LATEST ARTICLES

Trump’s Federal Reserve pick makes DC rounds as GOP senator stalls confirmation

PR Tech News US
-
0
Trump’s Federal Reserve pick makes DC rounds as GOP senator stalls confirmation

NEWYou can now listen to Fox News articles!

President Donald Trump’s Federal Reserve chair nominee, Kevin Warsh, will meet Tuesday with Sen. Thom Tillis, R-N.C., the Republican who has been holding up his nomination amid GOP concerns tied to a criminal probe involving Fed Chair Jerome Powell.

Tillis told Fox News Digital he supports Warsh, whom Trump tapped in January, but said he wants the Powell investigation resolved before he can vote to move the nomination forward.

On Jan. 11, Powell confirmed that the Justice Department had opened a criminal investigation into his congressional testimony related to the renovation of the Federal Reserve’s two historic main buildings on Washington, D.C.’s National Mall. 

TRUMP NOMINATES KEVIN WARSH TO SUCCEED JEROME POWELL AS FEDERAL RESERVE CHAIR

Kevin Warsh, former governor of the U.S. Federal Reserve.

Kevin Warsh was among Trump’s leading candidates to replace Federal Reserve Chair Janet Yellen in 2017. However, Trump ultimately picked Powell for the role. (Tierney L. Cross/Bloomberg via Getty Images)

“I have very few questions. I’m a real fan of [Warsh] and I’m hoping we can get disposed of the Powell investigation, so I’d be in a position to vote for him,” Tillis told Fox News Digital.

“I have no problems at all with him. I’m looking forward to meeting him, because, like I said, I’ve been a fan,” he added.

Tillis has vowed to block any Federal Reserve nominee until the Trump administration concludes its criminal probe involving Powell. As a member of the Senate Banking Committee, his hold is especially consequential. Overriding it would require a discharge vote on the Senate floor, an extraordinary step that needs 60 votes and is widely seen as a long shot.

Trump tapped Warsh to succeed Powell, whose term as chair ends in May, but he must first win Senate confirmation by a simple majority — a process that typically starts with a hearing and vote in the Senate Banking Committee.

TRUMP’S FED PICK KEVIN WARSH FACES UNEXPECTED ROADBLOCK OVER ONGOING POWELL PROBE

Sen. Thom Tillis, R-N.C., speaks to reporters after a vote in the U.S. Capitol on Thursday, December 18, 2025.

Sen. Thom Tillis, R-N.C., sits on the Senate Banking Committee, which must advance Fed nominees before the full Senate can confirm them. (Bill Clark/CQ-Roll Call, Inc. via Getty Images)

Warsh’s potential ascent to the top of the world’s most powerful central bank comes at a turbulent moment for the Federal Reserve. 

With the Justice Department conducting a criminal probe involving Powell, the Supreme Court weighing limits on the Fed’s independence, and rising cost-of-living pressures testing Trump’s economic agenda, the stakes for the next chair are intensifying.

What began as tension over interest-rate policy has spiraled into a broader confrontation, marking one of the most challenging stretches of Powell’s eight-year tenure leading the Fed.

Powell called the DOJ investigation “unprecedented” in a video statement and another example of what he described as Trump’s ongoing threats lobbed at the central bank. His unusually public response, after days of private consultation with advisors, marked a sharp departure from his typically measured approach.

TRUMP VS THE FEDERAL RESERVE: HOW THE CLASH REACHED UNCHARTED TERRITORY

Powell, widely viewed as one of the most crisis-tested Federal Reserve chairs in modern U.S. history, built his career as a lawyer and investment banker in New York before entering public service in the administration of President George H.W. Bush. 

He joined the Federal Reserve’s Board of Governors in 2012 and was nominated by Trump to lead the central bank in 2017.

CLICK HERE TO DOWNLOAD THE FOX NEWS APP

President Donald Trump speaks to Fed Chair Jerome Powell at Federal Reserve construction site

President Donald Trump speaks to Fed Chair Jerome Powell during a tour of the Federal Reserve in Washington, D.C., on Thursday, July 24, 2025. (Daniel Torok/Official White House Photo)

Like Powell, Warsh is not an economist by training. Instead, he brings a background in law and finance that has shaped his views on the Federal Reserve.

He earned a bachelor’s degree in public policy from Stanford University in 1992 and a law degree from Harvard in 1995. He built his career at Morgan Stanley and, at 35, became the youngest person to serve on the Fed’s board in 2006.

Though he stepped down in 2011, he was widely recognized as the Fed’s key liaison to Wall Street during the 2008 financial crisis. He previously worked in the Bush administration as a special assistant to the president for economic policy and executive secretary at the National Economic Council.

Warsh was among Trump’s leading candidates to replace Federal Reserve Chair Janet Yellen in 2017. However, Trump ultimately appointed Powell to the role.

Amanda covers the intersection of business and politics for Fox News Digital.



Source link

Critical defect in Java security engine poses serious downstream security risks

Raj Bhat
-
0
Critical defect in Java security engine poses serious downstream security risks

A maximum-severity vulnerability in pac4j, an open-source library integrated into hundreds of software packages and repositories, poses a significant security threat, but has thus far received scant attention.

The defect in the Java security engine, which handles authentication across multiple frameworks, has not been exploited in the wild since code review firm CodeAnt AI published a proof-of-concept exploit last week. The company discovered the vulnerability and privately reported it to pac4j’s maintainer, which disclosed the defect and released patches for affected versions of the library within two days.

Some researchers told CyberScoop they are concerned about the vulnerability — CVE-2026-29000 — because it affects a widely deployed Java security engine that attackers can exploit with relative ease.

“A threat actor only needs to access a server’s public RSA key to attempt exploitation,” researchers at Arctic Wolf Labs said in an email. 

These public keys, which are shared openly, are used to encrypt data and enable identity authentication. Attackers can trigger the defect and bypass authentication by forging a JSON Web Token (JWT) or deploy raw JSON claims via JSON Web Encryption (JWE) in pac4j-jwt to break into a system with the highest privileges.

“It is currently too early into the lifecycle of this vulnerability to tell if it will materialize into a major threat but the fact that it is a vulnerability in a library makes it more challenging to assess the potential risk,” researchers at Arctic Wolf Labs said. “Downstream consumers of the library may end up needing to issue their own advisories, as we’ve seen with other similar vulnerabilities in the past.”

Amartya Jha, co-founder and CEO at CodeAnt AI, warned that anyone with basic JWT knowledge can achieve exploitation. The vulnerability is a “logic flaw that no pattern-matching scanner or rule-based static application security testing tool would surface, because there’s no single line of code that’s wrong.”

The downstream security risk, as is often the case with open-source software, is widespread. The authentication module for pac4j is integrated into multiple frameworks, including Spring Security, Play Framework, Vert.x, Javalin and others, Jha said.

Many organizations may not realize they depend on pac4j-jwt because it’s not always declared in build files, he added. CodeAnt said it has contacted hundreds of maintainers in the past week to warn them that their packages and repositories are impacted by the vulnerability, which has a CVSS rating of 10.

Researchers haven’t observed any additional PoC exploit code, but they noted the exploit path is easy to reproduce. 

“The conditions for exploitation are favorable,” Jha said. “It’s pre-authentication, requires no secrets, the PoC is public, and the attack surface includes any internet-facing application or API gateway using the affected configuration. The window between public PoC and patch adoption is where the risk is highest.”

Matt Kapko

Written by Matt Kapko

Matt Kapko is a reporter at CyberScoop. His beat includes cybercrime, ransomware, software defects and vulnerability (mis)management. The lifelong Californian started his journalism career in 2001 with previous stops at Cybersecurity Dive, CIO, SDxCentral and RCR Wireless News. Matt has a degree in journalism and history from Humboldt State University.



Source link

Global airlines hike ticket prices as Iran war sends costs soaring | US-Israel war on Iran News

PR Tech News
-
0
Global airlines hike ticket prices as Iran war sends costs soaring | US-Israel war on Iran News

Australia’s Qantas Airways, Scandinavia’s SAS and Air New Zealand have announced airfare hikes, blaming an abrupt spike in the cost of fuel caused by the US-Israel attack on Iran that is rattling the global aviation sector.

Jet fuel prices, which were around $85 to $90 per barrel before the attack on Iran, have soared to between $150 and $200, New Zealand’s flag carrier said on Tuesday as it suspended its financial outlook for 2026 due to uncertainty over the conflict.

Recommended Stories

list of 4 itemsend of list

The war, which disrupted shipping via the world’s most vital oil export route, has sent oil prices surging, upending global travel, pushing airline ticket prices on some routes sky-high, and sparking fears of a deep travel slump.

“Increases of this magnitude make it necessary to react in order to maintain stable and reliable operations,” an SAS spokesperson said in a statement to Reuters, adding it had implemented a “temporary price adjustment”.

The largest Scandinavian airline last year temporarily adjusted its fuel hedging policy due to uncertain market conditions and said that it had no fuel consumption hedged for the following 12 months.

Several Asian and European airlines, including Lufthansa and Ryanair, have oil hedging in place, securing a part of their fuel supplies at fixed prices.

Finnair, which had hedged over 80 percent of its first-quarter fuel purchases, warned that even the availability of fuel could be at risk if the conflict dragged on.

“A prolonged crisis could affect not only the price of fuel, but also its availability, at least temporarily,” a Finnair spokesperson said, adding that this was not happening yet.

Kuwait, a major jet fuel exporter to northwest Europe, has faced output cuts.

Airspace chaos

Highlighting the airspace chaos in the Middle East, planes arriving in Dubai were briefly placed in a holding pattern on Tuesday due to a potential missile attack, flight tracking service Flightradar24 said on X. The planes eventually landed.

Qantas said in addition to increasing international fares, it was exploring redeploying capacity to Europe as airlines and passengers seek to evade disruptions in the Middle East, where drone and missile fire have curtailed flights.

Airfares have soared on Asia-Europe routes due to airspace closures and capacity constraints, and Hong Kong’s Cathay Pacific Airways said on Tuesday it was adding extra flights to London and Zurich in March.

Air New Zealand said it had raised one-way economy fares by 10 New Zealand dollars ($6) on domestic routes, 20 New Zealand dollars ($12) on short-haul international services and 90 New Zealand dollars ($53) on long-haul ones, with more adjustments to prices and schedules possible if jet fuel costs remain elevated.

Hong Kong Airlines said on its website that it would raise its fuel surcharges by up to 35.2 percent from Thursday, with the sharpest increase on flights between Hong Kong and the Maldives, Bangladesh and Nepal.

Still, some European airlines said they saw no near-term need to act yet. A spokesperson for British Airways owner IAG said it was well-hedged for the immediate future and had no plans to change ticket prices.

British Airways said on Tuesday that it had brought forward the end of its winter-season flights to Abu Dhabi because of the “continuing uncertainty”, cancelling all services until near the end of the year that were scheduled to run until April 11.

Airline stocks stabilise

Some airline stocks rose and oil prices fell to around $90 a barrel on Tuesday from a high of $119 on Monday after United States President Donald Trump said on Monday that the war could be over soon.

When markets opened in Europe, airline shares were up between 4 percent and 7 percent. Shares of major US carriers Delta Air Lines, United Airlines, Southwest Airlines and American Airlines were down between 2 percent and 4 percent in early trading.

US airlines rely less on hedging than their European and Asian rivals in managing their fuel costs, making their shares more vulnerable to oil’s volatility.

In Asia, Qantas closed 0.5 percent higher, Korean Air Lines rose 3 percent and Cathay Pacific was up 3.6 percent. All had recorded sharp declines on Monday.

Fuel is the second-largest expense for air carriers after labour, typically accounting for a fifth to a quarter of operating expenses.

Shrinking airspace

In addition to high fuel costs, tightening airspace also threatens to derail the global travel industry, as pilots reroute to avoid the Middle East conflict and capacity on popular routes fills up.

Emirates, Qatar Airways and Etihad typically jointly account for about one-third of the passenger traffic between Europe and Asia and fly more than half of all passengers from Europe to Australia, New Zealand and nearby Pacific Islands, according to Cirium.

European airlines have already struggled with the shortage of available airspace created by the war in Ukraine, with many avoiding Russian airspace and flying longer international routes. Now, with even less available airspace, they say their business has become even more challenging.



Source link

Playstation gamers could receive £2bn compensation if lawsuit succeeds | Science, Climate & Tech News

PR Tech UK News
-
0
Playstation gamers could receive £2bn compensation if lawsuit succeeds | Science, Climate & Tech News

PlayStation gamers could be owed £2bn in compensation, according to a lawsuit launched today.

If successful, the class action case brought by consumer champion Alex Neill could mean cheaper PlayStation games and UK gamers receiving around £162 each in compensation.

The case hinges on how the digital PlayStation Store, run by the console’s manufacturer Sony, operates.

Ms Neill argues Sony has been “exploiting its UK customers, by charging them too much” for digital games and in-game content.

Person picks a game on the PlayStation Store
Image: Person picks a game on the PlayStation Store

The lawsuit claims Sony broke competition law through its control of the PlayStation Store, meaning that “Sony has a near monopoly on the sale of digital games and add-on content”.

Developers are charged around 30% commission for selling games in the store and Sony sets the price of games.

Ms Neill says this has resulted in “excessive and unfair prices” for gamers, with the digital games allegedly costing around 20% more than physical copies.

A selection of physical PlayStation games
Image: A selection of physical PlayStation games

The “class action” aspect of the lawsuit means that anyone living in the UK who bought a PlayStation game between August 2016 and February this year is automatically included – unless they already opted out.

That’s an estimated 12.2 million people.

Read more science and technology news:
MPs vote down social media ban for under-16s
The planet just got incredibly close to breaching landmark global warming target
AI tech firm Anthropic sues over blacklisting by Pentagon

Sony is contesting the claims.

The company didn’t respond to a request for comment by Sky News. But in its legal filing, Sony argues that its distribution model is justified because allowing third-party stores for downloads would introduce security and privacy risks.

The PlayStation Store is the focus of a new lawsuit
Image: The PlayStation Store is the focus of a new lawsuit

Apple faced – and lost – a similar case in UK courts last year, when it was told to pay App Store users £1.5bn in compensation over breaches of competition law.

Developers were being charged a 30% commission to sell their apps in the App Store, which the lawsuit argued meant consumers had been subsequently overcharged.

Apple is appealing the case and strongly denies the allegations, saying the App Store had benefited businesses and consumers across the UK and created a dynamic and competitive marketplace.

The Sony trial started on Tuesday and is expected to last around nine weeks.



Source link

Toronto police seek two suspects after US consulate shooting

PR Tech News US
-
0
Toronto police seek two suspects after US consulate shooting

NEWYou can now listen to Fox News articles!

The U.S. consulate in Toronto was struck by gunfire early Tuesday morning in what authorities are calling a “national security incident.”

Deputy Chief Frank Barredo of the Toronto Police Service said two male suspects exited a white Honda CR-V around 4:30 a.m. and discharged firearms at the heavily fortified building before fleeing the scene. 

Police said the CR-V was traveling westbound on Dundas Street West before turning southbound onto University Avenue, and stopping in front of the consulate.

Investigators recovered multiple shell casings and found damage to the building’s glass and door.

ENEMY WITHIN: COUNTERTERRORISM EXPERTS FEAR SLEEPER CELLS COULD BE POISED INSIDE USTO

White Honda CR-V driving away.

Police release a photo of the suspects’ white Honda CR-V after it was seen on video on Tuesday, March 10, 2026, stopping in front of the United States Consulate building. (Toronto Police Service)

Barredo said he believes there were people inside the building at the time of the shooting, though no injuries were reported.

Chris Leather, chief superintendent and officer in charge of criminal operations for the Royal Canadian Mounted Police in Ontario, told reporters the Integrated National Security Enforcement Team has been engaged and is working with Toronto police, federal partners and U.S. counterparts, including the FBI.

He said it is too early to determine a motive or whether the shooting will ultimately be classified as terrorism under Canada’s criminal code.

“There will be no tolerance for any form of intimidation, harassment, or harmful targeting of any communities or individuals in Canada,” Leather added.

‘LOUD BANG,’ DAMAGE REPORTED AT US EMBASSY IN NORWAY; POLICE INVESTIGATING

A Toronto police official addresses reporters during a press briefing about a firearm incident at a U.S. diplomatic site.

Deputy Chief Frank Barredo speaks during a briefing at 360 University Ave. with an update on a firearm discharge at the U.S. Consulate in Toronto on March 10, 2026. (Wa Lone/Reuters)

Security has been increased at the U.S. and Israeli consulates in Toronto and in the Ottawa region as a precaution. 

US EMBASSY STRUCK BY DRONES IN SAUDI ARABIA AS AMERICANS INSTRUCTED TO SHELTER IN PLACE

Officials said there is no indication of an ongoing threat to public safety as the investigation continues.

A State Department official told Fox News Digital the agency is aware of the incident and is closely monitoring the situation in coordination with local law enforcement.

Police officers gather outside a secured diplomatic building in downtown Toronto following reports of gunfire.

Toronto Police officers work at the scene of a shooting at the U.S. Consulate in Toronto on March 10, 2026. (Cole Burston/AFP via Getty Images)

CLICK HERE TO DOWNLOAD THE FOX NEWS APP

“The shooting that took place at the U.S. consulate early this morning is an absolutely unacceptable act of violence and intimidation aimed at our American friends and neighbours,” said Doug Ford, the premier of Ontario.

“Everyone at all levels of government and across Canada needs to make clear that there is zero tolerance for this sort of intimidating and dangerous behaviour, and that we will do whatever it takes to prosecute and punish the people responsible to the fullest extent of the law,” he wrote on X.

Ashley Carnahan is a writer at Fox News Digital.



Source link

Microsoft March 2026 Patch Tuesday fixes 2 zero-days, 79 flaws

Raj Bhat
-
0
Microsoft March 2026 Patch Tuesday fixes 2 zero-days, 79 flaws

Tag CVE ID CVE Title Severity .NET CVE-2026-26131 .NET Elevation of Privilege Vulnerability Important .NET CVE-2026-26127 .NET Denial of Service Vulnerability Important Active Directory Domain Services CVE-2026-25177 Active Directory Domain Services Elevation of Privilege Vulnerability Important ASP.NET Core CVE-2026-26130 ASP.NET Core Denial of Service Vulnerability Important Azure Arc CVE-2026-26141 Hybrid Worker Extension (Arc-enabled Windows VMs) Elevation of Privilege Vulnerability Important Azure Compute Gallery CVE-2026-23651 Microsoft ACI Confidential Containers Elevation of Privilege Vulnerability Critical Azure Compute Gallery CVE-2026-26124 Microsoft ACI Confidential Containers Elevation of Privilege Vulnerability Critical Azure Compute Gallery CVE-2026-26122 Microsoft ACI Confidential Containers Information Disclosure Vulnerability Critical Azure Entra ID CVE-2026-26148 Microsoft Azure AD SSH Login extension for Linux Elevation of Privilege Vulnerability Important Azure IoT Explorer CVE-2026-26121 Azure IOT Explorer Spoofing Vulnerability Important Azure IoT Explorer CVE-2026-23662 Azure IoT Explorer Information Disclosure Vulnerability Important Azure IoT Explorer CVE-2026-23661 Azure IoT Explorer Information Disclosure Vulnerability Important Azure IoT Explorer CVE-2026-23664 Azure IoT Explorer Information Disclosure Vulnerability Important Azure Linux Virtual Machines CVE-2026-23665 Linux Azure Diagnostic extension (LAD) Elevation of Privilege Vulnerability Important Azure MCP Server CVE-2026-26118 Azure MCP Server Tools Elevation of Privilege Vulnerability Important Azure Portal Windows Admin Center CVE-2026-23660 Windows Admin Center in Azure Portal Elevation of Privilege Vulnerability Important Azure Windows Virtual Machine Agent CVE-2026-26117 Arc Enabled Servers – Azure Connected Machine Agent Elevation of Privilege Vulnerability Important Broadcast DVR CVE-2026-23667 Broadcast DVR Elevation of Privilege Vulnerability Important Connected Devices Platform Service (Cdpsvc) CVE-2026-24292 Windows Connected Devices Platform Service Elevation of Privilege Vulnerability Important GitHub Repo: zero-shot-scfoundation CVE-2026-23654 GitHub: Zero Shot SCFoundation Remote Code Execution Vulnerability Important Mariner CVE-2026-23235 f2fs: fix out-of-bounds access in sysfs attribute read/write Important Mariner CVE-2026-23234 f2fs: fix to avoid UAF in f2fs_write_end_io() Important Mariner CVE-2026-3713 pnggroup libpng pnm2png pnm2png.c do_pnm2png heap-based overflow Moderate Mariner CVE-2026-23237 platform/x86: classmate-laptop: Add missing NULL pointer checks Moderate Mariner CVE-2026-26017 CoreDNS ACL Bypass Important Mariner CVE-2026-26018 CoreDNS Loop Detection Denial of Service Vulnerability Important Mariner CVE-2026-2297 SourcelessFileLoader does not use io.open_code() Moderate Mariner CVE-2026-0038 In multiple functions of mem_protect.c, there is a possible way to execute arbitrary code due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Important Mariner CVE-2026-27601 Underscore.js has unlimited recursion in _.flatten and _.isEqual, potential for DoS attack Important Mariner CVE-2026-23236 fbdev: smscufx: properly copy ioctl memory to kernelspace Moderate Mariner CVE-2026-23865 An integer overflow in the tt_var_load_item_variation_store function of the Freetype library in versions 2.13.2 and 2.13.3 may allow for an out of bounds read operation when parsing HVAR/VVAR/MVAR tables in OpenType variable fonts. This issue is fixed in version 2.14.2. Moderate Mariner CVE-2025-71238 scsi: qla2xxx: Fix bsg_done() causing double free Moderate Mariner CVE-2026-3338 PKCS7_verify Signature Validation Bypass in AWS-LC Important Mariner CVE-2026-23231 netfilter: nf_tables: fix use-after-free in nf_tables_addchain() Important Mariner CVE-2026-3381 Compress::Raw::Zlib versions through 2.219 for Perl use potentially insecure versions of zlib Critical Mariner CVE-2026-0031 In multiple functions of mem_protect.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Important Mariner CVE-2026-23238 romfs: check sb_set_blocksize() return value Moderate Mariner CVE-2026-3494 MariaDB Server Audit Plugin Comment Handling Bypass Moderate Mariner CVE-2026-3336 PKCS7_verify Certificate Chain Validation Bypass in AWS-LC Important Mariner CVE-2026-0032 In multiple functions of mem_protect.c, there is a possible out-of-bounds write due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Important Microsoft Authenticator CVE-2026-26123 Microsoft Authenticator Information Disclosure Vulnerability Important Microsoft Brokering File System CVE-2026-25167 Microsoft Brokering File System Elevation of Privilege Vulnerability Important Microsoft Devices Pricing Program CVE-2026-21536 Microsoft Devices Pricing Program Remote Code Execution Vulnerability Critical Microsoft Edge (Chromium-based) CVE-2026-3544 Chromium: CVE-2026-3544 Heap buffer overflow in WebCodecs Unknown Microsoft Edge (Chromium-based) CVE-2026-3540 Chromium: CVE-2026-3540 Inappropriate implementation in WebAudio Unknown Microsoft Edge (Chromium-based) CVE-2026-3536 Chromium: CVE-2026-3536 Integer overflow in ANGLE Unknown Microsoft Edge (Chromium-based) CVE-2026-3538 Chromium: CVE-2026-3538 Integer overflow in Skia Unknown Microsoft Edge (Chromium-based) CVE-2026-3545 Chromium: CVE-2026-3545 Insufficient data validation in Navigation Unknown Microsoft Edge (Chromium-based) CVE-2026-3541 Chromium: CVE-2026-3541 Inappropriate implementation in CSS Unknown Microsoft Edge (Chromium-based) CVE-2026-3543 Chromium: CVE-2026-3543 Inappropriate implementation in V8 Unknown Microsoft Edge (Chromium-based) CVE-2026-3539 Chromium: CVE-2026-3539 Object lifecycle issue in DevTools Unknown Microsoft Edge (Chromium-based) CVE-2026-3542 Chromium: CVE-2026-3542 Inappropriate implementation in WebAssembly Unknown Microsoft Graphics Component CVE-2026-25169 Windows Graphics Component Denial of Service Vulnerability Important Microsoft Graphics Component CVE-2026-25180 Windows Graphics Component Information Disclosure Vulnerability Important Microsoft Graphics Component CVE-2026-25168 Windows Graphics Component Denial of Service Vulnerability Important Microsoft Graphics Component CVE-2026-23668 Windows Graphics Component Elevation of Privilege Vulnerability Important Microsoft Office CVE-2026-26110 Microsoft Office Remote Code Execution Vulnerability Critical Microsoft Office CVE-2026-26113 Microsoft Office Remote Code Execution Vulnerability Critical Microsoft Office CVE-2026-26134 Microsoft Office Elevation of Privilege Vulnerability Important Microsoft Office Excel CVE-2026-26144 Microsoft Excel Information Disclosure Vulnerability Critical Microsoft Office Excel CVE-2026-26109 Microsoft Excel Remote Code Execution Vulnerability Important Microsoft Office Excel CVE-2026-26108 Microsoft Excel Remote Code Execution Vulnerability Important Microsoft Office Excel CVE-2026-26107 Microsoft Excel Remote Code Execution Vulnerability Important Microsoft Office Excel CVE-2026-26112 Microsoft Excel Remote Code Execution Vulnerability Important Microsoft Office SharePoint CVE-2026-26105 Microsoft SharePoint Server Spoofing Vulnerability Important Microsoft Office SharePoint CVE-2026-26114 Microsoft SharePoint Server Remote Code Execution Vulnerability Important Microsoft Office SharePoint CVE-2026-26106 Microsoft SharePoint Server Remote Code Execution Vulnerability Important Microsoft Semantic Kernel Python SDK CVE-2026-26030 GitHub: CVE-2026-26030 Microsoft Semantic Kernel InMemoryVectorStore filter functionality vulnerable Important Payment Orchestrator Service CVE-2026-26125 Payment Orchestrator Service Elevation of Privilege Vulnerability Critical Push Message Routing Service CVE-2026-24282 Push message Routing Service Elevation of Privilege Vulnerability Important Role: Windows Hyper-V CVE-2026-25170 Windows Hyper-V Elevation of Privilege Vulnerability Important SQL Server CVE-2026-21262 SQL Server Elevation of Privilege Vulnerability Important SQL Server CVE-2026-26116 SQL Server Elevation of Privilege Vulnerability Important SQL Server CVE-2026-26115 SQL Server Elevation of Privilege Vulnerability Important System Center Operations Manager CVE-2026-20967 System Center Operations Manager (SCOM) Elevation of Privilege Vulnerability Important Windows Accessibility Infrastructure (ATBroker.exe) CVE-2026-25186 Windows Accessibility Infrastructure (ATBroker.exe) Information Disclosure Vulnerability Important Windows Accessibility Infrastructure (ATBroker.exe) CVE-2026-24291 Windows Accessibility Infrastructure (ATBroker.exe) Elevation of Privilege Vulnerability Important Windows Ancillary Function Driver for WinSock CVE-2026-25179 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Important Windows Ancillary Function Driver for WinSock CVE-2026-24293 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Important Windows Ancillary Function Driver for WinSock CVE-2026-25176 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Important Windows Ancillary Function Driver for WinSock CVE-2026-25178 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Important Windows App Installer CVE-2026-23656 Windows App Installer Spoofing Vulnerability Important Windows Authentication Methods CVE-2026-25171 Windows Authentication Elevation of Privilege Vulnerability Important Windows Bluetooth RFCOM Protocol Driver CVE-2026-23671 Windows Bluetooth RFCOM Protocol Driver Elevation of Privilege Vulnerability Important Windows Device Association Service CVE-2026-24296 Windows Device Association Service Elevation of Privilege Vulnerability Important Windows Device Association Service CVE-2026-24295 Windows Device Association Service Elevation of Privilege Vulnerability Important Windows DWM Core Library CVE-2026-25189 Windows DWM Core Library Elevation of Privilege Vulnerability Important Windows Extensible File Allocation CVE-2026-25174 Windows Extensible File Allocation Table Elevation of Privilege Vulnerability Important Windows File Server CVE-2026-24283 Multiple UNC Provider Kernel Driver Elevation of Privilege Vulnerability Important Windows GDI CVE-2026-25190 GDI Remote Code Execution Vulnerability Important Windows GDI+ CVE-2026-25181 GDI+ Information Disclosure Vulnerability Important Windows Kerberos CVE-2026-24297 Windows Kerberos Security Feature Bypass Vulnerability Important Windows Kernel CVE-2026-26132 Windows Kernel Elevation of Privilege Vulnerability Important Windows Kernel CVE-2026-24289 Windows Kernel Elevation of Privilege Vulnerability Important Windows Kernel CVE-2026-24287 Windows Kernel Elevation of Privilege Vulnerability Important Windows MapUrlToZone CVE-2026-23674 MapUrlToZone Security Feature Bypass Vulnerability Important Windows Mobile Broadband CVE-2026-24288 Windows Mobile Broadband Driver Remote Code Execution Vulnerability Important Windows NTFS CVE-2026-25175 Windows NTFS Elevation of Privilege Vulnerability Important Windows Performance Counters CVE-2026-25165 Performance Counters for Windows Elevation of Privilege Vulnerability Important Windows Print Spooler Components CVE-2026-23669 Windows Print Spooler Remote Code Execution Vulnerability Important Windows Projected File System CVE-2026-24290 Windows Projected File System Elevation of Privilege Vulnerability Important Windows Resilient File System (ReFS) CVE-2026-23673 Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability Important Windows Routing and Remote Access Service (RRAS) CVE-2026-26111 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Important Windows Routing and Remote Access Service (RRAS) CVE-2026-25173 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Important Windows Routing and Remote Access Service (RRAS) CVE-2026-25172 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Important Windows Shell Link Processing CVE-2026-25185 Windows Shell Link Processing Spoofing Vulnerability Important Windows SMB Server CVE-2026-26128 Windows SMB Server Elevation of Privilege Vulnerability Important Windows SMB Server CVE-2026-24294 Windows SMB Server Elevation of Privilege Vulnerability Important Windows System Image Manager CVE-2026-25166 Windows System Image Manager Assessment and Deployment Kit (ADK) Remote Code Execution Vulnerability Important Windows Telephony Service CVE-2026-25188 Windows Telephony Service Elevation of Privilege Vulnerability Important Windows Universal Disk Format File System Driver (UDFS) CVE-2026-23672 Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability Important Windows Win32K CVE-2026-24285 Win32k Elevation of Privilege Vulnerability Important Winlogon CVE-2026-25187 Winlogon Elevation of Privilege Vulnerability Important


Source link

Search efforts suspended after deadly Indonesia landfill collapse | Infrastructure

PR Tech News
-
0
Search efforts suspended after deadly Indonesia landfill collapse | Infrastructure

NewsFeed

Search efforts have ended for those missing following a landslide at Indonesia’s largest landfill site. Authorities said seven bodies had been found as rescuers spent days looking for those missing amongst the huge garbage pile.

Published On 10 Mar 2026



Source link

Trump takes feud with Massie to his Kentucky home turf ahead of primary battle

PR Tech News US
-
0
Trump takes feud with Massie to his Kentucky home turf ahead of primary battle

NEWYou can now listen to Fox News articles!

President Donald Trump is taking his feud with Rep. Thomas Massie, R-Ky., to the libertarian lawmaker’s home turf on Wednesday.

Trump is expected to hold an event in Hebron, Kentucky, on Wednesday, the Republican Party of Kentucky announced on social media Monday. It’s located in the northern part of the state’s 4th Congressional District, which Massie represents.

Massie’s primary rival, Ed Gallrein, will attend the Hebron event, his campaign confirmed to Fox News Digital on Tuesday, while deferring all other questions on the matter to the White House.

Massie himself will miss the event due to a previously scheduled official engagement, his spokesperson told Fox News Digital.

KHANNA AND MASSIE THREATEN TO FORCE A VOTE ON IRAN AS PROSPECT OF US ATTACK LOOMS

A split image of President Trump and Rep. Thomas Massie

President Donald Trump will be visiting Rep. Thomas Massie’s congressional district on Wednesday. (Win McNamee/Getty Images; Nathan Posner/Anadolu via Getty Images)

When asked about the visit, White House spokeswoman Liz Huston told Fox News Digital, “President Trump will visit the great states of Ohio and Kentucky on Wednesday to tout his economic victories and detail his Administration’s aggressive, ongoing efforts to lower prices and make America more affordable.”

The president has thrown his considerable influence behind Gallrein to unseat Massie after the GOP lawmaker publicly defied Trump on multiple occasions.

MASSIE, KHANNA TO VISIT DOJ TO REVIEW UNREDACTED EPSTEIN FILES

Massie most recently was one of two House Republicans to vote to stop Trump’s joint operation in Iran with Israel, though the legislation was successfully blocked by the majority of GOP lawmakers and a handful of Democrats.

Ed Gallrein with President Trump at the White House

Ed Gallrein, left, seen with President Donald Trump in the Oval Office at the White House. (Ed Gallrein congressional campaign)

He was also one of two Republicans to vote against Trump’s “big, beautiful bill” last year.

Trump in turn has hurled a slew of personal attacks against Massie, including calling him “weak and pathetic” in a statement endorsing Gallrein in October.

“He only votes against the Republican Party, making life very easy for the Radical Left. Unlike ‘lightweight’ Massie, a totally ineffective LOSER who has failed us so badly, CAPTAIN ED GALLREIN IS A WINNER WHO WILL NOT LET YOU DOWN,” Trump posted on Truth Social at the time, one of numerous criticisms targeting the Kentucky Republican through the years.

He called Massie the “worst Republican congressman” in July amid Massie’s bipartisan push to force the Department of Justice (DOJ) to release its files on Jeffrey Epstein.

Reps. Marjorie Taylor Greene, Thomas Massie, and Ro Khanna

Then-Rep. Marjorie Taylor Greene, a Republican from Georgia, Rep. Thomas Massie, a Republican from Kentucky, and Rep. Ro Khanna, a Democrat from California, during a news conference outside the U.S. Capitol in Washington, D.C., on Tuesday, Nov. 18, 2025. (Graeme Sloan/Bloomberg via Getty Images)

But Massie has so far appeared to defy political gravity despite making political enemies out of both Trump and House GOP leaders.

CLICK HERE TO DOWNLOAD THE FOX NEWS APP

He handily defeated multiple primary challengers in 2024 and 2022, despite public feuds with Trump, and has served his district since 2012.

Gallrein is a retired Navy SEAL and farmer who launched his campaign days after Trump made his endorsement. Their primary election day is May 19.

Elizabeth Elkind is a politics reporter for Fox News Digital leading coverage of the House of Representatives. Previous digital bylines seen at Daily Mail and CBS News.

Follow on Twitter at @liz_elkind and send tips to elizabeth.elkind@fox.com



Source link

FortiGate Devices Exploited to Breach Networks and Steal Service Account Credentials

Raj Bhat
-
0
FortiGate Devices Exploited to Breach Networks and Steal Service Account Credentials

Ravie LakshmananMar 10, 2026Network Security / Vulnerability

Cybersecurity researchers are calling attention to a new campaign where threat actors are abusing FortiGate Next-Generation Firewall (NGFW) appliances as entry points to breach victim networks. 

The activity involves the exploitation of recently disclosed security vulnerabilities or weak credentials to extract configuration files containing service account credentials and network topology information, SentinelOne said in a report published today. The security outfit said the campaign has singled out environments tied to healthcare, government, and managed service providers.

“FortiGate network appliances have considerable access to the environments they were installed to protect,” security researchers Alex Delamotte, Stephen Bromfield, Mary Braden Murphy, and Amey Patne said. “In many configurations, this includes service accounts which are connected to the authentication infrastructure, such as Active Directory (AD) and Lightweight Directory Access Protocol (LDAP).”

“This setup can enable the appliance to map roles to specific users by fetching attributes about the connection that’s being analyzed and correlating with the Directory information, which is useful in cases where role-based policies are set or for increasing response speed for network security alerts detected by the device.”

However, the cybersecurity company noted that such access could be exploited by attackers who break into FortiGate devices through known vulnerabilities (e.g., CVE-2025-59718, CVE-2025-59719, and CVE-2026-24858) or misconfigurations.

In one incident, the attackers are said to have breached a FortiGate appliance in November 2025 to create a new local administrator account named “support” and used it to set up four new firewall policies that allowed the account to traverse all zones without any restrictions.

The threat actor then kept periodically checking to ensure the device was accessible, an action consistent with an initial access broker (IAB) establishing a foothold and selling it to other criminal actors for monetary gain. The next phase of the activity was detected in February 2026 when an attacker likely extracted the configuration file containing encrypted service account LDAP credentials.

“Evidence demonstrates the attacker authenticated to the AD using clear text credentials from the fortidcagent service account, suggesting the attacker decrypted the configuration file and extracted the service account credentials,” SentinelOne said.

The attacker then leveraged the service account to authenticate to the victim’s environment and enroll rogue workstations in the AD, allowing them deeper access. Following this step, network scanning was initiated, at which point the breach was detected, and further lateral movement was halted.

In another case investigated in late January 2026, attackers swiftly moved from firewall access to deploying remote access tools like Pulseway and MeshAgent. In addition, the threat actor downloaded malware from a cloud storage bucket via PowerShell from Amazon Web Services (AWS) infrastructure.

The Java malware, launched via DLL side-loading, was used to exfiltrate the contents of the NTDS.dit file and SYSTEM registry hive to an external server (“172.67.196[.]232”) over port 443.

“While the actor may have attempted to crack passwords from the data, no such credential usage was identified between the time of credential harvesting and incident containment,” SentinelOne added.

“NGFW appliances have become ubiquitous because they provide strong network monitoring capabilities for organizations by integrating security controls of a firewall with other management features, such as AD,” it added. “However, these devices are high-value targets for actors with a variety of motivations and skill levels, from state-aligned actors conducting espionage to financially motivated attacks such as ransomware.”



Source link

WHO warns of health risks from ‘black rain’ in Iran | Oil and Gas

PR Tech News
-
0
WHO warns of health risks from ‘black rain’ in Iran | Oil and Gas

NewsFeed

The World Health Organization has warned that “black rain” caused by Israeli strikes on Iran’s oil facilities could pose health risks, especially for children. Iranian authorities have advised residents stay indoors as fires and thick smoke worsen air quality.

Published On 10 Mar 2026



Source link
123...1,478Page 1 of 1,478