DEBIAN-CVE-2026-48851

PuTTY 0.77 before 0.84 uses a copy of the PuTTY icon as a trust indication for TELNET data but the trust status is not cleared between proxy authentication and the main session...

CVE-2026-48851

PuTTY 0.77 before 0.84 uses a copy of the PuTTY icon as a trust indication for TELNET data but the trust status is not cleared between proxy authentication and the main session...

CVE-2026-48851

PuTTY 0.77 before 0.84 uses a copy of the PuTTY icon as a trust indication for TELNET data but the trust status is not cleared between proxy authentication and the main session...

EUVD-2026-31731

PuTTY 0.77 before 0.84 uses a copy of the PuTTY icon as a trust indication for TELNET data but the trust status is not cleared between proxy authentication and the main session...

CVE-2026-48851

PuTTY 0.77 before 0.84 uses a copy of the PuTTY icon as a trust indication for TELNET data but the trust status is not cleared between proxy authentication and the main session...

CVE-2026-48851

PuTTY 0.77 before 0.84 uses a copy of the PuTTY icon as a trust indication for TELNET data but the trust status is not cleared between proxy authentication and the main session...

Federated Naive Bayes with Real Mixture of Gaussians and Institutional Governance Regularization for Network Intrusion Detection

Federated learning for intrusion detection rests on a flawed premise: that every participating institution contributes equally to the shared model. In practice, a financial institution with mature security controls and low vulnerability exposure produces fundamentally different data than a...

CVE-2026-34094 Customized help link for page protection indicator is relative to subpage name, because the link target is missing the "/wiki/" prefix

Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Page/Article.Php. This issue affects MediaWiki: from before 1.43.7, 1.44.4, 1.45.2...

CVE-2026-34094

CVE-2026-34094 affects Wikimedia Foundation MediaWiki prior to 1.43.7, 1.44.4, and 1.45.2. The issue is in the Page/Article.Php path where a Customized help link for a page protection indicator is relative to the subpage name because the link target is missing the "/wiki/" prefix. This describes ...

dvna_exploited

No d...

CLSA-2026-1778071148 openssl: Fix of 4 CVEs

CVE-2026-28387: fix use of OPENSSLfree instead of X509free on dane-mcert in danematch X509 reference-count bypass / UAF - CVE-2026-28388: fix NULL deref in checkdeltabase when a delta CRL carries the Delta CRL Indicator extension but lacks a CRL Number - CVE-2026-28389: fix NULL deref in...

Insights into the clustering and reuse of phone numbers in scam emails

Cisco Talos has recently started to collect and gather intelligence around phone numbers within emails as an additional indicator of compromise IOC. In this blog, we discuss new insights into in-the-wild phone number reuse in scam emails. According to Talos' observations, the ease of API-driven...

Securing the Web with HSTS-Enforced

TLS stripping attacks expose sensitive web traffic by forcing secure HTTPS connections to fall back to unencrypted HTTP. At present, protection against these attacks relies on website operators explicitly opting into security by deploying mechanisms such as HTTP Strict Transport Security HSTS...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: net/sctp: fix a null dereference in sctpdisposition sctpsfdo51Dce If newasoc-peer.adaptationind=0 and sctpulpeventmakeauthkey=0 and sctpulpeventmakeauthkey returns 0, then the variable aiev remains zero and the zero will be...

Exploit for Missing Authentication for Critical Function in Cpanel

IOC Check Sessions Files Overview iocchecksessionsfile...

CVE-2026-43026

CVE-2026-43026 concerns the Linux kernel netfilter ctnetlink path: when CTA_EXPECT_NAT is absent, ctnetlink_alloc_expect() can leave saved_addr and saved_proto uninitialized, risking leakage of stale data. The safe nf_ct_expect_init() in the packet path zeros these fields, and the patch adds expl...

Android 17 ends all-or-nothing access to your contacts

Some of the apps on your phone want your contacts. Most don't need them all, but have been happily slurping up the lot for years. Google has decided to do something about that with the next version of Android. Android 17 currently in preview is introducing a new Contact Picker that lets users gra...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013106)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013106 advisory. In the Linux kernel, the following vulnerability has been resolved: net/sctp: fix a null dereference in sctpdisposition sctpsfdo51Dce If newasoc-peer.adaptationind=0...

OPENSUSE-FU-2026:20562-1 Feature update for libgcrypt, libgpg-error

This update for libgcrypt, libgpg-error fixes the following issues: Update libgcrypt to 1.12.1 jscPED-15059: New and extended interfaces: - Allow access to the FIPS service indicator via the new GCRYCTLFIPSSERVICEINDICATOR control code. - Make SHA-1 non-FIPS internally for the 1.12 API - Add...

SUSE-FU-2026:21213-1 Feature update for libgcrypt, libgpg-error

This update for libgcrypt, libgpg-error fixes the following issues: Update libgcrypt to 1.12.1 jscPED-15059: New and extended interfaces: - Allow access to the FIPS service indicator via the new GCRYCTLFIPSSERVICEINDICATOR control code. - Make SHA-1 non-FIPS internally for the 1.12 API - Add...