6143 matches found
CVE-2026-26673
CVE-2026-26673 describes a denial-of-service risk in several DJI devices—the DJI Enhanced-WiFi transmission subsystem in models including Mavic Mini, Spark, Mavic Air, Mini, and Mini SE (versions 0.1.00.0500 and earlier). The Red Hat, CIRCL, ENISA, NVD, and CVE listings in the Connected Documents...
Apple Security Update: iOS 26.3.1 and iPadOS 26.3.1
Apple recommends to install security update iOS 26.3.1 and iPadOS 26.3.1 on devices iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later...
The 5 Big ‘Known Unknowns’ of Donald Trump’s New War With Iran
The all-out air assault on the Islamic Republic might be the biggest gamble of the president’s career...
ScarCruft Uses Zoho WorkDrive and USB Malware to Breach Air-Gapped Networks
The North Korean threat actor known as ScarCruft has been attributed to a fresh set of tools, including a backdoor that uses Zoho WorkDrive for command-and-control C2 communications to fetch more payloads and an implant that uses removable media to relay commands and breach air-gapped networks. T...
Wormable XMRig Campaign Uses BYOVD Exploit and Time-Based Logic Bomb
Cybersecurity researchers have disclosed details of a new cryptojacking campaign that uses pirated software bundles as lures to deploy a bespoke XMRig miner program on compromised hosts. "Analysis of the recovered dropper, persistence triggers, and mining payload reveals a sophisticated,...
Technical Deep Dive: The Monero Mining Campaign
Technical Deep Dive: The Monero Mining Campaign By Aswath A · February 17, 2026 Executive summary In the contemporary threat landscape, while ransomware grabs headlines with high-impact disruptions, cryptojacking operations have quietly evolved into sophisticated, persistent threats. This report...
Bluetooth RFCOMM 1.1 Signal-Triggered Air-Gap Interaction
This project demonstrates how Flipper Zero can be used to interact with devices in an Air-Gap context using Bluetooth RFCOMM signals. The system monitors RSSI signal strength and uses statistical peak detection Z-Score analysis to identify significant signal spikes from target devices. When a pea...
Update your browser: Security fix for Chrome zero-day CVE-2026-2441
News, Security Update your browser: Security fix for Chrome zero-day CVE-2026-2441 Share February 16th, 2026 Hi everyone! The latest patches to Opera, Opera GX, Opera Air, Opera Neon, and Opera for Android address several recent vulnerabilities, including a zero-day exploit CVE-2026-2441. We...
CVE-2026-26056
Yoke is a Helm-inspired infrastructure-as-code IaC package deployer. In 0.19.0 and earlier, a vulnerability exists in the Air Traffic Controller ATC component of Yoke. It allows users with CR create/update permissions to execute arbitrary WASM code in the ATC controller context by injecting a...
CVE-2026-26055
Yoke is a Helm-inspired infrastructure-as-code IaC package deployer. In 0.19.0 and earlier, a vulnerability exists in the Air Traffic Controller ATC component of Yoke. The ATC webhook endpoints lack proper authentication mechanisms, allowing any pod within the cluster network to directly send...
CVE-2026-26055
Yoke is a Helm-inspired infrastructure-as-code IaC package deployer. In 0.19.0 and earlier, a vulnerability exists in the Air Traffic Controller ATC component of Yoke. The ATC webhook endpoints lack proper authentication mechanisms, allowing any pod within the cluster network to directly send...
Arbitrary WASM Code Execution via AnnotationOverrideFlight Injection in Yoke ATC
Arbitrary WASM Code Execution via AnnotationOverrideFlight Injection in Yoke ATC This vulnerability exists in the Air Traffic Controller ATC component of Yoke, a Kubernetes deployment tool. It allows users with CR create/update permissions to execute arbitrary WASM code in the ATC controller...
Unauthenticated Admission Webhook Endpoints in Yoke ATC
Unauthenticated Admission Webhook Endpoints in Yoke ATC This vulnerability exists in the Air Traffic Controller ATC component of Yoke, a Kubernetes deployment tool. The ATC webhook endpoints lack proper authentication mechanisms, allowing any pod within the cluster network to directly send...
CVE-2026-26056 Arbitrary WASM Code Execution via AnnotationOverrideFlight Injection in Yoke ATC
Yoke is a Helm-inspired infrastructure-as-code IaC package deployer. In 0.19.0 and earlier, a vulnerability exists in the Air Traffic Controller ATC component of Yoke. It allows users with CR create/update permissions to execute arbitrary WASM code in the ATC controller context by injecting a...
CVE-2026-26056
Yoke is a Helm-inspired infrastructure-as-code IaC package deployer. In 0.19.0 and earlier, a vulnerability exists in the Air Traffic Controller ATC component of Yoke. It allows users with CR create/update permissions to execute arbitrary WASM code in the ATC controller context by injecting a...
CVE-2026-26056
CVE-2026-26056 affects Yoke ATC in 0.19.0 and earlier. A vulnerability in the ATC controller allows users with create/update permissions to inject a malicious URL via the overrides.yoke.cd/flight annotation, causing the ATC controller to download and execute an arbitrary WASM module without prope...
CVE-2026-26055 Unauthenticated Admission Webhook Endpoints in Yoke ATC
Yoke is a Helm-inspired infrastructure-as-code IaC package deployer. In 0.19.0 and earlier, a vulnerability exists in the Air Traffic Controller ATC component of Yoke. The ATC webhook endpoints lack proper authentication mechanisms, allowing any pod within the cluster network to directly send...
CVE-2026-26055
Yoke is a Helm-inspired infrastructure-as-code IaC package deployer. In 0.19.0 and earlier, a vulnerability exists in the Air Traffic Controller ATC component of Yoke. The ATC webhook endpoints lack proper authentication mechanisms, allowing any pod within the cluster network to directly send...
yoke 访问控制错误漏洞
Yoke is a Kubernetes package management tool developed by YokeCD. Versions of Yoke prior to 0.19.0 contained an access control vulnerability. This vulnerability stemmed from the lack of proper authentication mechanisms in the Webhook endpoints of the Air Traffic Controller component, allowing any...
yoke 代码注入漏洞
Yoke is a Kubernetes package management tool developed by YokeCD. Versions of Yoke prior to 0.19.0 contained a code injection vulnerability. This vulnerability stemmed from the lack of proper URL validation in the Air Traffic Controller component, allowing users with the authority to create or...