现已上线!2025 年 Telegram 研究 — 年度关键洞察 
Vulnerability News
前往频道在 Telegram
Every day new posts about vulnerabilities and cybersecurity news. Get the latest news about the cyberspace! Group: @VulnerabilityNewsGroup
显示更多4 928
订阅者
+424 小时
+297 天
+13630 天
数据加载中...
相似频道
标签云
进出提及
---
---
---
---
---
---
吸引订阅者
六月 '26
六月 '26
+64
在0个频道中
五月 '26
+204
在0个频道中
Get PRO
四月 '26
+187
在0个频道中
Get PRO
三月 '26
+254
在0个频道中
Get PRO
二月 '26
+116
在0个频道中
Get PRO
一月 '26
+166
在0个频道中
Get PRO
十二月 '25
+134
在0个频道中
Get PRO
十一月 '25
+139
在0个频道中
Get PRO
十月 '25
+8
在0个频道中
Get PRO
九月 '25
+12
在0个频道中
Get PRO
八月 '25
+13
在0个频道中
Get PRO
七月 '25
+11
在0个频道中
Get PRO
六月 '25
+12
在0个频道中
Get PRO
五月 '25
+18
在1个频道中
Get PRO
四月 '25
+14
在0个频道中
Get PRO
三月 '25
+21
在0个频道中
Get PRO
二月 '25
+17
在0个频道中
Get PRO
一月 '25
+15
在1个频道中
Get PRO
十二月 '24
+262
在1个频道中
Get PRO
十一月 '24
+206
在1个频道中
Get PRO
十月 '24
+166
在0个频道中
Get PRO
九月 '24
+146
在0个频道中
Get PRO
八月 '24
+137
在0个频道中
Get PRO
七月 '24
+96
在1个频道中
Get PRO
六月 '24
+91
在0个频道中
Get PRO
五月 '24
+95
在0个频道中
Get PRO
四月 '24
+104
在0个频道中
Get PRO
三月 '24
+149
在0个频道中
Get PRO
二月 '24
+279
在0个频道中
Get PRO
一月 '24
+395
在0个频道中
Get PRO
十二月 '23
+327
在0个频道中
Get PRO
十一月 '23
+38
在0个频道中
Get PRO
十月 '23
+32
在0个频道中
Get PRO
九月 '23
+47
在0个频道中
Get PRO
八月 '23
+53
在0个频道中
Get PRO
七月 '23
+51
在0个频道中
Get PRO
六月 '23
+42
在0个频道中
Get PRO
五月 '23
+43
在0个频道中
Get PRO
四月 '23
+67
在0个频道中
Get PRO
三月 '23
+65
在0个频道中
Get PRO
二月 '23
+45
在0个频道中
Get PRO
一月 '23
+67
在0个频道中
Get PRO
十二月 '22
+62
在0个频道中
Get PRO
十一月 '22
+71
在0个频道中
Get PRO
十月 '22
+70
在0个频道中
Get PRO
九月 '22
+55
在0个频道中
Get PRO
八月 '22
+44
在0个频道中
Get PRO
七月 '22
+54
在0个频道中
Get PRO
六月 '22
+78
在0个频道中
Get PRO
五月 '22
+46
在0个频道中
Get PRO
四月 '22
+77
在0个频道中
Get PRO
三月 '22
+105
在0个频道中
Get PRO
二月 '22
+48
在0个频道中
Get PRO
一月 '22
+61
在0个频道中
Get PRO
十二月 '21
+99
在0个频道中
Get PRO
十一月 '21
+68
在0个频道中
Get PRO
十月 '21
+170
在0个频道中
Get PRO
九月 '21
+72
在0个频道中
Get PRO
八月 '21
+104
在0个频道中
Get PRO
七月 '21
+72
在0个频道中
Get PRO
六月 '21
+292
在0个频道中
Get PRO
五月 '21
+1 344
在0个频道中
| 日期 | 订阅者增长 | 提及 | 频道 | |
| 12 六月 | +1 | |||
| 11 六月 | +7 | |||
| 10 六月 | +4 | |||
| 09 六月 | +2 | |||
| 08 六月 | +8 | |||
| 07 六月 | +8 | |||
| 06 六月 | +8 | |||
| 05 六月 | +2 | |||
| 04 六月 | +8 | |||
| 03 六月 | +6 | |||
| 02 六月 | +4 | |||
| 01 六月 | +6 |
频道帖子
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.
CVE-2026-10520 Ivanti Sentry OS Command Injection Vulnerability
This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise.
Binding Operational Directive (BOD) 26-04: Prioritizing Security Updates Based on Risk establishes vulnerability management requirements for Federal Civilian Executive Branch (FCEB) agencies, updating BOD 22-01. BOD 26-04 reinforces the importance of the KEV catalog and requires federal agencies to prioritize rapid remediation of high-risk vulnerabilities, specifically those identified by Common Vulnerabilities and Exposures (CVEs) listed in CISA’s Known Exploited Vulnerabilities (KEV) catalog on publicly exposed assets that grant total control of the asset post-exploitation, while deferring action for lower-risk vulnerabilities. BOD 26-04 further establishes basic expectations for when agencies must check whether threat actors compromised the system before the patch was applied.
While BOD 26-04 applies only to FCEB agencies, CISA encourages all organizations to adopt risk-based vulnerability management and prioritize remediation of KEV catalog vulnerabilities. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.
Aware of an exploited vulnerability not currently listed in the KEV catalog? Submit for potential addition: KEV Nomination Form. Potential KEV additions must have a CVE ID, evidence of exploitation, and clear mitigation guidance.
https://www.cisa.gov/news-events/alerts/2026/06/11/cisa-adds-one-known-exploited-vulnerability-catalog
| 2 | University of Nottingham Confirms Breach After Hackers Leak Data
The ShinyHunters hacker group has taken credit for the attack, leaking more than 450,000 email addresses and other information.
The post University of Nottingham Confirms Breach After Hackers Leak Data appeared first on SecurityWeek.
https://www.securityweek.com/university-of-nottingham-confirms-breach-after-hackers-leak-data/ | 61 |
| 3 | ‘GreatXML’ Zero-Day Exploit Bypasses BitLocker
The PoC exploits Microsoft Defender’s offline scan to spawn a SYSTEM shell when rebooting in Recovery Mode.
The post ‘GreatXML’ Zero-Day Exploit Bypasses BitLocker appeared first on SecurityWeek.
https://www.securityweek.com/greatxml-zero-day-exploit-bypasses-bitlocker/ | 45 |
| 4 | Splunk, Palo Alto Networks Patch Severe Vulnerabilities
The security defects could allow attackers to create or modify arbitrary files and access and modify protected resources.
The post Splunk, Palo Alto Networks Patch Severe Vulnerabilities appeared first on SecurityWeek.
https://www.securityweek.com/splunk-palo-alto-networks-patch-severe-vulnerabilities/ | 28 |
| 5 | FBI Seizes 13 Websites That Officials Say Were Used by China to Target and Recruit US Workers
The 13 websites purported to be affiliated with consulting companies that advertised job openings for current and former holders of security clearances
The post FBI Seizes 13 Websites That Officials Say Were Used by China to Target and Recruit US Workers appeared first on SecurityWeek.
https://www.securityweek.com/fbi-seizes-13-websites-that-officials-say-were-used-by-china-to-target-and-recruit-us-workers/ | 30 |
| 6 | Siemens Says Desigo CC Files Flagged as Malware by Security Engines
A PowerShell script included in patch files appears to be triggering false positives by multiple security engines.
The post Siemens Says Desigo CC Files Flagged as Malware by Security Engines appeared first on SecurityWeek.
https://www.securityweek.com/siemens-says-desigo-cc-files-flagged-as-malware-by-security-engines/ | 18 |
| 7 | Hackers Exploit Langflow Vulnerability for Remote Code Execution
Disclosed in March, the security defect enables unauthenticated attackers to write files to arbitrary locations on the system.
The post Hackers Exploit Langflow Vulnerability for Remote Code Execution appeared first on SecurityWeek.
https://www.securityweek.com/hackers-exploit-langflow-vulnerability-for-remote-code-execution/ | 18 |
| 8 | OnyxC2 Stealer Offers Cybercriminals Enterprise-Grade Theft for $250 a Month
Researchers say the OnyxC2 malware targets more than 200 applications and extensions while evading detection through encrypted payloads, DLL sideloading, and in-memory execution techniques.
The post OnyxC2 Stealer Offers Cybercriminals Enterprise-Grade Theft for $250 a Month appeared first on SecurityWeek.
https://www.securityweek.com/onyxc2-stealer-offers-cybercriminals-enterprise-grade-theft-for-250-a-month/ | 22 |
| 9 | CISA Directs Federal Agencies to Prioritize Security Patches Based on Risk
The new BOD 26-04 requires agencies to review and update vulnerability management policies with a focus on KEV catalog entries.
The post CISA Directs Federal Agencies to Prioritize Security Patches Based on Risk appeared first on SecurityWeek.
https://www.securityweek.com/cisa-directs-federal-agencies-to-prioritize-security-patches-based-on-risk/ | 20 |
| 10 | Alert Fatigue Is Becoming a Security Threat of Its Own
As alert volumes outpace human capacity, organizations are turning to AI, automation, and deeper context to separate real threats from the noise.
The post Alert Fatigue Is Becoming a Security Threat of Its Own appeared first on SecurityWeek.
https://www.securityweek.com/alert-fatigue-is-becoming-a-security-threat-of-its-own/ | 22 |
| 11 | Oracle Addresses PeopleSoft Vulnerability Amid Reports of Zero-Day Attacks
Oracle has released mitigations for CVE-2026-35273, but it has not said whether it’s a zero-day exploited in ShinyHunters attacks.
The post Oracle Addresses PeopleSoft Vulnerability Amid Reports of Zero-Day Attacks appeared first on SecurityWeek.
https://www.securityweek.com/oracle-addresses-peoplesoft-vulnerability-amid-reports-of-zero-day-attacks/ | 21 |
| 12 | Max severity Ivanti Sentry vulnerability now exploited in attacks
Attackers are now targeting a recently patched maximum-severity flaw in Ivanti Sentry, enabling them to execute code with root privileges on Internet-exposed secure mobile gateways. [...]
https://www.bleepingcomputer.com/news/security/max-severity-ivanti-sentry-vulnerability-now-exploited-in-attacks/ | 20 |
| 13 | Nottingham University data breach affects over 450,000 students
The University of Nottingham confirmed on Wednesday that a hacking group gained access to its student records system in a breach affecting both current students and alums. [...]
https://www.bleepingcomputer.com/news/security/nottingham-university-data-breach-affects-over-450-000-students/ | 21 |
| 14 | Microsoft fixes BitLocker recovery bug on Windows Server 2025
Microsoft has resolved a known issue causing some Windows Server 2025 devices to boot into BitLocker recovery after installing the April 2026 security update. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-bitlocker-recovery-bug-on-windows-server-2025/ | 22 |
| 15 | CISA tells govt agencies to patch critical exploited flaws in 3 days
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) announced a new Binding Operational Directive, 26-04, that prioritizes security updates for Federal Civilian Executive Branch (FCEB) agencies. [...]
https://www.bleepingcomputer.com/news/security/cisa-tells-govt-agencies-to-patch-critical-exploited-flaws-in-3-days/ | 26 |
| 16 | Coupang hit with record $409 million data breach fine in Korea
The Personal Information Protection Commission (PIPC), South Korea's data protection regulator, has fined e-commerce giant Coupang a record 624.6 billion won (roughly $409 million) following a massive data breach affecting more than 37 million customers [...]
https://www.bleepingcomputer.com/news/security/south-korea-hits-coupang-with-record-409-million-fine-over-data-breach/ | 24 |
| 17 | Why AI-driven threats are exposing the limits of MSP security stacks
AI-driven attacks are exposing the limits of fragmented MSP security stacks and slow response workflows. Kaseya breaks down why integrated security, automation, and recovery are becoming essential. [...]
https://www.bleepingcomputer.com/news/security/why-ai-driven-threats-are-exposing-the-limits-of-msp-security-stacks/ | 27 |
| 18 | Authorities dismantle 'AudiA6' ransomware crypto-laundering service
Law enforcement has dismantled the “AudiA6” cryptocurrency service allegedly used by ransomware actors and other cybercriminals to launder more than $380 million. [...]
https://www.bleepingcomputer.com/news/legal/authorities-dismantle-audia6-ransomware-crypto-laundering-service/ | 32 |
| 19 | Oracle mitigates PeopleSoft zero-day exploited in data theft attacks
Oracle is warning about a critical PeopleSoft Suite zero-day vulnerability tracked as CVE-2026-35273 that allows unauthenticated remote code execution, with the flaw actively exploited in ShinyHunter data theft attacks. [...]
https://www.bleepingcomputer.com/news/security/oracle-mitigates-peoplesoft-zero-day-exploited-in-data-theft-attacks/ | 38 |
| 20 | Maine breach portal abused to publish fake data breach disclosures
In an unusual misinformation campaign, fraudulent data breach disclosures were submitted to Maine's official breach portal and publicly posted before their legitimacy could be verified, prompting companies to deny the claims. [...]
https://www.bleepingcomputer.com/news/security/maine-breach-portal-abused-to-publish-fake-data-breach-disclosures/ | 55 |
