2+ day, 17+ hour ago  (872+ words) (Image generated by generative AI and reviewed under professional human supervision.) OAuth (Open Authorisation) forms a fundamental basis of modern authentication and authorisation mechanisms, allowing users to grant applications access to specific resources without sharing their account passwords. This design…...

2+ day, 23+ hour ago  (85+ words) TYPE: Servers - Database Servers Multiple vulnerabilities were identified in Oracle Products. A remote attacker could exploit some of these vulnerabilities to trigger sensitive information disclosure, data manipulation, remote code execution, security restriction bypass, elevation of privilege and denial of service…...

3+ day, 22+ hour ago  (83+ words) RISK: Extremely High Risk TYPE: Clients - Browsers CVE-2026-11645is being exploited in the wild. A remote attacker could exploit this vulnerability to execute arbitrary code inside a sandbox via a crafted HTML page. Hence, the risk level is rated as Extremely…...

4+ day, 15+ hour ago  (201+ words) Recently, HKCERT has also handled phishing cases involving online travel booking platforms such as Booking. com and Klook. These cases show that fraudsters target platforms related to travel bookings by setting up phishing websites to trick users into submitting account…...

1+ week, 18+ hour ago  (254+ words) After completing the fraudulent "verification" process, the attacker may gain unauthorised access to the victim's Whats App account and use it for further malicious activities, including impersonation and scams targeting the victim's contacts. The phishing campaign typically proceeds as follows:…...

1+ week, 22+ hour ago  (71+ words) TYPE: Security software and application - Security Software & Appliance Multiple vulnerabilities were identified in Splunk products. A remote attacker could exploit some of these vulnerabilities to trigger sensitive information disclosure, security restriction bypass and cross-site scripting on the targeted system. Before…...

1+ week, 23+ hour ago  (69+ words) TYPE: Clients - Browsers Multiple vulnerabilities were identified in Google Chrome. A'remote attacker could exploit some of these vulnerabilities to trigger remote code execution,'denial of service condition, security restriction bypass and sensitive information disclosure on the targeted system. Before installation…...

1+ week, 1+ day ago  (85+ words) Hong Kong Computer Emergency Response Team Coordination Centre TYPE: Security software and application - Security Software & Appliance Multiple vulnerabilities were identified in Open SSL. A remote attacker could exploit some of these vulnerabilities to trigger spoofing, remote code execution, denial of…...

1+ week, 2+ day ago  (80+ words) TYPE: Clients - Productivity Products Adobe has released monthly security update for their products: Remote Code Execution Denial of Service Number of 'Extremely High Risk' product(s): 0 Number of 'High Risk' product(s): 0 Number of 'Medium Risk' product(s): 11 Number of 'Low Risk' product…...

1+ week, 3+ day ago  (121+ words) TYPE: Security software and application - Security Software & Appliance Multiple vulnerabilities were identified in Check Point Products. A remote attacker could exploit some of these vulnerabilities to trigger security restriction bypass on the targeted system. CVE-2026-50751is being exploited in the wild....