🚨 CISA KEV 1[−]
13 Feb KEVCISA Adds One Known Exploited Vulnerability to CatalogCISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog , based on evidence of active exploitation. CVE-2026-1731 BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA) OS Command Injection Vulnerability These types of vulnerabi…CISA.GOV
🐛 COMMON VULNERABILITIES AND EXPOSURES 12[−]
13 FebCVE-2026-21517 Windows App for Mac Installer Elevation of Privilege VulnerabilityDownload links fixedMSRC.MICROSOFT.COM
13 FebZDI-26-105: MLflow Tracking Server Artifact Handler Directory Traversal Remote Code Execution VulnerabilityThis vulnerability allows remote attackers to execute arbitrary code on affected installations of MLflow Tracking Server. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.1. The following CVEs are assigned: CVE-2026-2033.ZERODAYINITIATIVE.COM
13 FebZDI-26-104: Sante DICOM Viewer Pro DCM File Parsing Buffer Overflow Remote Code Execution VulnerabilityThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante DICOM Viewer Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVS…ZERODAYINITIATIVE.COM
13 FebZDI-26-103: Oracle VirtualBox VMSVGA Out-Of-Bounds Access Local Privilege Escalation VulnerabilityThis vulnerability allows local attackers to escalate privileges on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The ZDI has assigned a CVS…ZERODAYINITIATIVE.COM
13 FebZDI-26-102: Oracle VirtualBox VMSVGA Out-Of-Bounds Write Local Privilege Escalation VulnerabilityThis vulnerability allows local attackers to escalate privileges on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The ZDI has assigned a CVS…ZERODAYINITIATIVE.COM
13 FebZDI-26-101: Oracle VirtualBox BusLogic Uninitialized Memory Information Disclosure VulnerabilityThis vulnerability allows local attackers to disclose sensitive information on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The ZDI has ass…ZERODAYINITIATIVE.COM
13 FebZDI-26-100: Oracle VirtualBox LsiLogic Uninitialized Memory Information Disclosure VulnerabilityThis vulnerability allows local attackers to disclose sensitive information on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The ZDI has ass…ZERODAYINITIATIVE.COM
13 FebZDI-26-099: Oracle VirtualBox VMSVGA Race Condition Local Privilege Escalation VulnerabilityThis vulnerability allows local attackers to escalate privileges on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The ZDI has assigned a CVS…ZERODAYINITIATIVE.COM
13 FebZDI-26-098: Oracle VirtualBox VMSVGA Use-After-Free Local Privilege Escalation VulnerabilityThis vulnerability allows local attackers to escalate privileges on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The ZDI has assigned a CVS…ZERODAYINITIATIVE.COM
13 FebZDI-26-097: Oracle VirtualBox VMSVGA Heap-based Buffer Overflow Local Privilege Escalation VulnerabilityThis vulnerability allows local attackers to escalate privileges on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The ZDI has assigned a CVS…ZERODAYINITIATIVE.COM
13 FebZDI-26-096: Dassault Systèmes eDrawings Viewer EPRT File Parsing Heap-based Buffer Overflow Remote Code Execution VulnerabilityThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Dassault Syst��mes eDrawings Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has a…ZERODAYINITIATIVE.COM
13 FebZDI-26-095: Dassault Systèmes eDrawings Viewer EPRT File Parsing Out-Of-Bounds Write Remote Code Execution VulnerabilityThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Dassault Syst��mes eDrawings Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has a…ZERODAYINITIATIVE.COM
⚠️ VULNERABILITY DISCLOSURE 2[−]
13 FebExploited Microsoft Vulnerabilities, Phishing Tactics & Romance Scams: Cybersecurity TodayIn this episode of Cybersecurity Today with host Jim Love, we discuss six critical exploited Microsoft vulnerabilities, new phishing tactics using your own servers, and a zero-click vulnerability in Claude's code desktop extensions. We also explore trends in modern romance scams …CYBERSECURITYTODAY.LIBSYN.COM
📢 SECURITY ADVISORIES 1[−]
🕵️ THREAT INTELLIGENCE 2[−]
13 FebFake AI Chrome extensions with 300K users steal credentials, emailssubmitted by cm0002 to cybersecurity 15 points | 2 comments https://www.bleepingcomputer.com/news/security/fake-ai-chrome-extensions-with-300k-users-steal-credentials-emails/ A malicious campaign of 30 Chrome extensions masquerading as AI assistants has infected over 300,000 user…INFOSEC.PUB
13 FebOff-Topic Fridaysubmitted by shellsharks to cybersecurity 11 points | 0 comments Wanna chat about something non-infosec amongst those of us who frequent /c/cybersecurity? Here’s your chance! (Keep things civil & respectful please)INFOSEC.PUB
📡 INFOSEC NEWS 1[−]
13 FebHow tech is rewiring romance: dating apps, AI relationships, and emoji | Kaspersky official blogWhy do we have a love-hate relationship with dating apps, and what are they doing to our brains? Can an emoji start a war? Is marrying an AI actually a thing? We’re exploring how modern tech is redefining love and our very ideas of it.KASPERSKY.COM