╔════[ DATA_BREACH ]══════════
│ Le violazioni di dati personali, all’interno di un’agenzia assicurativa, possono scaturire non soltanto da attacchi esterni o dagli incidenti derivanti dal furto o dallo smarrimento di smartphone e/o tablet, ma anche dall’errore umano e dalle negligenze del personale. Ecco gli adempimenti predisposti dall’intermediario assicurativo nella veste di titolare/contitolare/responsabile del trattamento
L'articolo Gestione dei data breach: vademecum pratico per la distribuzione assicurativa proviene da Cyber Security 360.
┌─[ METADATA ]───────────────────────┐
│ Source: https://www.cybersecurity360.it
│ Author: Stefano Petrussi
└────────────────────────────────────┘
╔════[ ITALY_INCIDENT ]══════
│ OpenClaw è un progetto open source, che ha conquistato oltre centomila stelle su GitHub e che permette di automatizzare attività attraverso moduli comunemente denominati skill, ha attirato l'attenzione dei cyber criminali. Ecco cosa emerge dall'analisi da parte di Bitdefender Labs delle skill malevole su OpenClaw
L'articolo La trappola delle skill malevoli su OpenClaw: moduli utili o payload nascosti proviene da Cyber Security 360.
┌─[ METADATA ]───────────────────────┐
│ Source: https://www.cybersecurity360.it
│ Author: Luisa Franchina e Tommaso Diddi
└────────────────────────────────────┘
╔════[ CRITICAL_CVE ]═════════
│ CVE ID : CVE-2026-1729
Published : Feb. 12, 2026, 2:15 a.m. | 5 hours, 29 minutes ago
Description : The AdForest theme for WordPress is vulnerable to authentication bypass in all versions up to, and including, 6.0.12. This is due to the plugin not properly verifying a user's identity prior to authenticating them through the 'sb_login_user_with_otp_fun' function. This makes it possible for unauthenticated attackers to log in as arbitrary users, including administrators.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
┌─[ METADATA ]───────────────────────┐
│ Source: https://cvefeed.io
| CVE ID : CVE-2026-1729
| Severity: 9.8 | CRITICAL
└────────────────────────────────────┘
╔════[ CRITICAL_CVE ]═════════
│ CVE ID : CVE-2026-26215
Published : Feb. 11, 2026, 11:16 p.m. | 8 hours, 28 minutes ago
Description : manga-image-translator version beta-0.3 and prior in shared API mode contains an unsafe deserialization vulnerability that can lead to unauthenticated remote code execution. The FastAPI endpoints /simple_execute/{method} and /execute/{method} deserialize attacker-controlled request bodies using pickle.loads() without validation. Although a nonce-based authorization check is intended to restrict access, the nonce defaults to an empty string and the check is skipped, allowing remote attackers to execute arbitrary code in the server context by sending a crafted pickle payload.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
┌─[ METADATA ]───────────────────────┐
│ Source: https://cvefeed.io
| CVE ID : CVE-2026-26215
| Severity: 9.3 | CRITICAL
└────────────────────────────────────┘
╔════[ CRITICAL_CVE ]═════════
│ CVE ID : CVE-2026-26021
Published : Feb. 11, 2026, 10:15 p.m. | 9 hours, 29 minutes ago
Description : set-in provides the set value of nested associative structure given array of keys. A prototype pollution vulnerability exists in the the npm package set-in (>=2.0.1,
Severity: 9.4 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
┌─[ METADATA ]───────────────────────┐
│ Source: https://cvefeed.io
| CVE ID : CVE-2026-26021
| Severity: 9.4 | CRITICAL
└────────────────────────────────────┘
╔════[ CRITICAL_CVE ]═════════
│ CVE ID : CVE-2020-37186
Published : Feb. 11, 2026, 9:16 p.m. | 10 hours, 28 minutes ago
Description : Chevereto 3.13.4 Core contains a remote code execution vulnerability that allows attackers to inject malicious code during database configuration installation. Attackers can manipulate the database table prefix parameter to write a PHP shell file and execute arbitrary system commands through a crafted POST request.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
┌─[ METADATA ]───────────────────────┐
│ Source: https://cvefeed.io
| CVE ID : CVE-2020-37186
| Severity: 9.8 | CRITICAL
└────────────────────────────────────┘
╔════[ CRITICAL_CVE ]═════════
│ CVE ID : CVE-2020-37184
Published : Feb. 11, 2026, 9:16 p.m. | 10 hours, 28 minutes ago
Description : Allok Video Converter 4.6.1217 contains a stack overflow vulnerability in the License Name input field that allows attackers to execute arbitrary code. Attackers can craft a specially designed payload to overwrite SEH handlers and execute system commands by injecting malicious bytecode into the input field.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
┌─[ METADATA ]───────────────────────┐
│ Source: https://cvefeed.io
| CVE ID : CVE-2020-37184
| Severity: 9.8 | CRITICAL
└────────────────────────────────────┘
╔════[ CRITICAL_CVE ]═════════
│ CVE ID : CVE-2020-37183
Published : Feb. 11, 2026, 9:16 p.m. | 10 hours, 28 minutes ago
Description : Allok RM RMVB to AVI MPEG DVD Converter 3.6.1217 contains a stack overflow vulnerability that allows attackers to execute arbitrary code by overwriting Structured Exception Handler (SEH) registers. Attackers can craft a malicious payload in the License Name input field to trigger a buffer overflow and execute system commands like calc.exe.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
┌─[ METADATA ]───────────────────────┐
│ Source: https://cvefeed.io
| CVE ID : CVE-2020-37183
| Severity: 9.8 | CRITICAL
└────────────────────────────────────┘
╔════[ CRITICAL_CVE ]═════════
│ CVE ID : CVE-2020-37181
Published : Feb. 11, 2026, 9:16 p.m. | 10 hours, 28 minutes ago
Description : Torrent FLV Converter 1.51 Build 117 contains a stack overflow vulnerability that allows attackers to overwrite Structured Exception Handler (SEH) through a malicious registration code input. Attackers can craft a payload with specific offsets and partial SEH overwrite techniques to potentially execute arbitrary code on vulnerable Windows 32-bit systems.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
┌─[ METADATA ]───────────────────────┐
│ Source: https://cvefeed.io
| CVE ID : CVE-2020-37181
| Severity: 9.8 | CRITICAL
└────────────────────────────────────┘
╔════[ CRITICAL_CVE ]═════════
│ CVE ID : CVE-2020-37176
Published : Feb. 11, 2026, 9:16 p.m. | 10 hours, 28 minutes ago
Description : Torrent 3GP Converter 1.51 contains a stack overflow vulnerability that allows attackers to execute arbitrary code by overwriting Structured Exception Handler (SEH) registers. Attackers can craft a malicious payload targeting the application's registration dialog to trigger code execution and open the calculator through carefully constructed buffer overflow techniques.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
┌─[ METADATA ]──��────────────────────┐
│ Source: https://cvefeed.io
| CVE ID : CVE-2020-37176
| Severity: 9.8 | CRITICAL
└────────────────────────────────────┘
╔════[ CRITICAL_CVE ]═════════
│ CVE ID : CVE-2020-37153
Published : Feb. 11, 2026, 9:16 p.m. | 10 hours, 28 minutes ago
Description : ASTPP 4.0.1 contains multiple vulnerabilities including cross-site scripting and command injection in SIP device configuration and plugin management interfaces. Attackers can exploit these flaws to inject system commands, hijack administrator sessions, and potentially execute arbitrary code with root permissions through cron task manipulation.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
┌─[ METADATA ]───────────────────────┐
│ Source: https://cvefeed.io
| CVE ID : CVE-2020-37153
| Severity: 9.8 | CRITICAL
└────────────────────────────────────┘
╔════[ THREAT ]══════════════
│ A significant chunk of the exploitation attempts targeting a newly disclosed security flaw in Ivanti Endpoint Manager Mobile (EPMM) can be traced back to a single IP address on bulletproof hosting infrastructure offered by PROSPERO.
Threat intelligen…
┌─[ METADATA ]───────────────────────┐
│ Source: https://thehackernews.com
│ Author: info@thehackernews.com (The Hacker News)
└────────────────────────────────────┘
╔════[ THREAT ]══════════════
│ Apple on Wednesday released iOS, iPadOS, macOS Tahoe, tvOS, watchOS, and visionOS updates to address a zero-day flaw that it said has been exploited in sophisticated cyber attacks.
The vulnerability, tracked as CVE-2026-20700 (CVSS score: N/A), has b…
┌─[ METADATA ]───────────────────────┐
│ Source: https://thehackernews.com
│ Author: info@thehackernews.com (The Hacker News)
└────────────────────────────────────┘
╔════[ THREAT ]══════════════
│ Google Threat Intelligence Group (GTIG) has published a new report warning about AI model extraction/distillation attacks, in which private-sector firms and researchers use legitimate API access to systematically probe models and replicate their logi…
┌─[ METADATA ]───────────────────────┐
│ Source: https://www.bleepingcomputer.com
│ Author: Bill Toulas
└────────────────────────────────────┘
╔════[ THREAT ]══════════════
│ Apple has released security updates to fix a zero-day vulnerability that was exploited in an "extremely sophisticated attack" targeting specific individuals. [...]…
┌─[ METADATA ]───────────────────────┐
│ Source: https://www.bleepingcomputer.com
│ Author: Lawrence Abrams
└────────────────────────────────────┘
╔════[ THREAT ]══════════════
│ Microsoft has fixed a "remote code execution" vulnerability in Windows 11 Notepad that allowed attackers to execute local or remote programs by tricking users into clicking specially crafted Markdown links, without displaying any Windows security war…
┌─[ METADATA ]───────────────────────┐
│ Source: https://www.bleepingcomputer.com
│ Author: Lawrence Abrams
└────────────────────────────────────┘
╔════[ THREAT ]══════════════
│ The AgreeTo add-in for Outlook has been hijacked and turned into a phishing kit that stole more than 4,000 Microsoft account credentials. [...]…
┌─[ METADATA ]───────────────────────┐
│ Source: https://www.bleepingcomputer.com
│ Author: Bill Toulas
└────────────────────────────────────┘
╔════[ THREAT ]══════════════
│ Impacting the ‘dyld’ system component, the memory corruption issue can be exploited for arbitrary code execution.
The post Apple Patches iOS Zero-Day Exploited in ‘Extremely Sophisticated Attack’ appeared first on SecurityWeek.…
┌─[ METADATA ]───────────────────────┐
│ Source: https://www.securityweek.com
│ Author: Ionut Arghire
└────────────────────────────────────┘
╔════[ THREAT ]══════════════
│ Comments…
┌─[ METADATA ]───────────────────────┐
│ Source: https://calyxos.org
│ Author: calyxos.org via DerGuteMoritz
└────────────────────────────────────┘
╔════[ THREAT ]══════════════
│ Comments…
┌─[ METADATA ]───────────────────────┐
│ Source: https://www.terracenetworks.com
│ Author: terracenetworks.com via gerikson
└────────────────────────────────────┘