VulnHub

Researchers have discovered a critical vulnerability in the vm2 library, a popular Node.js sandbox used to execute untrusted code. This security flaw, identified as CVE-2026-22709, enables attackers to escape the sandbox environment and execute arbitrary code on the host system. This poses a significant risk to applications that rely on this library for secure code execution. Developers using vm2 should take immediate action to protect their systems, as the implications could lead to unauthorized access and control over sensitive data. It's crucial for users to stay informed about this vulnerability and implement necessary safeguards to prevent exploitation.

SoundCloud has experienced a significant data breach, affecting nearly 30 million user accounts. Hackers accessed personal and contact information, raising concerns about user privacy and security. This breach underscores the vulnerability of online platforms to cyberattacks, highlighting the need for stronger security measures. Users whose accounts were compromised should be vigilant about potential phishing scams and consider changing their passwords. SoundCloud has not yet detailed how the breach occurred, leaving many questions about the effectiveness of their security protocols.

Researchers from SEC Consult have identified over 20 vulnerabilities in Dormakaba's physical access control systems, specifically those using the exos 9300 platform. These flaws could allow attackers to remotely unlock doors at major organizations, posing a significant security risk. The vulnerabilities are serious enough that they could be exploited to gain unauthorized access to sensitive areas within facilities. Organizations using Dormakaba systems should prioritize applying any patches or updates provided by the vendor to mitigate these risks. This discovery raises concerns about the security of physical access controls, which are essential for protecting sensitive locations.

A serious vulnerability has been discovered in all versions of GNU InetUtils telnetd, specifically those ranging from 1.9.3 to 2.7. This flaw, which allows remote attackers to bypass authentication, has gone unnoticed for nearly 11 years. Given the age of this issue, many systems may still be running vulnerable versions, putting users at risk. The discovery emphasizes the need for organizations to audit their systems and ensure they are not using outdated software. Users and administrators should take immediate action to update or patch their systems to mitigate potential exploitation.

Recent research has revealed that attackers can now conduct more efficient intrusions targeting page caches in Linux systems. The study highlights vulnerabilities in how Linux manages memory, particularly in the page cache, which can be manipulated to access sensitive information. This development poses a risk to a wide range of Linux distributions, potentially affecting servers and workstations that rely on this operating system. As the efficiency of these attacks increases, companies and users need to be aware of the potential for data breaches and take preventive measures. It’s crucial for system administrators to stay informed and implement appropriate security protocols to mitigate these risks.

The Global Cybersecurity Vulnerability Exploit (GCVE) initiative aims to improve how security flaws are tracked globally, promoting better collaboration among cybersecurity professionals. However, there are growing concerns about potential fragmentation within vulnerability databases. Critics warn that the introduction of duplicate entries and a decentralized approach could complicate the efforts of defenders, making it harder to manage and respond to vulnerabilities effectively. The implications of this fragmentation may lead to confusion and inefficiencies in addressing security threats, affecting organizations that rely on these databases to protect their systems. As the cybersecurity community continues to evolve, finding a balance between collaboration and centralization will be crucial to enhancing overall security.

GitLab has addressed a serious vulnerability in its authentication services that allowed attackers to bypass two-factor authentication (2FA). This flaw was due to an unchecked return value, which meant that if an attacker knew a target's account ID, they could submit fake device responses to gain unauthorized access. The issue is particularly concerning as it undermines a key security feature—2FA—that many users rely on to protect their accounts. GitLab has released patches to fix this vulnerability, and users are urged to update their systems promptly to ensure their accounts remain secure. This incident serves as a reminder of the importance of robust security measures in software development and the need for vigilance against potential exploits.

A serious vulnerability has been discovered in the GNU InetUtils telnet daemon (telnetd) that has existed for nearly 11 years. This flaw, identified as CVE-2026-24061, allows attackers to bypass authentication remotely and gain root access to affected systems. It impacts all versions of GNU InetUtils from 1.9.3 to 2.7. Given its high CVSS score of 9.8, this vulnerability poses a significant risk to organizations still using these versions. Users and administrators should prioritize addressing this issue to prevent unauthorized access to their systems.