USN-7987-1: Linux kernel vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - InfiniBand drivers; - Media drivers; - File systems infrastructure; - Timer subsystem; - Packet sockets; - Network...

Researchers Find 175,000 Publicly Exposed Ollama AI Servers Across 130 Countries

A new joint investigation by SentinelOne SentinelLABS, and Censys has revealed that the open-source artificial intelligence AI deployment has created a vast "unmanaged, publicly accessible layer of AI compute infrastructure" that spans 175,000 unique Ollama hosts across 130 countries. These...

Survey of 100+ Energy Systems Reveals Critical OT Cybersecurity Gaps

A study by OMICRON has revealed widespread cybersecurity gaps in the operational technology OT networks of substations, power plants, and control centers worldwide. Drawing on data from more than 100 installations, the analysis highlights recurring technical, organizational, and functional issues...

Russian Cybercrime Platform RAMP Forum Seized by FBI

US authorities have seized the RAMP cybercrime forum, taking down both its clearnet and dark web domains in a major hit to the ransomware infrastructure...

PT-2026-43329

Name of the Vulnerable Software and Affected Versions Starlette versions prior to 1.0.1 Description Starlette fails to validate the HTTP Host request header before using it to reconstruct request.url. While the routing algorithm uses the raw HTTP path, request.url is rebuilt from the Host header...

Introducing SITF: The First Threat Framework Dedicated to SDLC Infrastructure

Moving beyond simple checklists to visualize, map, and block attacks on production SDLC infrastructure...

Fake LastPass maintenance emails target users

The LastPass Threat Intelligence, Mitigation, and Escalation TIME team has published a warning about an active phishing campaign in which fake “maintenance” emails pressure users to back up their vaults within 24 hours. The emails lead to credential-stealing phishing sites rather than any...

[SECURITY] Fedora 42 Update: rpki-client-9.7-1.fc42

The OpenBSD rpki-client is a free, easy-to-use implementation of the Resource Public Key Infrastructure RPKI for Relying Parties RP to facilitate validation of the Route Origin of a BGP announcement. The program queries the RPKI repository system, downloads and validates Route Origin Authorisatio...

CISA: Suspicious Unmanned Aircraft System Activity Guidance V2

Suspicious Unmanned Aircraft System Activity Guidance for Critical Infrastructure Owners and Operators is intended for critical infrastructure stakeholders who are concerned with unmanned aircraft system UAS activity near or around their facilities. This is version 2 of CISA's document...

CISA: Principles for the Secure Integration of Artificial Intelligence in Operational Technology V2

Artificial intelligence AI has the potential to increase efficiency and productivity, enhance decision-making, cut costs and improve customer experience, but introducing AI in operational technology OT environments can introduce risks that require careful management to support the safety, securit...

CVE-2026-21926

Vulnerability in the Siebel CRM Deployment product of Oracle Siebel CRM component: Server Infrastructure. Supported versions that are affected are 17.0-25.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Siebel CRM Deployment. Successfu...

Oracle Siebel Server <= 25.2 (January 2026 CPU)

The versions of Oracle Siebel CRM installed on the remote host are affected by a vulnerability as referenced in the January 2026 CPU advisory. - Vulnerability in the Siebel CRM Deployment product of Oracle Siebel CRM component: Server Infrastructure. Supported versions that are affected are...

CVE-2026-21926

Vulnerability in the Siebel CRM Deployment product of Oracle Siebel CRM component: Server Infrastructure. Supported versions that are affected are 17.0-25.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Siebel CRM Deployment. Successfu...

Oracle Database Server security vulnerabilities

Oracle Database Server is a relational database management system developed by Oracle Corporation in the United States. This database management system provides features such as data management and distributed processing. There were security vulnerabilities in the SQLcl version of Oracle Database...

Oracle Virtualization security vulnerabilities

Oracle Virtualization is a virtualization solution developed by Oracle, a company in the United States. This product is used for unified management of the entire hardware and software system, from applications to disks, enabling virtualization from desktops to data centers. There are security...

Oracle Virtualization security vulnerabilities

Oracle Virtualization is a virtualization solution developed by Oracle, a company in the United States. This product is used for the unified management of the entire hardware and software system, from applications to disks, enabling virtualization from desktops to data centers. VM VirtualBox is o...

Oracle Virtualization security vulnerabilities

Oracle Virtualization is a virtualization solution developed by Oracle, a company in the United States. This product is used for the unified management of the entire hardware and software system, from applications to disks, enabling virtualization from desktops to data centers. VM VirtualBox is o...

MiracleLinux 7 : pki-core-10.5.18-12.el7 (AXSA:2021-1610:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-1610:01 advisory. pki-core: Unprivileged users can renew any certificate CVE-2021-20179 pki-core: XSS in the certificate search results CVE-2020-25715 pki-core:...

MiracleLinux 8 : pki-deps:10.6 (AXSA:2024-8412:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-8412:01 advisory. jackson-databind: denial of service via a large depth of nested objects CVE-2020-36518 Tenable has extracted the preceding description block directly from th...

GHSA-VHCX-7RPG-HP39 risesoft-y9 Digital-Infrastructure has a SQL injection vulnerability

A flaw has been found in risesoft-y9 Digital-Infrastructure up to 9.6.7. This affects an unknown function of the file source-code/src/main/java/net/risesoft/util/Y9PlatformUtil.java of the component REST Authenticate Endpoint. Executing a manipulation can lead to sql injection. The attack can be...