Ireland's Data Protection Commission (DPC), the country's data protection authority, has opened a formal investigation into X over the use of the platform's Grok artificial intelligence tool to generate non-consensual sexual images of real people, including children. [...]

Name : Cycom Hacking Conference
Website: https://www.cycomhackingconference.com/
Date: April 23-24, 2026
Location: Montpellier, France
The CYCOM Hacking Conference is the annual cybersecurity event organized by Devensys Cybersecurity. A key event in Montpellier and Occitanie, CYCOM brings together the entire cybersecurity ecosystem for several days: professionals, technical experts, students, specialized schools, institutions, local authorities, technology partners, and industry associations.

Designed as a technical, educational, and community event, CYCOM highlights offensive, defensive, and operational cybersecurity practices through a packed program of conferences, demonstrations, feedback sessions, round tables, workshops, technical presentations, and professional meetings.
The event also includes highly anticipated highlights, such as its nighttime Capture The Flag (CTF), a hacking challenge lasting several hours that brings together enthusiasts, student teams, and experienced technical professionals.

Before the opening, a half-day event called EDUCYCOM is entirely dedicated to schools, students, and people undergoing retraining. It offers orientation workshops, introductions to major certifications (CCT, CEH, CISSP, OSCP), and an educational “hackathon” on cybersecurity.

CYCOM has two main goals:

1. To share a high level of technical expertise in an accessible and practical way.
2. To encourage networking and discussion between different players in the digital sector, both public and private.

Held at Kiasma in Castelnau-le-Lez (Montpellier Métropole), CYCOM welcomes several hundred participants each year and continues to expand its format with new activities, more conferences, and a growing partner village.

The post Cycom Hacking Conference appeared first on CISO MAG | Cyber Security Magazine.

Joomla! CMS provided by Joomla! Project contains a cross-site scripting vulnerability.

The Washington Hotel brand in Japan has announced that that its servers were compromised in a ransomware attack, exposing various business data. [...]

Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Feb 16

SEC Consult Vulnerability Lab Security Advisory < 20260212-0 >
=======================================================================
title: Multiple Vulnerabilities
            product: Various Solax Power Pocket WiFi models
 vulnerable version: See section below
      fixed version: See section below
         CVE number: CVE-2025-15573, CVE-2025-15574, CVE-2025-15575
             impact: High...

Posted by privexploits via Fulldisclosure on Feb 16

Advisory: Authenticated Remote Code Execution in pfSense CECVEs: CVE-2025-69690, CVE-2025-69691
Researcher: Nelson Adhepeau (privexploits () protonmail com)
Date: February 2026

== RESPONSIBLE DISCLOSURE NOTICE ==

This advisory is published in accordance with responsible disclosure practices. 

The vendor was notified on December 2, 2025, acknowledged the reports, and indicated no patches would be issued.
Publication follows standard 90-day...

Posted by Apple Product Security via Fulldisclosure on Feb 16

APPLE-SA-02-11-2026-9 Safari 26.3

Safari 26.3 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/126354.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

CFNetwork
Available for: macOS Sonoma and macOS Sequoia
Impact: A remote user may be able to write arbitrary files
Description: A path...

Posted by Apple Product Security via Fulldisclosure on Feb 16

APPLE-SA-02-11-2026-8 visionOS 26.3

visionOS 26.3 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/126353.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

AppleMobileFileIntegrity
Available for: Apple Vision Pro (all models)
Impact: An app may be able to access sensitive user data...

Posted by Apple Product Security via Fulldisclosure on Feb 16

APPLE-SA-02-11-2026-7 watchOS 26.3

watchOS 26.3 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/126352.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

Bluetooth
Available for: Apple Watch Series 6 and later
Impact: An attacker in a privileged network position may be able to
perform...

Posted by Apple Product Security via Fulldisclosure on Feb 16

APPLE-SA-02-11-2026-6 tvOS 26.3

tvOS 26.3 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/126351.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

Bluetooth
Available for: Apple TV HD and Apple TV 4K (all models)
Impact: An attacker in a privileged network position may be able to...

Posted by Apple Product Security via Fulldisclosure on Feb 16

APPLE-SA-02-11-2026-5 macOS Sonoma 14.8.4

macOS Sonoma 14.8.4 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/126350.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

AppleMobileFileIntegrity
Available for: macOS Sonoma
Impact: An app may be able to access sensitive user data...

Posted by Apple Product Security via Fulldisclosure on Feb 16

APPLE-SA-02-11-2026-4 macOS Sequoia 15.7.4

macOS Sequoia 15.7.4 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/126349.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

AppleMobileFileIntegrity
Available for: macOS Sequoia
Impact: An app may be able to access sensitive user data...

Posted by Apple Product Security via Fulldisclosure on Feb 16

APPLE-SA-02-11-2026-3 macOS Tahoe 26.3

macOS Tahoe 26.3 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/126348.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

Admin Framework
Available for: macOS Tahoe
Impact: An app may be able to access sensitive user data
Description: A parsing...

Posted by Apple Product Security via Fulldisclosure on Feb 16

APPLE-SA-02-11-2026-2 iOS 18.7.5 and iPadOS 18.7.5

iOS 18.7.5 and iPadOS 18.7.5 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/126347.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

Accessibility
Available for: iPhone XS, iPhone XS Max, iPhone XR, iPad 7th generation
Impact: An...

Posted by Apple Product Security via Fulldisclosure on Feb 16

APPLE-SA-02-11-2026-1 iOS 26.3 and iPadOS 26.3

iOS 26.3 and iPadOS 26.3 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/126346.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

Accessibility
Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation
and later, iPad Pro...

Posted by Hanno Böck on Feb 16

During tests of electronic invoicing tools, I discovered multiple XXE
and Blind XXE vulnerabilities in online tools parsing electronic
invoices in XML formats.

While most of the affected tools have fixed these vulnerabilities, two
online tools remain vulnerable to Blind XXE attacks, allowing
exfiltration of files. Disclosure to the affected operators happened
more than 90 days ago.

Vulnerable tools:

https://validator.invoice-portal.de/...

Posted by Darsh Naik on Feb 16

🔓 The Attack Path — No Login, SYSTEM Access

1. Boot into setup.exe (via USB, PXE, or OOBM like Intel vPro).
2. Click “Repair your computer” → Enter WinRE.
3. Press Shift + F10 → SYSTEM-level Command Prompt.
4. From there, attacker can:
- Run `net user` to create new admin accounts
- Use `diskpart` to wipe or reformat drives
- Use `manage-bde -off` or `bcdedit` to disable BitLocker
- Replace `utilman.exe` to bypass login...

Posted by Agent Spooky's Fun Parade via Fulldisclosure on Feb 16

1. SUMMARY

Two independently confirmed vulnerabilities in Jump Crypto's Firedancer
Solana validator (https://github.com/firedancer-io/firedancer, commit
7cd3b6dce):

A) Three undefined behavior / logic bugs in QUIC transport parameter
processing, triggerable by a malicious QUIC server with zero
authentication. Enables remote connection kill or hang.

B) Incorrect Rust saturating cast emulation that returns ULONG_MAX...

Posted by Christian Zäske via Fulldisclosure on Feb 16

Advisory ID:               SYSS-2025-014
Product:                   MX4200 (and potentially others)
Manufacturer:              Linksys
Affected Version(s):       1.0.13.210200 (and potentially others)
Tested Version(s):         1.0.13.210200 MX4200
Vulnerability Type:        Improper Verification of Source of a
Communication Channel (CWE-940)
Risk Level:                Critical
Solution Status:   ...

Eurail B.V., the operator that provides access to 250,000 kilometers of European railways, confirmed that data stolen in a breach earlier this year is being offered for sale on the dark web. [...]