Threatpost
Cybercriminals Are Selling Access to Chinese Surveillance Cameras
Tens of thousands of cameras have failed to patch a critical, 11-month-old CVE, leaving thousands of organizations exposed.
Senaste 1h
Senaste 6h
Senaste 24h
Senaste 7d
Senaste 30d
Endast lokalt
Analys/ledare
Endast följda källor
Snabbfilter
Toppnyheter
Säkerhet
Poster
110
Källor
11
Senast uppdaterad
2026-03-06 10:45
NVD (National Vulnerability Database)10
SecurityWeek Vulnerabilities10
CERT-SE10
CISA KEV-katalog10
Microsoft MSRC10
Cisco PSIRT10
CVE-toppar
CVE-2026-201223
CVE-2017-79212
CVE-2025-154672
CVE-2026-200792
CVE-2026-201272
Senaste CVE
CVE-2026-23865
CVE-2026-23865 An integer overflow in the tt_var_load_item_variation_store function of the Freetype library in versions 2.13.2 and 2.13.3 may allow for an out of bounds read operation when parsing HVAR/VVAR/MVAR tables in OpenType variable fonts. This issue is fixed in version 2.14.2.
CVE-2026-3336
CVE-2026-3336 PKCS7_verify Certificate Chain Validation Bypass in AWS-LC
CVE-2026-3338
CVE-2026-3338 PKCS7_verify Signature Validation Bypass in AWS-LC
CVE-2026-24821
CVE-2026-24821 A heap-based buffer over-read that might affect a system that compiles untrusted Lua code in turanszkij/WickedEngine.
CVE-2026-23238
CVE-2026-23238 romfs: check sb_set_blocksize() return value
Säkerhet
66 artiklar
Microsoft MSRC
Information published.
SecurityWeek Vulnerabilities
The company has raised a total of $46 million in funding for its developer-focused encryption and orchestration platform. The post Data Security Firm Evervault Raises $25 Million in Series B Funding appeared first on...
The Hacker News
A China-linked advanced persistent threat (APT) actor has been targeting critical telecommunications infrastructure in South America since 2024, targeting Windows and Linux systems and edge devices with three...
The Hacker News
Microsoft on Thursday disclosed details of a new widespread ClickFix social engineering campaign that has leveraged the Windows Terminal app as a way to activate a sophisticated attack chain and deploy the Lumma...
The Hacker News
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added two security flaws impacting Hikvision and Rockwell Automation products to its Known Exploited Vulnerabilities (KEV) catalog, citing...
Dark Reading
Edge bugs are so fetch, and Cisco just dropped 50 new ones, including some heavy hitters with 10 out of 10 scores on the CVSS scale.
The Hacker News
Most organizations assume encrypted data is safe. But many attackers are already preparing for a future where today’s encryption can be broken. Instead of trying to decrypt information now, they are collecting...
SecurityWeek Vulnerabilities
Less than half of the total zero-days have been attributed to a threat actor, but spyware vendors and China are in the lead. The post Google: Half of 2025’s 90 Exploited Zero-Days Aimed at Enterprises appeared first...
Dark Reading
Much of Central and South America struggles with cybersecurity maturity, and hackers are taking advantage.
The Hacker News
Some weeks in cybersecurity feel routine. This one doesn’t. Several new developments surfaced over the past few days, showing how quickly the threat landscape keeps shifting. Researchers uncovered fresh activity,...
SecurityWeek Vulnerabilities
The networking giant has added the recently patched CVE-2026-20128 and CVE-2026-20122 to the list of exploited vulnerabilities. The post Cisco Warns of More Catalyst SD-WAN Flaws Exploited in the Wild appeared first...
The Hacker News
A suspected Iran-nexus threat actor has been attributed to a campaign targeting government officials in Iraq by impersonating the country's Ministry of Foreign Affairs to deliver a set of never-before-seen malware....
SecurityWeek Vulnerabilities
The company will expand its engineering team, deepen integrations, and accelerate go-to-market initiatives. The post Reclaim Security Raises $20 Million to Accelerate Remediation appeared first on SecurityWeek.
The Hacker News
Organizations typically roll out multi-factor authentication (MFA) and assume stolen passwords are no longer enough to access systems. In Windows environments, that assumption is often wrong. Attackers still...
SecurityWeek Vulnerabilities
The stolen credential marketplace had been active since 2021 and in late 2025 it counted 142,000 users. The post LeakBase Cybercrime Forum Shut Down, Suspects Arrested appeared first on SecurityWeek.
The Hacker News
Cybersecurity researchers have disclosed details of a new Russian cyber campaign that has targeted Ukrainian entities with two previously undocumented malware families named BadPaw and MeowMeow. "The attack chain...
CERT-SE
Cisco har publicerat information gällande två kritiska sårbarheter i Cisco Secure Firewall Management Center (FMC) och Cisco Security Cloud Control (SCC) Firewall Management. Båda sårbarheterna (CVE-2026-20079 och...
SecurityWeek Vulnerabilities
Cisco has rolled out patches for 48 vulnerabilities in Firewall ASA, Secure FMC, and Secure FTD products. The post Cisco Patches Critical Vulnerabilities in Enterprise Networking Products appeared first on SecurityWeek.
Cisco PSIRT
Multiple vulnerabilities in Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an attacker to access an affected system, elevate privileges to root, gain access to sensitive information, and overwrite...
The Hacker News
Tycoon 2FA, one of the prominent phishing-as-a-service (PhaaS) toolkits that allowed cybercriminals to stage adversary-in-the-middle (AitM) credential harvesting attacks at scale, was dismantled by a coalition of law...
SecurityWeek Vulnerabilities
Google and iVerify analysis reveals a powerful exploit kit originally used by Russian state actors that is now appearing in broader criminal campaigns. The post Nation-State iOS Exploit Kit ‘Coruna’ Found Powering...
CISA KEV-katalog
Apple iOS and iPadOS contain a use-after-free vulnerability. An app may be able to execute arbitrary code with kernel privileges. | Åtgärd: Apply mitigations per vendor instructions, follow applicable BOD 22-01...
Cisco PSIRT
Multiple vulnerabilities in the CLI feature of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, local attacker to...
1 fler källor
Cisco PSIRT
Cisco Adaptive Security Appliance and Firepower Threat Defense Software Command Injection Vulnerability
2026-03-04 17:10
CISA KEV-katalog
Multiple Hikvision products contain an improper authentication vulnerability that could allow a malicious user to escalate privileges on the system and gain access to sensitive information. | Åtgärd: Apply mitigations...
CISA KEV-katalog
Apple macOS, iOS, iPadOS, and Safari 16.6 contain a use-after-free vulnerability due to the processing of maliciously crafted web content that may lead to memory corruption. | Åtgärd: Apply mitigations per vendor...
CISA KEV-katalog
Apple tvOS, macOS, Safari, iPadOS and watchOS contain an integer overflow or wraparound vulnerability due to the processing of maliciously crafted web content that may lead to arbitrary code execution. | Åtgärd: Apply...
Cisco PSIRT
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attacker to execute arbitrary Java code as root on an affected...
1 fler källor
Cisco PSIRT
Cisco Secure Firewall Management Center Software Authentication Bypass Vulnerability
2026-03-05 01:00
Dark Reading
Exploitation of the command injection flaw in VMware Aria Operations could grant an attacker broad acess to victims' cloud environments.
Dark Reading
Events and concepts from the Stranger Things television series illustrate how enterprises can defend their networks and stay "right side up."
Cisco PSIRT
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker to perform...
Cisco PSIRT
Multiple Cisco products are affected by vulnerabilities in the Snort 3 Detection Engine that could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to restart, resulting in an...
1 fler källor
Cisco PSIRT
Multiple Cisco Products Snort 3 Visual Basic for Applications Denial of Service Vulnerabilities
2026-03-04 17:00
Cisco PSIRT
A vulnerability in the CLI of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software in multiple context mode could allow an authenticated, local attacker with administrative privileges in one context to...
Dark Reading
Dark Reading Confidential Episode 15: Interpol relied on Will Thomas and team to help break up a sprawling cybercrime ring, leading to the arrest of 574 suspects, the recovery of more than $3 million, and the...
Dark Reading
The emerging actor, part of the APT41 nexus, gains initial access via phishing, and uses legitimate network services to obscure cyber espionage activities.
Dark Reading
India-nexus cyber threat actors are growing more active and sophisticated, using custom tools coded in Rust and cloud-based command and control.
CISA KEV-katalog
Broadcom VMware Aria Operations formerly known as vRealize Operations (vROps) contains a command injection vulnerability that allows an unauthenticated attacker to execute arbitrary commands, potentially leading to...
CERT-SE
Veckans läsning innehåller bland annat artiklar om fortsatta utmaningar med olika typer av cyberangrepp men även om framgångsrika motåtgärder, till exempel mot en omfattande cyberspionagekampanj på internationell nivå.
1 fler källor
CISA KEV-katalog
Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, and Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, contain an authentication bypass vulnerability could allow an unauthenticated, remote attacker to...
CISA KEV-katalog
Cisco SD-WAN CLI contains a path traversal vulnerability that could allow an authenticated local attacker to gain elevated privileges via improper access controls on commands within the application CLI. A successful...
CISA KEV-katalog
Soliton Systems K.K FileZen contains an OS command injection vulnerability when an user logs-in to the affected product and sends a specially crafted HTTP request. | Åtgärd: Apply mitigations per vendor instructions,...
Fortinet PSIRT
CVSSv3 Score: 7.5 An Authentication Bypass by Primary Weakness vulnerability [CWE-305] in FortiOS fnbamd may allow an unauthenticated attacker to bypass LDAP authentication of Agentless VPN or FSSO policy, under...
Fortinet PSIRT
CVSSv3 Score: 6.7 A Use of Externally-Controlled Format String vulnerability [CWE-134] in FortiGate may allow an authenticated admin to execute unauthorized code or commands via specifically crafted configuration....
Palo Alto Networks Advisories
Ingen sammanfattning.
Fortinet PSIRT
CVSSv3 Score: 9.8 CVE-2025-15467Parsing CMS AuthEnvelopedData message with maliciously crafted AEAD parameters can trigger a stack buffer overflow. A stack buffer overflow may lead to a crash, causing Denial of...
CERT-SE
SolarWinds har publicerat uppdateringar som åtgärdar följande fyra kritiska sårbarheter i SolarWinds Web Help Desk: CVE-2025-40551 CVE-2025-40552 CVE-2025-40553 CVE-2025-40554
Fortinet PSIRT
CVSSv3 Score: 7.4 A heap-based buffer overflow vulnerability [CWE-122] in FortiOS and FortiSwitchManager cw_acd daemon may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically...
Palo Alto Networks Advisories
Ingen sammanfattning.
Fortinet PSIRT
CVSSv3 Score: 6.7 An Heap-based Buffer Overflow vulnerability [CWE-122] in FortiOS, FortiPAM and FortiProxy RDP bookmark connection may allow an authenticated user to execute unauthorized code via crafted requests....
NVD (National Vulnerability Database)
A vulnerability classified as problematic has been found in Ortus Solutions ColdBox Elixir 3.1.6. This affects an unknown part of the file src/defaultConfig.js of the component ENV Variable Handler. The manipulation...
NVD (National Vulnerability Database)
A vulnerability was found in Vaerys-Dawn DiscordSailv2 up to 2.10.2. It has been rated as critical. Affected by this issue is some unknown functionality of the component Tag Handler. The manipulation leads to improper...
NVD (National Vulnerability Database)
A vulnerability was found in Vaerys-Dawn DiscordSailv2 up to 2.10.2. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Command Mention Handler. The...
NVD (National Vulnerability Database)
In swtpm before 0.4.2 and 0.5.x before 0.5.1, a local attacker may be able to overwrite arbitrary files via a symlink attack against a temporary file such as TMP2-00.permall.
NVD (National Vulnerability Database)
bcrypt password hashing in Botan before 2.1.0 does not correctly handle passwords with a length between 57 and 72 characters, which makes it easier for attackers to determine the cleartext password.
Threatpost
Tens of thousands of cameras have failed to patch a critical, 11-month-old CVE, leaving thousands of organizations exposed.
Threatpost
Twitter is blasted for security and privacy lapses by the company’s former head of security who alleges the social media giant’s actions amount to a national security risk.
Threatpost
CISA is warning that Palo Alto Networks’ PAN-OS is under active attack and needs to be patched ASAP.
Threatpost
Fake travel reservations are exacting more pain from the travel weary, already dealing with the misery of canceled flights and overbooked hotels.
Threatpost
Separate fixes to macOS and iOS patch respective flaws in the kernel and WebKit that can allow threat actors to take over devices and are under attack.
Threatpost
An insufficient validation input flaw, one of 11 patched in an update this week, could allow for arbitrary code execution and is under active attack.
