Aggregator

A vulnerability classified as very critical has been found in Soar Cloud System HRD Human Resource Management System up to 7.3.2025.0408. This issue affects some unknown processing. This manipulation causes deserialization. The identification of this vulnerability is CVE-2025-48780. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability classified as critical was found in Soar Cloud System HRD Human Resource Management System up to 7.3.2025.0408. Impacted is an unknown function. Such manipulation leads to missing authentication. This vulnerability is referenced as CVE-2025-5192. It is possible to launch the attack remotely. No exploit is available.

A vulnerability was found in MediaTek MT2735, MT6833, MT6853, MT6855, MT6873, MT6875, MT6877, MT6880, MT6883, MT6885, MT6889, MT6890, MT6891, MT6893, MT8675, MT8771, MT8791, MT8791T and MT8797. It has been declared as problematic. This affects an unknown function of the component Base Station Handler. The manipulation results in reachable assertion. This vulnerability is reported as CVE-2026-20401. The attack can be launched remotely. No exploit exists. It is advisable to implement a patch to correct this issue.

A vulnerability was found in MediaTek MT2735, MT6833, MT6853, MT6855, MT6873, MT6875, MT6877, MT6880, MT6883, MT6885, MT6889, MT6890, MT6891, MT6893, MT8675, MT8771, MT8791, MT8791T and MT8797. It has been rated as critical. This impacts an unknown function of the component Base Station Handler. This manipulation causes out-of-bounds write. This vulnerability appears as CVE-2026-20402. The attack may be initiated remotely. There is no available exploit. Applying a patch is the recommended action to fix this issue.

A vulnerability categorized as critical has been discovered in MediaTek MT2735, MT2737, MT6813, MT6815, MT6833, MT6835, MT6853, MT6855, MT6873, MT6875, MT6877, MT6878, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6891, MT6893, MT6895, MT6896, MT6897, MT6899, MT6980, MT6983, MT6985, MT6989, MT6990, MT6991, MT6993, MT8673, MT8675, MT8676, MT8771, MT8791, MT8791T, MT8795T, MT8797, MT8798 and MT8893. Affected is an unknown function of the component Base Station Handler. Such manipulation leads to out-of-bounds write. This vulnerability is traded as CVE-2026-20403. The attack may be launched remotely. There is no exploit available. It is best practice to apply a patch to resolve this issue.

A vulnerability identified as critical has been detected in MediaTek MT2735, MT2737, MT6813, MT6815, MT6833, MT6835, MT6853, MT6855, MT6858, MT6873, MT6875, MT6877, MT6878, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6891, MT6893, MT6895, MT6896, MT6897, MT6899, MT6980, MT6983, MT6985, MT6986, MT6989, MT6990, MT6991, MT6993, MT8668, MT8673, MT8675, MT8676, MT8678, MT8755, MT8771, MT8791, MT8791T, MT8792, MT8793, MT8795T, MT8797, MT8798, MT8863, MT8873, MT8883 and MT8893. Affected by this vulnerability is an unknown functionality of the component Base Station Handler. Performing a manipulation results in out-of-bounds write. This vulnerability is known as CVE-2026-20404. Remote exploitation of the attack is possible. No exploit is available. It is recommended to apply a patch to fix this issue.

A vulnerability identified as problematic has been detected in Soar Cloud System HRD Human Resource Management System up to 7.3.2025.0408. Affected by this vulnerability is an unknown functionality. Performing a manipulation results in file inclusion. This vulnerability is known as CVE-2025-48781. Remote exploitation of the attack is possible. No exploit is available.

A vulnerability was found in Fortinet FortiDeceptor up to 5.3.0. It has been rated as problematic. Affected by this vulnerability is an unknown functionality. This manipulation causes cross site scripting. This vulnerability is tracked as CVE-2024-35280. The attack is possible to be carried out remotely. No exploit exists.

A vulnerability categorized as critical has been discovered in Fortinet FortiDeceptor up to 5.0.0/5.1.0/5.2.1/5.3.3/6.0.0. Affected by this vulnerability is an unknown functionality of the component Request Handler. Executing a manipulation can lead to improper access controls. The identification of this vulnerability is CVE-2024-45326. The attack may be launched remotely. There is no exploit available.

ConnectSecure announced the launch of a new cross-platform Linux operating system patching capability. The update eliminates the complexity of managing fragmented Linux environments by delivering a single, unified interface for deploying critical security updates across the four most widely used Linux distributions: Red Hat, Ubuntu, Debian, and CentOS. The new capability helps MSPs and security teams automate the identification and deployment of kernel and OS patches without requiring distribution-specific tools. As a result, organizations can … More →

The post ConnectSecure introduces Linux patching capability to simplify cross-distro updates appeared first on Help Net Security.

Leaked non-human identities like API keys and tokens are becoming a major breach driver in cloud environments. Flare shows how exposed machine credentials quietly grant attackers long-term access to enterprise systems. [...]

Nederlandse militairen die deel uitmaken van de Multinational Battlegroup in Litouwen (MNBG LTU), staan sinds vandaag onder het bevel van 45. Pantserbrigade uit Duitsland. Dat gebeurde symbolisch door de overdracht van een NAVO-vlag in het ijskoude en zonnige Kaunas. De commandowisseling werd vanochtend gevierd met een grote militaire parade.

The developers of Notepad++ disclosed a critical security breach on February 2, 2026, affecting their update infrastructure. The popular text editor, widely used by developers worldwide, became the target of a sophisticated supply chain attack that remained undetected for several months. According to the official statement, attackers gained unauthorized access through a hosting provider-level incident […]

The post Supply Chain Attack Abused Notepad++ Update Infrastructure to Deliver Targeted Malware appeared first on Cyber Security News.

ShadowSyndicate cluster expands with new SSH fingerprints connecting servers to other ransomware ops

A new spy campaign by Mustang Panda uses fake US diplomatic briefings to target government officials. Discover how this silent surveillance operation works.

漏洞来源漏洞描述vLLM 是一个用于大型语言模型 (LLM) 的推理和服务引擎。在 0.11.1 版本之前，vllm 的一个名为 Nemotron_Nano_VL_Config 的配置类存在一个严重的远程代码执行漏洞。当 vllm 加载包含 auto_map 条目的模型配置时，该配置类会使用 get_class_from_dynamic_module(...) 解析该映射，并立即实例化返回的类。这

CVE-2026-23873 & CVE-2026-24479 审计过程

漏洞简介VM2 是一个开源的虚拟机/沙盒Node.js。在 vm2 版本 3.10.2 之前，'Promise.prototype.then' 和 'Promise.prototype.catch' 的回调净化可以被绕过。这使得攻击者能够逃离沙盒，运行任意代码。在 lib/setup-sandbox.js 中，'localPromise.prototype.then' 的回调函数被净化，但 'gl

复现最新的漏洞Dokploy RCE (CVE-2026-24841)

GreyNoise spotted a dual-mode Citrix Gateway recon campaign using 63K+ residential proxies and AWS to find login panels and enumerate versions. Between Jan 28 and Feb 2, 2026, GreyNoise tracked a coordinated reconnaissance campaign targeting Citrix ADC and NetScaler Gateways. Attackers used over 63,000 residential proxies to discover login panels, then switched to AWS infrastructure […]