News & Sicurezza

The 7-Zip Trap: How a 25-Year-Old Domain Was Weaponized to Turn Your PC into a Proxy Bot Security researchers have recently unveiled a sophisticated stratagem wherein adversaries gained control of the domain 7zip[.]com to proliferate deleterious software. It is paramount to note that the ... Read more Published Date: Feb 11, 2026 (15 hours, 51 minutes ago) Vulnerabilities has been mentioned in this article. CVE-2026-24858 CVE-2026-21509 CVE-2025-11001 CVE-2025-0411

Silicon for a Century: Alphabet’s $32 Billion Debt Blitz Signals the Greatest Infrastructure Race in History In a concerted effort to bridge a projected $185 billion capital expenditure chasm for 2026, Alphabet, the parent organization of Google, has inaugurated an expansive debt issuance initiative. Accordi ... Read more Published Date: Feb 11, 2026 (16 hours, 3 minutes ago) Vulnerabilities has been mentioned in this article. CVE-2026-24858 CVE-2026-21509 CVE-2024-50357

Windows Remote Access Connection Manager 0-Day Vulnerability Let Attackers Trigger DoS Attack Windows Remote Access Connection Manager 0-Day Vulnerability Microsoft has patched a zero-day vulnerability in the Windows Remote Access Connection Manager (RasMan) service, tracked as CVE-2026-21525, ... Read more Published Date: Feb 11, 2026 (16 hours, 7 minutes ago) Vulnerabilities has been mentioned in this article. CVE-2026-21525

February 2026 Patch Tuesday: Six Zero-Days Among 59 CVEs Patched Microsoft has addressed 59 vulnerabilities in its February 2026 security update release. These include six actively exploited vulnerabilities, three of which were publicly known, and five Critical vul ... Read more Published Date: Feb 11, 2026 (14 hours, 9 minutes ago) Vulnerabilities has been mentioned in this article. CVE-2026-23655 CVE-2026-21533 CVE-2026-21525 CVE-2026-21522 CVE-2026-21519 CVE-2026-21514 CVE-2026-21513 CVE-2026-21510 CVE-2026-24302 CVE-2026-24300 CVE-2026-21532

Microsoft dicht zes aangevallen lekken in Word, Windows en Internet Explorer Tijdens de patchdinsdag van februari heeft Microsoft updates uitgebracht voor zes actief aangevallen kwetsbaarheden in Word, Windows en Internet Explorer. Aanvallen vonden plaats voordat de patches be ... Read more Published Date: Feb 11, 2026 (14 hours, 14 minutes ago) Vulnerabilities has been mentioned in this article. CVE-2026-21533 CVE-2026-21525 CVE-2026-21519 CVE-2026-21514 CVE-2026-21513 CVE-2026-21510

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Saastech Cleaning and Internet Services Inc. TemizlikYolda allows Cross-Site Scripting (XSS).This issue affects TemizlikYolda: through 11022026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2025-10913 Published : Feb. 11, 2026, 8:16 a.m. | 2 hours, 8 minutes ago Description : Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Saastech Cleaning and Internet Services Inc. TemizlikYolda allows Cross-Site Scripting (XSS).This issue affects TemizlikYolda: through 11022026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. Severity: 8.3 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID : CVE-2025-10912 Published : Feb. 11, 2026, 8:16 a.m. | 2 hours, 8 minutes ago Description : Authorization Bypass Through User-Controlled Key vulnerability in Saastech Cleaning and Internet Services Inc. TemizlikYolda allows Manipulating User-Controlled Variables.This issue affects TemizlikYolda: through 11022026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. Severity: 5.4 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Windows Shell Security Feature 0-Day Vulnerability Let Attackers Bypass Authentication Windows Shell Security Feature 0-Day Vulnerability Microsoft released Microsoft Patch Tuesday updates to address a critical zero-day vulnerability in Windows Shell that is currently being actively exp ... Read more Published Date: Feb 11, 2026 (15 hours, 39 minutes ago) Vulnerabilities has been mentioned in this article. CVE-2026-21533 CVE-2026-21510

Microsoft Patch Tuesday February Update Flags Exchange and Azure Vulnerabilities as High-Priority Risks Microsoft Patch Tuesday February 2026 addressed 54 vulnerabilities including six zero-days across Windows, Office, Azure services, Exchange Server, and developer tools. The latest patch update, rollou ... Read more Published Date: Feb 11, 2026 (16 hours, 15 minutes ago) Vulnerabilities has been mentioned in this article. CVE-2026-23655 CVE-2026-21537 CVE-2026-21533 CVE-2026-21531 CVE-2026-21529 CVE-2026-21528 CVE-2026-21527 CVE-2026-21525 CVE-2026-21522 CVE-2026-21519 CVE-2026-21518 CVE-2026-21514 CVE-2026-21513 CVE-2026-21512 CVE-2026-21510 CVE-2026-21258 CVE-2026-21257 CVE-2026-21256 CVE-2026-21255 CVE-2026-21249 CVE-2026-21232 CVE-2026-21231 CVE-2026-21222 CVE-2026-21218 CVE-2026-20846 CVE-2026-20841 CVE-2026-24302 CVE-2026-24300 CVE-2026-21532 CVE-2026-0391 CVE-2026-1861 CVE-2026-22778 CVE-2026-21509 CVE-2025-21537 CVE-2025-21529 CVE-2025-21518 CVE-2025-21218 CVE-2024-21531 CVE-2023-2804 CVE-2023-28461 CVE-2022-21522 CVE-2021-20846 CVE-2021-21231

Trellix SecondSight identifies subtle indicators of an active breach Trellix announced Trellix SecondSight, a threat hunting service designed to proactively identify low-noise advanced threats often undetected, reducing organizational risk for Trellix customers. “Threa ... Read more Published Date: Feb 11, 2026 (16 hours, 36 minutes ago) Vulnerabilities has been mentioned in this article. CVE-2026-21509

The Migration, Backup, Staging – WPvivid Backup & Migration plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Upload in versions up to and including 0.9.123. This is due to improper error handling in the RSA decryption process combined with a lack of path sanitization when writing uploaded files. When the plugin fails to decrypt a session key using openssl_private_decrypt(), it does not terminate execution and instead passes the boolean false value to the phpseclib library's AES cipher initialization. The library treats this false value as a string of null bytes, allowing an attacker to encrypt a malicious payload using a predictable null-byte key. Additionally, the plugin accepts filenames from the decrypted payload without sanitization, enabling directory traversal to escape the protected backup directory. This makes it possible for unauthenticated attackers to upload arbitrary PHP files to publicly accessible directories and achieve Remote Code Execution via the wpvivid_action=send_to_site parameter.