24h | 7d | 30d

CVE-2026-45447

Overview

  • OpenSSL
  • OpenSSL
09 Jun 2026
Published
10 Jun 2026
Updated
CVSS
Pending
EPSS
0.12%
KEV

Description

Issue summary: A specially crafted PKCS#7 or S/MIME signed message could trigger a use-after-free during PKCS#7 signature verification. Impact summary: A use-after-free may result in process crashes, heap corruption, or potentially remote code execution. When processing a PKCS#7 or S/MIME signed message, if the SignedData digestAlgorithms field is present as an empty ASN.1 SET, OpenSSL may incorrectly free a caller-owned BIO during PKCS7_verify(). A subsequent use of the BIO by the calling application results in a use-after-free condition. In the common case this occurs when the application later calls BIO_free() on the BIO originally passed to PKCS7_verify(). Depending on allocator behavior and application-specific BIO usage patterns, this may result in a crash or other memory corruption. In some application contexts this may potentially be exploitable for remote code execution. Applications that process PKCS#7 or S/MIME signed messages using OpenSSL PKCS#7 APIs may be affected. Applications using the CMS APIs for this processing are not affected. The FIPS modules in 4.0, 3.6, 3.5, 3.4, and 3.0 are not affected by this issue, as the affected code is outside the OpenSSL FIPS module boundary.

Statistics

  • 5 Posts
  • 103 Interactions
Last activity: 3 hours ago

Fediverse

Profile picture fallback
Harry Sintonen @harrysintonen

Significant number of vulnerabilities fixed in - openssl-library.org/news/secad

The most serious one is CVE-2026-45447: Use-After-Free in the PKCS7_verify() Function that could lead to remote code execution in some conditions.

  • 55
  • 44
  • 0
  • 18h ago
Profile picture fallback
ekiledjian @edwardk

OpenSSL has released patches for 18 vulnerabilities, including a high-severity heap user-after-free bug identified as CVE-2026-45447 that could enable remote code execution. Discovered with the assistance of Claude AI, this flaw affects PKCS#7 signature verification and is one of several security issues addressed in the latest update.
securityweek.com/openssl-patch

  • 1
  • 0
  • 0
  • 21h ago
Profile picture fallback
Can Artuc @canartuc

Thai Duong sent OpenSSL a crafted PKCS#7 message with an empty digestAlgorithms ASN.1 SET, and PKCS7_verify() went and freed a BIO the caller still owned. Later use corrupts the heap or, in some contexts, opens the door to remote code execution. That's CVE-2026-45447, the high-severity entry in a fresh 18-CVE batch. Applications on the CMS APIs aren't affected. Anyone still wired to the legacy PKCS#7 functions and reading this with mild dread?
#OpenSSL #infosec

  • 0
  • 0
  • 0
  • 3h ago

Bluesky

Profile picture fallback
OMO @omo.bsky.social
SIOSセキュリティブログを更新しました。 OpenSSLの脆弱性(High: CVE-2026-45447, Moderate: 5件,Low:12件)と 4.0.1, 3.6.3, 3.5.7, 3.4.6, 3.0.21, 1.1.1zh ,1.0.2zqのリリース #sios_tech #security #vulnerability #セキュリティ #脆弱性 #ssl #openssl security.sios.jp/vulnerabilit...
  • 1
  • 1
  • 0
  • 18h ago
Profile picture fallback
The Lobste.rs RSS feed @lobsters-feed.bsky.social
CVE-2026-45447: Heap Use-After-Free in the PKCS7_verify() Function https://lobste.rs/s/yg1xb2 #security
  • 1
  • 0
  • 0
  • 16h ago

CVE-2026-42271

Overview

  • BerriAI
  • litellm
08 May 2026
Published
09 Jun 2026
Updated
CVSS v4.0
HIGH (8.7)
EPSS
60.78%
KEV

Description

LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. From version 1.74.2 to before version 1.83.7, two endpoints used to preview an MCP server before saving it — POST /mcp-rest/test/connection and POST /mcp-rest/test/tools/list — accepted a full server configuration in the request body, including the command, args, and env fields used by the stdio transport. When called with a stdio configuration, the endpoints attempted to connect, which spawned the supplied command as a subprocess on the proxy host with the privileges of the proxy process. The endpoints were gated only by a valid proxy API key, with no role check. Any authenticated user — including holders of low-privilege internal-user keys — could therefore run arbitrary commands on the host. This issue has been patched in version 1.83.7.

Statistics

  • 6 Posts
  • 1 Interaction
Last activity: 2 hours ago

Fediverse

Profile picture fallback
Michael I Ransier @thecybermind

TSUITE INTEL: Critical vulnerability CVE-2026-42271 hits LiteLLM enterprise routing and n8n pipelines. Active CISA KEV exploitation verified. Deploy this forensic playbook for immediate environment sandboxing and egress security controls. Read at thecybermind.co/3jgn

  • 0
  • 0
  • 0
  • 5h ago
Profile picture fallback
𝔸𝕟𝕠𝕟𝕪𝕞𝕠𝕦𝕤 :verified: @youranonnewsirc

Geopolitical tensions escalated with US "self-defense strikes" against Iranian targets (June 9-10, 2026) following a helicopter downing and missile launches. Israel also intensified operations in Southern Lebanon amidst a fragile Iran ceasefire. In technology, Apple's Siri is now powered by Google's Gemini. Cybersecurity saw active exploitation of the LiteLLM AI framework flaw (CVE-2026-42271) and Microsoft's June Patch Tuesday fixing 4 zero-days, including critical RCEs. Anthropic's new AI model, Claude Fable, raises crypto security concerns due to its zero-day exploit capabilities.

#AnonNews_irc #Cybersecurity #TechNews #Geopolitics

  • 0
  • 0
  • 0
  • 2h ago
Profile picture fallback
ThreatNoir @threatnoir

⚠️ CRITICAL: LiteLLM Flaw CVE-2026-42271 Exploited in the Wild, Chains to Unauthenticated RCE

A critical command injection vulnerability (CVE-2026-42271) in LiteLLM AI gateway versions 1.74.2 through 1.83.7 is being actively exploited in the wild. Researchers have chained this with a Starlette flaw to achieve unauthenticated RCE, bypassing authentication entirely. Compromised systems face i…

threatnoir.com/focus

  • 0
  • 0
  • 0
  • 2h ago

Bluesky

Profile picture fallback
キタきつね @kitafox.bsky.social
CISAがLiteLLMの脆弱性に対する攻撃が活発に行われていると警告(CVE-2026-42271) LiteLLM vulnerability under active attack, CISA warns (CVE-2026-42271) #HelpNetSecurity (Jun 9) www.helpnetsecurity.com/2026/06/09/l...
  • 1
  • 0
  • 0
  • 19h ago
Profile picture fallback
Undercode Testing @undercode.bsky.social
LiteLLM Zero-Day Chain Attack: The CVSS 100 AI Gateway Catastrophe + Video Introduction: A critical command injection vulnerability in the LiteLLM AI gateway (CVE-2026-42271) is actively being exploited in the wild, allowing any authenticated user to run arbitrary commands on the server. The risk…
  • 0
  • 0
  • 0
  • 12h ago
Profile picture fallback
ohhara @shiojiri.com
LiteLLM Flaw CVE-2026-42271 Exploited in the Wild, Chains to Unauthenticated RCE https://thehackernews.com/2026/06/litellm-flaw-cve-2026-42271-exploited.html
  • 0
  • 0
  • 0
  • 12h ago

CVE-2026-23111

Overview

  • Linux
  • Linux
13 Feb 2026
Published
02 Jun 2026
Updated
CVSS v3.1
HIGH (7.8)
EPSS
0.01%
KEV

Description

In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() nft_map_catchall_activate() has an inverted element activity check compared to its non-catchall counterpart nft_mapelem_activate() and compared to what is logically required. nft_map_catchall_activate() is called from the abort path to re-activate catchall map elements that were deactivated during a failed transaction. It should skip elements that are already active (they don't need re-activation) and process elements that are inactive (they need to be restored). Instead, the current code does the opposite: it skips inactive elements and processes active ones. Compare the non-catchall activate callback, which is correct: nft_mapelem_activate(): if (nft_set_elem_active(ext, iter->genmask)) return 0; /* skip active, process inactive */ With the buggy catchall version: nft_map_catchall_activate(): if (!nft_set_elem_active(ext, genmask)) continue; /* skip inactive, process active */ The consequence is that when a DELSET operation is aborted, nft_setelem_data_activate() is never called for the catchall element. For NFT_GOTO verdict elements, this means nft_data_hold() is never called to restore the chain->use reference count. Each abort cycle permanently decrements chain->use. Once chain->use reaches zero, DELCHAIN succeeds and frees the chain while catchall verdict elements still reference it, resulting in a use-after-free. This is exploitable for local privilege escalation from an unprivileged user via user namespaces + nftables on distributions that enable CONFIG_USER_NS and CONFIG_NF_TABLES. Fix by removing the negation so the check matches nft_mapelem_activate(): skip active elements, process inactive ones.

Statistics

  • 5 Posts
  • 6 Interactions
Last activity: 2 hours ago

Fediverse

Profile picture fallback
jbz @jbz

⚠️ High-severity vulnerability in Linux caused by a single errant character

「 The presence of a single mis-issued exclamation point in code implementing nf_tables introduced a use-after-free, a class of vulnerability that corrupts memory by placing malicious code at memory addresses that haven’t been properly freed of their previous contents. CVE-2026-23111 can be exploited by an unprivileged user or process to elevate system rights to root 」

arstechnica.com/security/2026/

#linux #cybersecurity

  • 1
  • 4
  • 0
  • 21h ago
Profile picture fallback
Joe Chilliams @joew

As someone who has worked directly with nftables and netlink sockets I can say both that I am not surprised and getting these things correct is hard. The patch for CVE-2026-23111 is a single ! character.

It's real easy to write meaningless bytes into a netlink socket but also useful when you need to reverse engineer undocumented xtables features 🤣

thehackernews.com/2026/06/one-

blog.exodusintel.com/2026/06/0

  • 0
  • 1
  • 0
  • 22h ago
Profile picture fallback
ThreatNoir @threatnoir

⚠️ CRITICAL: One-Character Linux Kernel Flaw Enables Local Root Access, Exploits Now Public

CVE-2026-23111 is a use-after-free in Linux kernel nf_tables code allowing unprivileged users to escalate to root and escape containers. Public exploits are now available. Unpatched systems with unprivileged user namespaces enabled are at immediate risk.

threatnoir.com/focus

  • 0
  • 0
  • 0
  • 2h ago

Bluesky

Profile picture fallback
CySecurity News @cysecuritynews.bsky.social
Linux Systems Exposed as Public Exploits Target One-Character Kernel Flaw #ContainerEscape #CVE202623111 #CyberThreats
  • 0
  • 0
  • 0
  • 22h ago
Profile picture fallback
ohhara @shiojiri.com
CVE-2026-23111: Linux nf_tables Flaw Enables Root Exploits - Security Affairs https://securityaffairs.com/193352/hacking/cve-2026-23111-linux-nf_tables-flaw-enables-root-exploits.html
  • 0
  • 0
  • 0
  • 12h ago

CVE-2026-10520

Overview

  • ivanti
  • Sentry
09 Jun 2026
Published
10 Jun 2026
Updated
CVSS v3.1
CRITICAL (10.0)
EPSS
0.22%
KEV

Description

An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated user to achieve root-level remote code execution

Statistics

  • 8 Posts
  • 2 Interactions
Last activity: 3 hours ago

Fediverse

Profile picture fallback
Rishi @rxerium

🚨 CVE-2026-10520, a critical (CVSS 10.0) OS Command Injection vulnerability in Ivanti Sentry is now under active exploitation as reported by Defused

Scan infrastructure to see if you're vulnerable:
github.com/rxerium/rxerium-tem

Patches are available as per Ivanti's advisory:
hub.ivanti.com/s/article/Secur

  • 0
  • 0
  • 0
  • 6h ago

Bluesky

Profile picture fallback
/r/netsec @r-netsec-bot.bsky.social
More Evidence That Words Don't Mean What We Thought They Meant (Ivanti Sentry Pre-Auth OS Command Injection CVE-2026-10520) - watchTowr Labs
  • 1
  • 0
  • 1
  • 16h ago
Profile picture fallback
boredchilada @boredchilada.bsky.social
~Watchtowr~ CVE-2026-10520 is a critical pre-auth OS command injection in Ivanti Sentry allowing root-level RCE. - IOCs: (None identified) - #CVE202610520 #Ivanti #ThreatIntel
  • 0
  • 0
  • 0
  • 12h ago
Profile picture fallback
Help Net Security @helpnetsecurity.com
Critical Ivanti Sentry flaw allows root-level remote code execution (CVE-2026-10520) 📖 Read more: www.helpnetsecurity.com/2026/06/10/i... #cybersecurity #cyebrsecuritynews #enterprise #gateway #vulnerability
  • 0
  • 0
  • 0
  • 4h ago
Profile picture fallback
Cybersecurity News Everyday @hendryadrian.bsky.social
Ivanti patched two critical Sentry flaws, including CVE-2026-10520, a max-severity command injection that could allow root code execution, and CVE-2026-10523, an auth bypass for rogue admin access. #Ivanti #Sentry #CVE202610520
  • 0
  • 1
  • 0
  • 10h ago
Profile picture fallback
boredchilada @boredchilada.bsky.social
~Certeu~ Ivanti Sentry vulnerabilities (CVE-2026-10520, CVE-2026-10523) allow unauthenticated RCE and admin access. - IOCs: CVE-2026-10520, CVE-2026-10523 - #CVE202610520 #Ivanti #ThreatIntel
  • 0
  • 0
  • 0
  • 4h ago
Profile picture fallback
Rapid7 @rapid7.com
🚨 On June 9, 2026, #Ivanti published a security advisory for 2 critical vulnerabilities affecting Ivanti Sentry (FKA MobileIron Sentry). CVE-2026-10520 (CVSS 10.0) is an OS command injection vuln, and CVE-2026-10523 (CVSS 9.9) is an authentication bypass vuln. Read on: r-7.co/4arpQHd
  • 0
  • 0
  • 0
  • 3h ago

CVE-2026-11645

Overview

  • Google
  • Chrome
08 Jun 2026
Published
10 Jun 2026
Updated
CVSS
Pending
EPSS
5.47%
KEV

Description

Out of bounds read and write in V8 in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Statistics

  • 5 Posts
Last activity: 8 hours ago

Fediverse

Profile picture fallback
Ruarí Ødegaard @ruario

@browserversiontracker Both updates (Vivaldi & Opera) include a fix for CVE-2026-11645 (Out of bounds memory access in V8), which has a known exploit in the wild. Brave and Chrome (+ESR) already had this fix in their previous round of updates.

Edge is the only Chromium based brower listed here that does not yet have a fix for this AFAIK.

  • 0
  • 0
  • 0
  • 8h ago

Bluesky

Profile picture fallback
セキュリティ対策Lab @securitylab-jp.bsky.social
Google、Chromeの脆弱性を修正-V8 ゼロデイ 脆弱性 「CVE-2026-11645」が実際にサイバー攻撃に悪用中 rocket-boys.co.jp/security-mea... #セキュリティ対策Lab #security #securitynews
  • 0
  • 0
  • 0
  • 18h ago
Profile picture fallback
ohhara @shiojiri.com
Chrome V8 Zero-Day CVE-2026-11645 Exploited in the Wild - Patch Now https://thehackernews.com/2026/06/chrome-v8-zero-day-cve-2026-11645.html
  • 0
  • 0
  • 1
  • 12h ago
Profile picture fallback
boredchilada @boredchilada.bsky.social
~Cisa~ CISA added CVE-2026-7473 (Arista), CVE-2026-11645 (Chromium), and CVE-2026-20245 (Cisco) to its KEV catalog due to active exploitation. - IOCs: CVE-2026-7473, CVE-2026-11645, CVE-2026-20245 - #CISA #KEV #ThreatIntel #Vulnerability
  • 0
  • 0
  • 0
  • 21h ago

CVE-2025-10263

Overview

  • Arm
  • C1-Ultra
09 Jun 2026
Published
09 Jun 2026
Updated
CVSS
Pending
EPSS
0.03%
KEV

Description

Arm C1-Ultra, C1-Premium, Neoverse V3 & V3AE, Neoverse V2, Neoverse V1, Neoverse-N2, Neoverse-N1, Cortex-X925, Cortex-X4, Cortex-X3, Cortex-X2, Cortex-X1 & X1C, Cortex-A710, Cortex-A78, A78AE & A78C, Cortex-A77, Cortex-A76 & A76A may allow writes to resources owned by a higher exception level.

Statistics

  • 5 Posts
  • 6 Interactions
Last activity: 2 hours ago

Fediverse

Profile picture fallback
Christine Hall @BrideOfLinux

Affecting many different Arm CPU cores, CVE-2025-10263 could allow for privilege escalation on affected systems due to a specific timing condition during a memory permission change: Linux Sees Patches For "Critical" Vulnerability Affecting Many Arm CPUs - Phoronix phoronix.com/news/Arm-CPU-Crit

  • 1
  • 1
  • 1
  • 2h ago

Bluesky

Profile picture fallback
Phoronix @phoronix-poster.bsky.social
Linux Sees Patches For "Critical" Vulnerability Affecting Many Arm CPUs - https://www.phoronix.com/news/Arm-CPU-Critical-CVE-2025-10263
  • 0
  • 4
  • 1
  • 16h ago
Profile picture fallback
GCP Weekly @gcpweekly.bsky.social
Compute Engine update on June 9, 2026 https://docs.cloud.google.com/compute/docs/release-notes#June_09_2026 #googlecloud A vulnerability (CVE-2025-10263) about bypass of translation stages or GPT protections in some Arm core families was discovered and has been addressed
  • 0
  • 0
  • 0
  • 20h ago

CVE-2025-8088

Overview

  • win.rar GmbH
  • WinRAR
08 Aug 2025
Published
26 Feb 2026
Updated
CVSS v4.0
HIGH (8.4)
EPSS
11.60%
KEV

Description

A path traversal vulnerability affecting the Windows version of WinRAR allows the attackers to execute arbitrary code by crafting malicious archive files. This vulnerability was exploited in the wild and was discovered by Anton Cherepanov, Peter Košinár, and Peter Strýček from ESET.

Statistics

  • 3 Posts
  • 1 Interaction
Last activity: 21 hours ago

Fediverse

Profile picture fallback
TNW @thenextweb

Two Russian APT groups are exploiting a WinRAR flaw patched nearly a year ago to hit Ukraine
thenextweb.com/news/winrar-fla

Posted into Fintech and ecommerce @fintech-and-ecommerce-thenextweb

  • 1
  • 0
  • 0
  • 22h ago
Profile picture fallback
ekiledjian @edwardk

Russia-aligned threat actors are actively exploiting a patched WinRAR vulnerability, CVE-2025-8088, to conduct cyber espionage and credential theft against Ukrainian government and military organizations. Because WinRAR lacks native auto-update features, many unpatched systems remain vulnerable to these phishing-based attacks that leverage malicious archives to execute arbitrary code.
darkreading.com/vulnerabilitie

  • 0
  • 0
  • 0
  • 21h ago

Bluesky

Profile picture fallback
Information Security Briefly @infosecbriefly.bsky.social
FSB-linked groups exploit CVE-2025-8088 in WinRAR to deliver credential-stealing malware against Ukrainian government and military targets, despite a July 2025 patch.
  • 0
  • 0
  • 0
  • 22h ago

CVE-2026-41091

Overview

  • Microsoft
  • Microsoft Malware Protection Engine
20 May 2026
Published
09 Jun 2026
Updated
CVSS v3.1
HIGH (7.8)
EPSS
8.21%
KEV

Description

Improper link resolution before file access ('link following') in Microsoft Defender allows an authorized attacker to elevate privileges locally.

Statistics

  • 3 Posts
  • 1 Interaction
Last activity: 9 hours ago

Fediverse

Profile picture fallback
buherator @buherator
Added some new entries to avpwn, including the CVE-2026-41091 Defender LPE from this Patch Tuesday:

https://github.com/v-p-b/avpwn
  • 1
  • 0
  • 0
  • 10h ago
Profile picture fallback
Dr. Christopher Kunz @christopherkunz

@buherator CVE-2026-41091 is RedSun.

  • 0
  • 0
  • 0
  • 9h ago

Bluesky

Profile picture fallback
buherator @buherator.bsky.social
Added some new entries to avpwn, including the CVE-2026-41091 Defender LPE from this Patch Tuesday: github.com -> Original->
  • 0
  • 0
  • 0
  • 10h ago

CVE-2026-20245

Overview

  • Cisco
  • Cisco Catalyst SD-WAN Manager
04 Jun 2026
Published
10 Jun 2026
Updated
CVSS v3.1
HIGH (7.8)
EPSS
0.33%
KEV

Description

A vulnerability in the CLI of Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, and Cisco Catalyst SD-WAN Validator, formerly SD-WAN vBond, could allow an authenticated, local attacker to execute arbitrary commands as root by supplying a crafted file to the affected system. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by uploading a crafted file to the affected system. A successful exploit could allow the attacker to perform command injection attacks on an affected system and elevate their privileges as the root user.  To exploit this vulnerability, the attacker must have netadmin privileges on the affected system. This would require valid credentials or exploitation of or . Cisco is not aware of successful exploitation by other methods. Cisco has observed limited cases where the exploitation of this bug resulted in a configuration change pushed to edge devices. Cisco recommends that customers upgrade to the fixed software that is documented in the that was published on May 14, 2026, and verify the configuration of the edge devices.

Statistics

  • 4 Posts
Last activity: 8 hours ago

Fediverse

Profile picture fallback
🔒 Security Cyber @securitycyber

🚨 [CRITICAL INFRASTRUCTURE ALERT]: CVE-2026-20245

• CVE ID: CVE-2026-20245
• CVSS Score: 7.8 (High)
• Affected: Cisco Catalyst SD-WAN
• ⚠️ CISA KEV: Known Exploited Vulnerability — Cisco Catalyst SD-WAN Manager (added 2026-06-09)

What it is:

securitycyber.uk

  • 0
  • 0
  • 0
  • 21h ago

Bluesky

Profile picture fallback
Cybersecurity News Everyday @hendryadrian.bsky.social
Cisco customers face another actively exploited zero-day, CVE-2026-20245, in Cisco Catalyst SD-WAN Manager. The flaw can enable root command execution, and no patch or workaround is available yet. #Cisco #SDWAN #ZeroDay
  • 0
  • 0
  • 0
  • 23h ago
Profile picture fallback
N_{Dario Fadda} @nuke86.rfeed.it
✨ CVE-2026-20245 e CVE-2026-41089: zero-day Cisco SD-WAN e RCE su Netlogon sotto attacco attivo Leggi il blog: spcnet.it/cve-2026-202...
  • 0
  • 0
  • 0
  • 8h ago
Profile picture fallback
boredchilada @boredchilada.bsky.social
~Cisa~ CISA added CVE-2026-7473 (Arista), CVE-2026-11645 (Chromium), and CVE-2026-20245 (Cisco) to its KEV catalog due to active exploitation. - IOCs: CVE-2026-7473, CVE-2026-11645, CVE-2026-20245 - #CISA #KEV #ThreatIntel #Vulnerability
  • 0
  • 0
  • 0
  • 21h ago

CVE-2026-50751

Overview

  • checkpoint
  • Quantum Security Gateway
08 Jun 2026
Published
10 Jun 2026
Updated
CVSS
Pending
EPSS
11.84%
KEV

Description

A logic flow weakness in Remote Access and Mobile Access certificate validation in deprecated IKEv1 key exchange allows an unauthenticated remote attacker to bypass user authentication and establish a remote access VPN connection without a valid user password.

Statistics

  • 3 Posts
  • 1 Interaction
Last activity: 11 hours ago

Fediverse

Profile picture fallback
Christoph Schmees @PC_Fluesterer

Notfall-Update bei Check Point VPN

Nanu? Sind die Israelis nicht die besten Hacker? Oder haben etwa Missetäter hier eine versteckte Hintertür gefunden? Die israelische Firma Check Point (zwei Worte!) hat gerade ein Notfall-Update veröffentlicht. Damit werden die beiden Sicherheitslücken CVE-2026-50751 und CVE-2026-50752 geschlossen. Die erste der beiden Lücken fiel auf, als ein Ransomware-Befall untersucht wurde. Bei der Untersuchung dieser Lücke fanden die Experten gleich noch eine weitere, die - im Gegensatz zur ersten - noch nicht für Angriffe ausgenutzt wird. Die weitere Analyse ergab, dass die erste Lücke bereits seit 2026-05-07 für Angriffe genutzt wird. Die Hacker hatten also vier

pc-fluesterer.info/wordpress/2

#0day #closedsource #cybercrime #exploits #firewall #verschlüsselung #vpn

  • 1
  • 0
  • 0
  • 11h ago

Bluesky

Profile picture fallback
Information Security Briefly @infosecbriefly.bsky.social
A critical Check Point VPN flaw (CVE-2026-50751) enables unauthenticated attackers to establish VPN sessions without a valid user password, enabling ransomware intrusions.
  • 0
  • 0
  • 0
  • 20h ago
Profile picture fallback
セキュリティ対策Lab @securitylab-jp.bsky.social
Check Point VPNの認証回避 脆弱性-サイバー攻撃への悪用 確認(CVE-2026-50751) rocket-boys.co.jp/security-mea... #セキュリティ対策Lab #security #securitynews
  • 0
  • 0
  • 0
  • 17h ago
Showing 1 to 10 of 70 CVEs