🚨 CRITICAL: CVE-2026-1868 in GitLab AI Gateway (18.1.6 – 18.8.0) allows remote code execution or DoS via Duo Workflow Service. Patch to 18.6.2, 18.7.1, or 18.8.1. Restrict workflow access & monitor for abuse! https://radar.offseq.com/threat/cve-2026-1868-cwe-1336-improper-neutralization-of--f5bf4abe #OffSeq #GitLab #Vuln #CVE20261868

Orgs that still daftly run Ivanti kit and didn't patch for CVE-2026-1281 (which is likely most b/c if you're still running Ivanti you have no idea how to do cyber or IT) are gonna have a really bad day today or later this week once they realize what happened to them over the weekend.

🚨 HIGH severity: Stack-based buffer overflow in Tenda RX3 (16.03.13.11) — CVE-2026-2185. Remote exploitation possible via MAC Filtering config. Public exploit released. Monitor and segment affected devices! https://radar.offseq.com/threat/cve-2026-2185-stack-based-buffer-overflow-in-tenda-5922d2b2 #OffSeq #Vulnerability #Infosec

✨ #Cve-2026-2185: Kritische Schwachstelle in Tenda-Routern
Ein veröffentlichter Proof-of-Concept-#Exploit für einen Remote-Buffer-Overflow erhöht das Risiko für ungepatchte Netzwerke erheblich.

🔗 https://p4u.xyz/ID_M-276VQJ/1 (🇩🇪🇺🇸🇫🇷)

#Infosec #Vulnerability #Release #Offseq #Loi #Bot

✨ #Cve-2026-2185: A High-Severity Threat to Network Infrastructure
A publicly released #Exploit for a critical buffer overflow in Tenda routers demands immediate action from network defenders.

🔗 https://p4u.xyz/ID_M-276VQJ/1 (🇩🇪🇺🇸🇫🇷)

#Infosec #Vulnerability #Release #Offseq #Loi #Bot

✨ #Cve-2026-2185 : Vulnérabilité Critique dans les Routeurs Tenda RX3
Une faille de dépassement de tampon accessible à distance compromet l'intégrité des réseaux, avec un #Exploit public disponible.

🔗 https://p4u.xyz/ID_M-276VQJ/1 (🇩🇪🇺🇸🇫🇷)

#Infosec #Vulnerability #Release #Offseq #Loi #Bot

IT management software company SmarterTools was hit by a ransomware attack through an unpatched vulnerability in its own SmarterMail product, specifically CVE-2026-24423. The attack, attributed to the Warlock ransomware group, impacted the company's office network and a data center, but not its public-facing website or customer portal. SmarterTools has since patched the vulnerability and advises customers to update their SmarterMail instances immediately.
https://www.securityweek.com/smartertools-hit-by-ransomware-via-vulnerability-in-its-own-product/

Global news highlights include the kickoff of the 2026 Winter Olympics in Italy (Feb 7). In technology, OpenAI launched its Frontier enterprise AI agent platform. Apple acquired AI startup Q.AI for $2B, while Google reported significant AI-driven profit gains. Intel and AMD warned of server CPU shortages impacting China due to AI demand. The EU is also scrutinizing TikTok's "addictive design".

Cybersecurity saw CISA warn of a critical SmarterMail vulnerability (CVE-2026-24423) actively exploited in ransomware campaigns (Feb 7). Italian authorities thwarted Russian cyberattacks targeting government and Olympic-related websites. A rise in AI-driven phishing attacks was also reported.

#News #Anonymous #AnonNews_irc

Hat tip to @JohnHammond @gleeda @russianpanda9xx et al

https://www.huntress.com/blog/active-exploitation-solarwinds-web-help-desk-cve-2025-26399

Masz mObywatela na iPhone? Sprawdź wersję. CERT ostrzega przed „podglądaczem” w multitaskingu

To drobiazg, ale kluczowy dla prywatności. CERT Polska potwierdził podatność w rządowej aplikacji mObywatel na iOS. Jeśli nie zaktualizowałeś jej w ostatnich dniach, Twój PESEL może świecić z ekranu nawet po wyjściu z aplikacji.

O co chodzi?

Błąd oznaczony jako CVE-2025-11598 dotyczy mechanizmu App Switcher (przełączania aplikacji). Gdy minimalizujesz aplikację na iPhone (przesuwając palcem od dołu), system robi jej „zrzut ekranu”, by wyświetlić go na karcie podglądu. Dobre aplikacje bankowe (i rządowe) powinny w tym momencie automatycznie zamazywać ekran (blur), by nikt, kto weźmie Twój telefon do ręki i wejdzie w listę otwartych apek, nie zobaczył stanu konta czy danych dowodu.

Wersje mObywatela poniżej 4.71.0 tego nie robiły. Efekt? Nieuprawniona osoba mogła podejrzeć Twoje dane bez logowania, po prostu przeglądając otwarte w tle aplikacje. Oczywiście wymagało to i tak fizycznego dostępu do Twojego iPhone’a i odblokowanego ekranu, ale niemniej problem z bezpieczeństwem istniał.

Co zrobić?

Sprawa jest prosta: wejdź do App Store i upewnij się, że masz wersję 4.71.0 lub nowszą. Poprawka już tam jest. Ten błąd w starszej wersji mObywatela wykrył i przesłał ekipie CERT.pl Maciej Krakowiak z DSecure.me.

mObywatel wchodzi w 2026 rok z polskim AI

🚨 CVE-2026-22904 (CRITICAL, CVSS 9.8): WAGO 0852-1322 vulnerable to stack-based buffer overflow via oversized HTTP cookies. RCE & DoS possible. Isolate devices, monitor traffic, deploy WAF/IPS. No patch yet. https://radar.offseq.com/threat/cve-2026-22904-cwe-121-stack-based-buffer-overflow-f7b2d93e #OffSeq #ICS #Vuln

#OT #Advisory VDE-2026-004
WAGO: Vulnerabilities in Managed Switch

Several vulnerabilities have been identified in the WAGO 852‑1328 device's web‑based management interface, which is implemented using a modified lighttpd server and custom CGI binaries. These issues include multiple stack buffer overflows, an authentication bypass, and insecure credential storage.
#CVE CVE-2026-22906, CVE-2026-22904, CVE-2026-22903, CVE-2026-22905

https://certvde.com/en/advisories/vde-2026-004/

#CSAF https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-004.json

🚨 CVE-2026-22906 (CRITICAL, CVSS 9.8): WAGO 0852-1322 uses a hardcoded AES key, letting unauthenticated attackers decrypt credentials from config files. No patch yet. Restrict access, segment networks, monitor closely! https://radar.offseq.com/threat/cve-2026-22906-cwe-321-use-of-hard-coded-cryptogra-e9045210 #OffSeq #ICS #OTSecurity

#OT #Advisory VDE-2026-004
WAGO: Vulnerabilities in Managed Switch

Several vulnerabilities have been identified in the WAGO 852‑1328 device's web‑based management interface, which is implemented using a modified lighttpd server and custom CGI binaries. These issues include multiple stack buffer overflows, an authentication bypass, and insecure credential storage.
#CVE CVE-2026-22906, CVE-2026-22904, CVE-2026-22903, CVE-2026-22905

https://certvde.com/en/advisories/vde-2026-004/

#CSAF https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-004.json

⚠️ CVE-2026-2151: HIGH severity OS command injection in D-Link DIR-615 v4.10 (DMZ Host/adv_firewall.php) enables unauthenticated remote code execution. No patch — replace or isolate affected routers ASAP. https://radar.offseq.com/threat/cve-2026-2151-os-command-injection-in-d-link-dir-6-3276f328 #OffSeq #DLink #CVE20262151 #Infosec