Critical Nginx UI Vulnerability Exposes Server Backups and Sensitive Data
https://thecyberexpress.com/cve-2026-27944-nginx-ui-backup-vulnerability/?utm_source=flipboard&utm_medium=activitypub

Posted into Cybersecurity Today @cybersecurity-today-rhudaur

Vulnerabilidad grave en la fantástica nueva versión de Bloc de notas:

El CVE:
👉 https://www.cve.org/CVERecord?id=CVE-2026-20841

La explicación:

Si abres un archivo de texto MarkDown (MD) que tenga un enlace... dicho enlace puede EJECUTAR CUALQUIER COSA en la máquina.

La URL que hay adentro del enlace, al cual puedes hacer click, la ejecuta Bloc de notas a pelo utilizando "ShellExecuteExW":

👉 https://learn.microsoft.com/en-us/windows/win32/api/shellapi/nf-shellapi-shellexecuteexw

#ciberseguridad #cybersecurity #windows #notepad #blocdenotas

🚩 CVE-2026-3768 (HIGH, CVSS 8.7): Stack buffer overflow in Tenda F453 v1.0.0.3 — remote, unauthenticated exploit possible. Public exploit code released. Patch ASAP or restrict remote access! https://radar.offseq.com/threat/cve-2026-3768-stack-based-buffer-overflow-in-tenda-9b634f69 #OffSeq #CVE20263768 #RouterSecurity #Infosec

@cdn0x12 感觉CVE-2026-28432这个问题长毛象前年（？）似乎也有类似的，后来修好了。

Moe.Pub更新完成！

今回のアップデートでは重大な脆弱性を修正しています。可及的速やかにアップデートしてください。
This update contains serious vulnerability fixes. Please update to this or the latest version of Misskey as soon as possible.
本次更新修复了多个重要漏洞。请尽快更新至此版本或最新版本的 Misskey。

Release2026.3.1：https://github.com/misskey-dev/misskey/releases/tag/2026.3.1
非官方公告：https://transfem.social/notes/ajkq30j9wury01jb
Docker更新：https://misskey-hub.net/cn/docs/for-admin/install/guides/docker/
更新日志：https://github.com/misskey-dev/misskey/blob/master/CHANGELOG.md
实例：https://moe.pub / https://mk.moe.pub
开放注册：True

#fediverse #misskey #CVE202628431 #CVE202628432 #CVE202628433 #CVE #Update

⚠️ HIGH severity: CVE-2026-3804 in Tenda i3 v1.0.0.6(2204) enables remote stack-based buffer overflow via /goform/WifiMacFilterSet. Exploit is public — prioritize mitigation or isolation. https://radar.offseq.com/threat/cve-2026-3804-stack-based-buffer-overflow-in-tenda-c824133f #OffSeq #Vulnerability #Tenda #InfoSec

🚩 CVE-2026-3769: HIGH severity vuln in Tenda F453 (v1.0.0.3) — stack-based buffer overflow in /goform/WrlclientSet. Public exploit released! Limit remote access, monitor traffic, apply mitigations. Details: https://radar.offseq.com/threat/cve-2026-3769-stack-based-buffer-overflow-in-tenda-7dc11ff5 #OffSeq #NetworkSecurity #Vuln

🔴 CVE-2026-3630: CRITICAL stack-based buffer overflow in DeltaWW COMMGR2 (ver 0) enables unauthenticated RCE. No patch available. Segment networks, enable IDS/IPS, & monitor for exploitation. Details: https://radar.offseq.com/threat/cve-2026-3630-cwe-121-stack-based-buffer-overflow--c00e7f15 #OffSeq #ICS #Vuln #CyberSecurity

https://nvd.nist.gov/vuln/detail/CVE-2025-56132

"You can enumerate email addresses by sending a request to password_reset with different test emails and seeing how the server responds"

so we're assigning CVEs to basic HTB tricks now huh?

Critical Cisco Catalyst SD-WAN vulnerability (CVE-2026-20127, CVSS 10.0) is now under widespread exploitation.

Attackers are deploying webshells after the flaw moved from targeted zero-day use to global opportunistic campaigns.

https://www.technadu.com/cisco-catalyst-sd-wan-flaw-is-now-fcing-widespread-exploitation/622887/

Have your systems been patched?

#infosec #cybersecurity #cisco #zeroday #threatintel

Latest Geopolitical, Technology, and Cybersecurity Update (March 6-7, 2026):

Russia is reportedly sharing intelligence with Iran to target US forces in the Middle East, escalating tensions. Cybersecurity faces critical threats as a Cisco SD-WAN flaw (CVE-2026-20127) has been exploited since 2023, and a Qualcomm zero-day (CVE-2026-21385) affects 234 chipsets. Meanwhile, rapid AI advancements are intensifying regulatory debates globally.

#Cybersecurity #Geopolitics #TechNews