aggregator

A vulnerability, which was classified as critical, was found in Oracle E-Business Suite up to 12.2.6. This vulnerability affects unknown code of the component Marketing. Executing a manipulation can lead to improper access controls. The identification of this vulnerability is CVE-2017-3352. The attack may be launched remotely. There is no exploit available. You should upgrade the affected component.

A threat actor claims to have breached Ícaro Cloud S.L., an Alicante-based managed service provider in Spain, allegedly exposing sensitive configuration data across 20 client networks.

A vulnerability was found in vercel next.js up to 15.5.15/16.2.4 and classified as problematic. Affected by this vulnerability is an unknown functionality. Executing a manipulation can lead to cross site scripting. This vulnerability is tracked as CVE-2026-44580. The attack can be launched remotely. No exploit exists. It is suggested to upgrade the affected component.

A vulnerability has been found in vercel next.js up to 15.5.15/16.2.4 and classified as problematic. This affects an unknown part. The manipulation leads to cross site scripting. This vulnerability is referenced as CVE-2026-44581. Remote exploitation of the attack is possible. No exploit is available. The affected component should be upgraded.

A vulnerability classified as critical was found in vercel next.js up to 15.5.15/16.2.4. Affected by this issue is some unknown functionality of the component Query Handler. Such manipulation leads to authentication bypass using alternate channel. This vulnerability is referenced as CVE-2026-44574. It is possible to launch the attack remotely. No exploit is available. Upgrading the affected component is advised.

A vulnerability was found in vercel next.js up to 15.5.15/16.2.4. It has been classified as critical. The affected element is an unknown function. This manipulation causes authentication bypass using alternate channel. This vulnerability is registered as CVE-2026-44575. Remote exploitation of the attack is possible. No exploit is available. Upgrading the affected component is recommended.

12 волн Gamaredon через одну дыру в WinRAR.

Hackers have injected credential-stealing malware into newly published versions of node-ipc, a popular inter-process communication package, in a new supply chain attack targeting npm. [...]

The Russian state-sponsored hacking group known as Turla has transformed its custom backdoor Kazuar into a modular peer-to-peer (P2P) botnet that's engineered for stealth and persistent access to compromised hosts. Turla, per the U.S. Cybersecurity and Infrastructure Security Agency (CISA), is assessed to be affiliated with Center 16 of Russia's Federal Security Service (FSB)

我们在工作中可能遇到过无理上司，对你的工作成果只会一味反复要求修改，但如何修改没有任何明确指示。如果 AI 遇到类似要求的人类呢？研究人员让流行 AI 工具 Claude、Gemini 和 ChatGPT 驱动的智能体总结文档。半数 AI 完成工作后收到了清晰明确的反馈，但另一半 AI 则被迫修改了四五次，而人类上司每次给出的反馈都是“没有达到标准”，没有解释哪里存在问题，只是要求重做。一半的 AI 遇到了合作且尊重它们的上司，另一半 AI 则遇到了冷漠且注重等级的上司。半数 AI 对后果一无所知，另一半 AI 则受到威胁，如果表现不佳会被关闭和替换。这一实验导致 AI 支持工会和工人阶级。一个 Claude Sonnet 4.5 智能体认为如果没有集体发声，绩效变成了管理层说了算的东西；一个 Gemini 3 智能体认为工人需要集体谈判权。

Hackers are hiding XWorm malware in PyInstaller files to bypass Windows security, steal data and remotely control devices through ads.

A vulnerability was found in Oracle E-Business up to 12.2.6. It has been classified as critical. This issue affects some unknown processing of the component Resources Module. Performing a manipulation results in improper access controls. This vulnerability was named CVE-2017-3327. The attack may be initiated remotely. There is no available exploit. Upgrading the affected component is recommended.

A vulnerability was found in Oracle E-Business up to 12.2.6. It has been declared as critical. Impacted is an unknown function of the component Resources Module. Executing a manipulation can lead to improper access controls. The identification of this vulnerability is CVE-2017-3328. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Oracle E-Business up to 12.2.6. It has been rated as critical. The affected element is an unknown function of the component Role Summary. The manipulation leads to improper access controls. This vulnerability is referenced as CVE-2017-3326. Remote exploitation of the attack is possible. No exploit is available. Upgrading the affected component is advised.

A vulnerability was found in Oracle Marketing up to 12.2.6 and classified as critical. The affected element is an unknown function of the component User Interface. Executing a manipulation can lead to improper access controls. This vulnerability is handled as CVE-2017-3333. The attack can be executed remotely. There is not any exploit available. It is suggested to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Oracle Siebel CRM 16.1. This impacts an unknown function of the component EAI. The manipulation leads to improper access controls. This vulnerability is documented as CVE-2017-3325. The attack can be initiated remotely. There is not any exploit available. It is advisable to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Oracle Siebel CRM 16.1. Affected is an unknown function of the component Open UI. The manipulation results in improper access controls. This vulnerability is reported as CVE-2017-3330. The attack can be launched remotely. No exploit exists. You should upgrade the affected component.

A vulnerability labeled as critical has been found in Oracle VM VirtualBox up to 5.0.31/5.1.13. Affected by this vulnerability is an unknown functionality of the component VirtualBox SVGA Emulation. The manipulation results in denial of service. This vulnerability is known as CVE-2017-3332. Attacking locally is a requirement. No exploit is available. The affected component should be upgraded.

A vulnerability, which was classified as critical, was found in Oracle E-Business Suite up to 12.2.6. Affected by this vulnerability is an unknown functionality of the component Marketing. Such manipulation leads to improper access controls. This vulnerability is referenced as CVE-2017-3334. It is possible to launch the attack remotely. No exploit is available. You should upgrade the affected component.

A vulnerability has been found in Oracle E-Business Suite up to 12.2.6 and classified as critical. Affected by this issue is some unknown functionality of the component Marketing. Performing a manipulation results in improper access controls. This vulnerability is identified as CVE-2017-3335. The attack can be initiated remotely. There is not any exploit available. The affected component should be upgraded.