📰 Apple & Google Issue Emergency Patches for 'GhostTouch' Zero-Click RCE Flaw (CVE-2026-23456)

🚨 URGENT: Apple & Google issue emergency patches for 'GhostTouch' (CVE-2026-23456), a zero-click RCE flaw affecting billions of devices. Actively exploited to deliver spyware via a malicious image. UPDATE your iPhone & Android NOW! 📱 #ZeroClick #V...

🔗 https://cyber.netsecops.io/articles/apple-google-release-emergency-patches-for-ghosttouch-zero-click-flaw/?utm_source=mast…

🟠 CVE-2025-67274 - High (7.5)

An issue in continuous.software aangine v.2025.2 allows a remote attacker to obtain sensitive information via the excel-integration-service template download module, integration-persistence-service job listing module, portfolio-item-service data r...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-67274/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

🟠 CVE-2026-24828 - High (7.5)

Missing Release of Memory after Effective Lifetime vulnerability in Is-Daouda is-Engine.This issue affects is-Engine: before 3.3.4.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24828/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

🔴 CVE-2025-52025 - Critical (9.4)

An SQL Injection vulnerability exists in the GetServiceByRestaurantID endpoint of the Aptsys gemscms POS Platform backend thru 2025-05-28. The vulnerability arises because user input is directly inserted into a dynamic SQL query syntax without pro...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-52025/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

🔴 CVE-2026-22583 - Critical (9.8)

Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in Salesforce Marketing Cloud Engagement (CloudPagesUrl module) allows Web Services Protocol Manipulation. This issue affects Marketing Cloud Engageme...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-22583/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

第288回 投げます。一石、！スペシャル！ - podcast - #セキュリティのアレ https://www.tsujileaks.com/?p=2172

2026年1月19日公開の #セキュリティのアレ
・生成AIによる音声からのなりすまし詐欺から始める、様々なコミュニケーション(電話/LINE/ChatWorkなど)におけるなりすまし手口
・Cisco Secure Email製品における脆弱性: CVE-2025-20393

お便りコーナーの「ログアウトする・しない」も興味深く聴きました

一つの手口ではなく類似の手口を複数並べることで共通項が見えてきて面白いです／コミュニケーションツールの使い方は場所によって様々だから、それぞれの中の人が「汎用的な手口を理解し、技術的に対策した上でその手口に気をつける」とよさそう。あと状況次第で誰でもなりすましに引っかかると思うから、「引っかからないこと」に注意を促すだけじゃなく、素早い事後対応も大事にしたい／LastPass, FerrariのCEOディープフェイクへの対策も勉強になる

🔴 CVE-2025-52024 - Critical (9.4)

A vulnerability exists in the Aptsys POS Platform Web Services module thru 2025-05-28, which exposes internal API testing tools to unauthenticated users. By accessing specific URLs, an attacker is presented with a directory-style index listing all...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-52024/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

🔴 CVE-2026-22709 - Critical (9.8)

vm2 is an open source vm/sandbox for Node.js. In vm2 prior to version 3.10.2, `Promise.prototype.then` `Promise.prototype.catch` callback sanitization can be bypassed. This allows attackers to escape the sandbox and run arbitrary code. In lib/setu...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-22709/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

🔴 CVE-2026-22582 - Critical (9.8)

Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in Salesforce Marketing Cloud Engagement (MicrositeUrl module) allows Web Services Protocol Manipulation. This issue affects Marketing Cloud Engagemen...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-22582/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack