Aggregator

A vulnerability was found in Linux Kernel up to 6.19-rc4. It has been classified as critical. This issue affects the function osdmap_apply_incremental of the component libceph. The manipulation leads to reachable assertion. This vulnerability is traded as CVE-2026-22990. Access to the local network is required for this attack to succeed. There is no exploit available. Upgrading the affected component is recommended.

A vulnerability, which was classified as critical, was found in Linux Kernel up to 6.12.65/6.18.5/6.19-rc4. Affected by this issue is the function nfsd4_revoke_states of the component nfsd. Such manipulation leads to state issue. This vulnerability is documented as CVE-2026-22989. The attack requires being on the local network. There is not any exploit available. You should upgrade the affected component.

A vulnerability described as problematic has been identified in libarchive. Affected by this issue is the function archive_read_data of the component RAR5 Decompression Handler. Such manipulation leads to infinite loop. This vulnerability is listed as CVE-2026-4111. The attack may be performed from remote. There is no available exploit.

A vulnerability categorized as critical has been discovered in openCryptoki 2.3.2 on Linux/AIX. Affected by this issue is some unknown functionality. Such manipulation leads to link following. This vulnerability is documented as CVE-2026-23893. The attack needs to be performed locally. There is not any exploit available. It is advisable to upgrade the affected component.

A vulnerability classified as critical has been found in Vim up to 9.1.2131. This affects the function get_tagfname of the file src/tag.c. The manipulation of the argument helpfile leads to heap-based buffer overflow. This vulnerability is traded as CVE-2026-25749. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

Submit #778282 / VDB-349769

Submit #778282 / VDB-349769

Submit #778281 / VDB-349768

Submit #778281 / VDB-349768

Submit #778280 / VDB-349768

Submit #778280 / VDB-349768

Submit #778279 / VDB-349766

Submit #778279 / VDB-349766

Submit #778278 / VDB-353874

Submit #778278 / VDB-353874

A South Asian financial institution has become the latest target of a focused cyberattack involving two custom-built malware tools — BRUSHWORM, a modular backdoor, and BRUSHLOGGER, a keylogger disguised as a trusted system file. The attack combined file theft, persistent system access, and real-time keystroke capture, underlining the growing risk that financial organizations across South […]

The post Hackers Deploy BRUSHWORM and BRUSHLOGGER Against South Asian Financial Firm appeared first on Cyber Security News.

Почему Европа больше не доверяет алгоритмам своего самого популярного мессенджера?

‘Q-Day’ and the cybersecurity problems it brings could come as early as 2029 as Google accelerates its post-quantum cryptography migration

A vulnerability categorized as critical has been discovered in NEC Platforms Aterm WG2600HS, Aterm WF1200CR, Aterm WG1200CR, Aterm WG2600HP4, Aterm WG2600HM4, Aterm WG2600HS2, Aterm WX3000HP and Aterm WX3000HP2. This affects an unknown part. Executing a manipulation can lead to os command injection. This vulnerability is tracked as CVE-2026-4622. The attack can be launched remotely. No exploit exists.

A vulnerability was found in NEC Platforms Aterm W1200EX, Aterm WG1200HP2, Aterm WG1900HP, Aterm WG1200HS2, Aterm WG1800HP3, Aterm WG1200HP3, Aterm WG1900HP2, Aterm WG1200HS3, Aterm WG1800HP4, Aterm WG1200HP4, Aterm WG1200HS4, Aterm WX1500HP, Aterm WG2600HS, Aterm WF1200CR, Aterm WG1200CR, Aterm WG2600HP4, Aterm WG2600HM4, Aterm WG2600HS2, Aterm WX3000HP, Aterm WX3000HP2 and Aterm WX3600HP. It has been rated as critical. Affected by this issue is some unknown functionality. Performing a manipulation results in backdoor. This vulnerability is identified as CVE-2026-4621. The attack can be initiated remotely. There is not any exploit available.