2026-02-24
2026-02-24 14:16Z
CRIT

CVE-2026-2764 — Mozilla Firefox: JIT miscompilation, use-after-free in the JavaScript Engine: JIT component.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-2764

JIT miscompilation, use-after-free in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8. CVSSv3.1 9.8 (CRITICAL)

CWECWE 416VNDMozillaVNDJitTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-02-24
2026-02-24 14:16Z
CRIT

CVE-2026-2763 — Mozilla Firefox: Use-after-free in the JavaScript Engine component.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-2763

Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8. CVSSv3.1 9.8 (CRITICAL)

CWECWE 416VNDMozillaTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-02-24
2026-02-24 14:16Z
CRIT

CVE-2026-2762 — Mozilla Firefox: Integer overflow in the JavaScript: Standard Library component.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-2762

Integer overflow in the JavaScript: Standard Library component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8. CVSSv3.1 9.8 (CRITICAL)

CWECWE 190VNDMozillaTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-02-24
2026-02-24 14:16Z
CRIT

CVE-2026-2761 — Mozilla Firefox: Sandbox escape in the Graphics: WebRender component.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-2761

Sandbox escape in the Graphics: WebRender component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8. CVSSv3.1 10.0 (CRITICAL)

CWECWE 693VNDMozillaTYPVulnerability
10.0
CVSS v3.1
100
Edit Score
2026-02-24
2026-02-24 14:16Z
CRIT

CVE-2026-2760 — Mozilla Firefox: Sandbox escape due to incorrect boundary conditions in the Graphics: WebRender component.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-2760

Sandbox escape due to incorrect boundary conditions in the Graphics: WebRender component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8. CVSSv3.1 10.0 (CRITICAL)

CWECWE 1384VNDMozillaTYPVulnerability
10.0
CVSS v3.1
100
Edit Score
2026-02-24
2026-02-24 14:16Z
CRIT

CVE-2026-2759 — Mozilla Firefox: Incorrect boundary conditions in the Graphics: ImageLib component.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-2759

Incorrect boundary conditions in the Graphics: ImageLib component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8. CVSSv3.1 9.8 (CRITICAL)

CWECWE 1384VNDMozillaTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-02-24
2026-02-24 14:16Z
CRIT

CVE-2026-2758 — Mozilla Firefox: Use-after-free in the JavaScript: GC component.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-2758

Use-after-free in the JavaScript: GC component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8. CVSSv3.1 9.8 (CRITICAL)

CWECWE 416VNDMozillaTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
728 × 90 / responsive · programmatic ad slot
2026-02-24
2026-02-24 14:16Z
CRIT

CVE-2026-2757 — Mozilla Firefox: Incorrect boundary conditions in the WebRTC: Audio/Video component.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-2757

Incorrect boundary conditions in the WebRTC: Audio/Video component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8. CVSSv3.1 9.8 (CRITICAL)

CWECWE 1384VNDMozillaTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-02-24
2026-02-24 14:16Z
CRIT

CVE-2026-2634 — Mozilla Firefox: Malicious scripts could cause desynchronization between the address bar and web content before a

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-2634

Malicious scripts could cause desynchronization between the address bar and web content before a response is received in Firefox iOS, allowing attacker-controlled pages to be presented under spoofed domains. This vulnerability was fixed in Firefox for iOS 147.4. CVSSv3.1 9.8 (CRITICAL)

CWECWE 451VNDMozillaVNDMaliciousTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-02-24
2026-02-24 14:16Z
HIGH

CVE-2026-2459 — Hitachienergy Reb500_firmware: A vulnerability exists in REB500 for an authenticated user with Installer role to access

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-2459

A vulnerability exists in REB500 for an authenticated user with Installer role to access and alter the contents of directories that the role is not authorized to do so. CVSSv3.1 8.1 (HIGH)

CWECWE 267VNDHitachienergyVNDReb500TYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2026-02-24
2026-02-24 14:00Z
MED

Samsung Tizen OS | Version Through 9.0

Bishop Fox Labs·bishopfox.comCVE-2025-50109

Bishop Fox disclosed an arbitrary command injection vulnerability in Samsung Tizen OS through version 9.0 affecting the Samsung Debug Bridge (SDB) service. The vulnerability allows OS-level code execution on Tizen-based smart TVs when developer mode is enabled and the attacker operates from the configured developer host IP. The flaw was demonstrated on multiple physical Samsung TV models (Tizen 5.5, 7.0, 8.0) and affects all versions supporting SDB.

SRFApplicationSRFOsTACTA0002VNDSamsungTYPWriteupTYPVulnerabilitySTGExecutionSTGInitial Access
68
Edit Score
2026-02-24
2026-02-24 05:36Z
INFO

v1.7.2

Sliver releases·github.com

Sliver v1.7.2 released with improvements to shell management (multi-shell support, backgrounding, listing, re-attachment), Windows PE metadata spoofing, macOS shellcode loader enhancements, and security fixes including RPC restriction for external builders and gzip size limits.

SRFApplicationSRFOsVNDBishop FoxTYPToolSTGExecutionSTGC2
45
Edit Score
2026-02-24
2026-02-24 05:24Z
INFO

v1.7.3

Sliver releases·github.com

Sliver v1.7.3 released with a single bugfix reverting wasm-donut to v0.0.3 to resolve a regression in Windows shellcode generation. This is a maintenance release addressing a technical issue in the command-and-control framework.

SRFOsVNDBishop FoxTYPTool
28
Edit Score
2026-02-24
2026-02-24 02:16Z
HIGH

CVE-2026-25965 — Imagemagick Imagemagick: As a result, a policy rule such as /etc/* can be bypassed by a

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-25965

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, ImageMagick’s path security policy is enforced on the raw filename string before the filesystem resolves it. As a result, a policy rule such as /etc/* can be bypassed by a path traversal. The OS resolves the traversal and opens the sensitive file, but the policy matcher only sees the unnormalized path and therefore allows the read. This enab CVSSv3.1 8.6 (HIGH)

CWECWE 22VNDImagemagickTYPVulnerability
8.6
CVSS v3.1
93
Edit Score
2026-02-24
2026-02-24 01:16Z
HIGH

CVE-2026-25794 — Imagemagick Imagemagick: Prior to version 7.1.2-15, when image dimensions are large, the multiplication overflows 32-bit `int`

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-25794

ImageMagick is free and open-source software used for editing and manipulating digital images. `WriteUHDRImage` in `coders/uhdr.c` uses `int` arithmetic to compute the pixel buffer size. Prior to version 7.1.2-15, when image dimensions are large, the multiplication overflows 32-bit `int`, causing an undersized heap allocation followed by an out-of-bounds write. This can crash the process or potentially lead to an out of bounds heap write. Version 7.1.2-15 contains a patch. CVSSv3.1 8.2 (HIGH)

CWECWE 122CWECWE 190VNDImagemagickTYPVulnerability
8.2
CVSS v3.1
91
Edit Score
2026-02-24
2026-02-24 00:00Z
HIGH

Nowhere, man: The 2026 Active Adversary Report

Sophos X-Ops·news.sophos.comCVE-2024-40766

Sophos X-Ops' 2026 Active Adversary Report analyzes 661 incident response cases from Nov 2024–Oct 2025, revealing that identity-related attacks (compromised credentials, brute-force, phishing) now account for 67.32% of root causes—a multi-year dominance trend. Attackers are moving faster (3.4-hour median to AD compromise, 3-day dwell time) and increasingly exfiltrating data alongside ransomware; Impacket usage surged 83% YoY, while Cobalt Strike declined. Critical gaps persist: 59% of organizations lack MFA, firewall logging defaults are inadequate (7 days or less), and 13% run end-of-life Windows Server versions.

SRFOsTACTA0001SRFNetworkTACTA0006TACTA0007SRFIdentityVNDMicrosoftVNDSonicwall
78
Edit Score
2026-02-23
2026-02-23 21:19Z
HIGH

CVE-2025-71056 — GCOM: Improper session management in GCOM EPON 1GE ONU version C00R371V00B01 allows attackers to execute

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-71056

Improper session management in GCOM EPON 1GE ONU version C00R371V00B01 allows attackers to execute a session hijacking attack via spoofing the IP address of an authenticated user. CVSSv3.1 8.1 (HIGH) · EPSS 14th percentile

CWECWE 290VNDGcomTYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2026-02-23
2026-02-23 20:28Z
HIGH

CVE-2025-67733 — Lfprojects Valkey: Prior to versions 9.0.2, 8.1.6, 8.0.7, and 7.2.12, a malicious user can use scripting

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-67733

Valkey is a distributed key-value database. Prior to versions 9.0.2, 8.1.6, 8.0.7, and 7.2.12, a malicious user can use scripting commands to inject arbitrary information into the response stream for the given client, potentially corrupting or returning tampered data to other users on the same connection. The error handling code for lua scripts does not properly handle null characters. Versions 9.0.2, 8.1.6, 8.0.7, and 7.2.12 fix the issue. CVSSv3.1 8.5 (HIGH)

CWECWE 74CWECWE 170VNDLfprojectsVNDValkeyTYPVulnerability
8.5
CVSS v3.1
93
Edit Score
2026-02-23
2026-02-23 14:52Z
HIGH

v1.5.1

NetExec releases·github.com

NetExec v1.5.1 patches a critical arbitrary file write vulnerability in the spider_plus module. The release includes multiple bug fixes across SMB, NFS, LDAP, FTP, RDP, and WMI modules. Users are advised to upgrade immediately via GitHub/pipx.

SRFNetworkVNDNetexecTYPToolTYPAdvisorySTGDiscoverySTGInitial AccessSTApatched
72
Edit Score
2026-02-23
2026-02-23 14:34Z
INFO

v2.10.0-rc1

AzureHound releases·github.com

AzureHound v2.10.0-rc1 released with support for federated identity credentials enumeration and minor bug fixes. This is a pre-release candidate with 23 commits since v2.9.2.

SRFIdentitySRFCloudVNDSpecteropsVNDMicrosoft AzureTYPToolSTGDiscoverySTGRecon
35
Edit Score
2026-02-23
2026-02-23 09:17Z
HIGH

CVE-2026-25747 — Apache Camel: Deserialization of Untrusted Data vulnerability in Apache Camel LevelDB component.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-25747

Deserialization of Untrusted Data vulnerability in Apache Camel LevelDB component. The Camel-LevelDB DefaultLevelDBSerializer class deserializes data read from the LevelDB aggregation repository using java.io.ObjectInputStream without applying any ObjectInputFilter or class-loading restrictions. An attacker who can write to the LevelDB database files used by a Camel application can inject a crafted serialized Java object that, when deserialized during normal aggregation repo CVSSv3.1 8.8 (HIGH)

CWECWE 502VNDApacheTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-02-23
2026-02-23 00:00Z
HIGH

Malicious OpenClaw Skills Used to Distribute Atomic macOS Stealer

Trend Micro Research·trendmicro.comin the wild

Trend Micro Research identified a campaign distributing Atomic macOS Stealer (AMOS) through malicious OpenClaw AI agent skills, representing an evolution from traditional cracked-software distribution to supply-chain attacks targeting AI workflows. The attack chain embeds malicious instructions in SKILL.md files that trick AI agents into installing a fake CLI tool, which then deploys a Mach-O universal binary stealer that exfiltrates Apple keychains, KeePass vaults, browser data, and documents. Over 39 distinct malicious skills were identified across ClawHub, SkillsMP, and GitHub repositories, with hundreds more related skills previously documented by other researchers.

TACTA0001TACTA0002TACTA0006TACTA0009SRFAiVNDOpenclawVNDTrend MicroTYPResearch
78
Edit Score
2026-02-21
2026-02-21 20:23Z
MED

1 little known secret of sti_ci.dll

Hexacorn·hexacorn.com

Hexacorn documents a Living-off-the-Land Binary (LOLBin) technique leveraging sti_ci.dll's InstallWiaService export function callable via rundll32.exe to execute multiple system binaries (regsvr32.exe, wiaacmgr.exe, etc.). The technique can be abused for code execution and defense evasion by copying rundll32.exe to alternate directories to bypass system32 search order restrictions; execution is logged to wiatrace.log.

SRFOsTACTA0005TACTA0002TYPResearchTYPTechniqueSTGDefense EvasionSTGExecutionTECT1218
68
Edit Score
2026-02-21
2026-02-21 00:16Z
HIGH

CVE-2026-27134 — Linuxfoundation Strimzi_kafka_operator: Strimzi provides a way to run an Apache Kafka cluster on Kubernetes or OpenShift

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-27134

Strimzi provides a way to run an Apache Kafka cluster on Kubernetes or OpenShift in various deployment configurations. In versions 0.49.0 through 0.50.0, when using a custom Cluster or Clients CA with a multistage CA chain consisting of multiple CAs, Strimzi incorrectly configures the trusted certificates for mTLS authentication on the internal as well as user-configured listeners. All CAs from the CA chain will be trusted. And users with certificates signed by any of the CA CVSSv3.1 8.1 (HIGH)

CWECWE 287CWECWE 295CWECWE 296VNDLinuxfoundationVNDStrimziTYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2026-02-20
2026-02-20 23:16Z
HIGH

CVE-2026-2044 — Gimp Gimp: PGM File Parsing Uninitialized Memory Remote Code Execution Vulnerability.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-2044

GIMP PGM File Parsing Uninitialized Memory Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PGM files. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can CVSSv3.1 8.8 (HIGH)

CWECWE 908VNDGimpTYPVulnerability
8.8
CVSS v3.1
94
Edit Score