๐ด No Login Needed To Own Your Server
Hackers need zero credentials to hijack your entire server right now.
https://www.youtube.com/shorts/DKcU8AR01Rw
#cybersecurity #zeroday #infosec #hacking #dataprotection #cve #vulnerability #threatintel #security #redteam
fast16: il framework di cybersabotaggio pre-Stuxnet riemerso dai tool segreti NSA dei ShadowBrokers
SentinelLABS ha scoperto fast16, un framework di cybersabotaggio datato 2005 che precede Stuxnet di cinque anni. Il tool altera sottilmente i calcoli floating-point nei software di simulazione come LS-DYNA, target del programma nucleare iraniano, e appare nei leak NSA dei ShadowBrokers come strumento "da non toccare".
๐ด New security advisory:
CVE-2026-34275 affects multiple systems.
โข Impact: Remote code execution or complete system compromise possible
โข Risk: Attackers can gain full control of affected systems
โข Mitigation: Patch immediately or isolate affected systems
Full breakdown:
https://www.yazoul.net/advisory/cve/cve-2026-34275-oracle-e-biz-unauth-takeover
we're hacking PDFs again?
180 likes, 17 comments. "we're hacking PDFs again?"
๐ด New security advisory:
CVE-2026-6771 affects multiple systems.
โข Impact: Remote code execution or complete system compromise possible
โข Risk: Attackers can gain full control of affected systems
โข Mitigation: Patch immediately or isolate affected systems
Full breakdown:
https://www.yazoul.net/advisory/cve/cve-2026-6771-firefox-mitigation-bypass-unauthenticated
Lukasz Olejnik (@lukOlejnik)
์ค๊ตญ๊ณ AI๊ฐ ์ํํธ์จ์ด ์ทจ์ฝ์ ์ ์์ ์ ์ผ๋ก ํ์งํ๋ฉฐ ๋น์ฉ ํจ์จ์ ์ด๋ผ๋ ์ฐ๊ตฌ ๊ฒฐ๊ณผ๊ฐ ์๊ฐ๋๋ค. ์คํ์จ์ดํธ ๋ชจ๋ธ Kimi K2.5๋ฅผ Chrome ๋์ ์์ด์ ํฑ ํ๋ ์์ํฌ์ ์ ์ฉํด ์ด์ ์ ์๋ ค์ง์ง ์์ ์ ๋ก๋ฐ์ด 10๊ฑด์ ์ฐพ์๋๊ณ , ์ด ์ค 2๊ฑด์ ์น๋ช ์ ์ธ ์๋๋ฐ์ค ํ์ถ CVE์๋ค.
Research shows that Chinese AI can reliably detect software vulnerabilities - and it is cost efficient. Kimi K2.5, an open-weight model was deployed in an agentic framework against Chrome and produced 10 previously unknown zero-days, including two critical sandbox-escape CVEs.
CISA just ordered federal agencies to patch a Microsoft Defender flaw actively exploited as a zero-day. The patch exists. The exploitation is real. The window between "known vulnerability" and "patched system" is exactly where attackers live.
Every day that gap stays open is a day too many. ๐
#infosec #CVE #zeroday
https://www.bleepingcomputer.com/news/security/cisa-orders-feds-to-patch-microsoft-defender-flaw-exploited-in-zero-day-attacks/
๐ก THREAT INTELLIGENCE
Apple Fixes iOS Flaw That Let FBI Recover Deleted Signal Messages
Vulnerability | MEDIUM
Apple has released out-of-band security updates for iPhone and iPad devices to fix a Notification Services flaw that could allow notifications marked...
Full analysis:
https://www.yazoul.net/news/article/apple-fixes-ios-flaw-that-let-fbi-recover-deleted-signal-messages
๐ด New security advisory:
CVE-2026-41679 affects multiple systems.
โข Impact: Remote code execution or complete system compromise possible
โข Risk: Attackers can gain full control of affected systems
โข Mitigation: Patch immediately or isolate affected systems
Full breakdown:
https://www.yazoul.net/advisory/cve/cve-2026-41679-paperclip-unauthenticated-remote-code-execution
Anthropic's Mythos Model Exposes Limited Capabilities
Anthropic's highly anticipated Mythos model, designed to proactively identify vulnerabilities, has been compromised - with a small group of individuals reportedly gaining unauthorized access to the preview through a third-party vendor environment. The incident has raised concerns about the model's limited capabilities to protect itself fromโฆ
#ZeroDay #Anthropic #MythosModel #ProjectGlasswing #ThirdpartyVendor
Cybersecurity Threat Surface
(in)sicurezza digitale
Yazoul - Cybersecurity Alerts
HackerWorkspace
sayzard
Bobe'bot on security
Analyst207