123
CVEs
176
Threats
0
News
39
Critical
11
CISA KEV
🛡 Security Vulnerabilities (CVE)
Genealogy is a family tree PHP application. Prior to 5.9.1, a critical broken access control vulnerability in the genealogy application allows any authenticated user to transfer ownership of arbitrary non-personal teams to themselves. This enables complete takeover of other users…
webERP 4.15.1 contains an unauthenticated file access vulnerability that allows remote attackers to download database backup files without authentication. Attackers can directly access generated backup files in the companies/weberp/ directory by requesting the Backup_[timestamp].…
SolarWinds Web Help Desk — CVE-2025-26399
SolarWinds Web Help Desk contain a deserialization of untrusted data vulnerability in AjaxProxy that could allow an attacker to run commands on the host machine.
Required Action: Apply mitigations per vendor instructions, follow applicab…
Apple Multiple Products — CVE-2025-31277
Apple Safari, iOS, watchOS, visionOS, iPadOS, macOS, and tvOS contain a buffer overflow vulnerability that could allow the processing of maliciously crafted web content which may lead to memory corruption.
Required Action: Apply mitigatio…
Craft CMS Craft CMS — CVE-2025-32432
Craft CMS contains a code injection vulnerability that allows a remote attacker to execute arbitrary code.
Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use…
Apple Multiple Products — CVE-2025-43510
Apple watchOS, iOS, iPadOS, macOS, visionOS, and tvOS contain an improper locking vulnerability that could allow a malicious application to cause unexpected changes in memory shared between processes.
Required Action: Apply mitigations pe…
Apple Multiple Products — CVE-2025-43520
Apple watchOS, iOS, iPadOS, macOS, visionOS, and tvOS contain a classic buffer overflow vulnerability which could allow a malicious application to cause unexpected system termination or write kernel memory.
Required Action: Apply mitigati…
Wing FTP Server Wing FTP Server — CVE-2025-47813
Wing FTP Server contains a generation of error message containing sensitive information vulnerability when using a long value in the UID cookie.
Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-…
ZenTaoPMS v18.11 through v21.6.beta is vulnerable to Directory Traversal in /module/ai/control.php. This allows attackers to execute arbitrary code via a crafted file upload
Laravel Livewire — CVE-2025-54068
Laravel Livewire contain a code injection vulnerability that could allow unauthenticated attackers to achieve remote command execution in specific scenarios.
Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01…
Synacor Zimbra Collaboration Suite (ZCS) — CVE-2025-66376
Synacor Zimbra Collaboration Suite (ZCS) contains a cross-site scripting vulnerability in the Classic UI where attackers could abuse Cascading Style Sheets (CSS) @import directives in email HTML.
Required Action: Apply mi…
n8n n8n — CVE-2025-68613
n8n contains an improper control of dynamically managed code resources vulnerability in its workflow expression evaluation system that allows for remote code execution.
Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-…
Ivanti Endpoint Manager Mobile (EPMM) — CVE-2026-1340
Ivanti Endpoint Manager Mobile (EPMM) contains a code injection vulnerability that could allow attackers to achieve unauthenticated remote code execution.
Required Action: Apply mitigations per vendor instructions, follow app…
CVE-2026-20131
Cisco Secure Firewall Management Center Unauthenticated RCE via Deserialization
01:52 KSA
Cisco Secure Firewall Management Center (FMC) — CVE-2026-20131
Cisco Secure Firewall Management Center (FMC) Software and Cisco Security Cloud Control (SCC) Firewall Management contain a deserialization of untrusted data vulnerability in the web-based management interface that co…
CVE-2026-22207
OpenViking Broken Access Control - Unauthenticated ROOT Privilege Escalation
05:22 KSA
OpenViking through version 0.1.18, prior to commit 0251c70, contains a broken access control vulnerability that allows unauthenticated attackers to gain ROOT privileges when the root_api_key configuration is omitted. Attackers can send requests to protected endpoints without auth…
An arbitrary file read vulnerability exists in the encapsulatedDoc functionality of MedDream PACS Premium 7.3.6.870. A specially crafted HTTP request can lead to an arbitrary file read. An attacker can send http request to trigger this vulnerability.
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.445, parameters coming from docker-compose.yaml are not sanitized when used in commands. If a victim user creates an application from an attacker reposi…
Signal K Server is a server application that runs on a central hub in a boat. Prior to version 2.19.0, an unauthenticated attacker can pollute the internal state (`restoreFilePath`) of the server via the `/skServer/validateBackup` endpoint. This allows the attacker to hijack the …
Due to the usage of vulnerable third party component in SAP Wily Introscope Enterprise Manager (WorkStation), an unauthenticated attacker could create a malicious JNLP (Java Network Launch Protocol) file accessible by a public facing URL. When a victim clicks on the URL the acces…
Iris is a web collaborative platform that helps incident responders share technical details during investigations. Prior to 2.4.24, the DFIR-IRIS datastore file management system has a vulnerability where mass assignment of the file_local_name field combined with path trust in th…
Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 1.93, the server uses the Origin value from the request headers as the email link baseUrl without validation. If an attacker controls the Origin, password reset / email verification links in em…
Dive is an open-source MCP Host Desktop Application that enables integration with function-calling LLMs. Prior to 0.13.0, crafted deeplink can install an attacker-controlled MCP server configuration without sufficient user confirmation and can lead to arbitrary local command exec…
Server-side request forgery (ssrf) in Azure Custom Locations Resource Provider (RP) allows an authorized attacker to elevate privileges over a network.
CVE-2026-27510
Unitree Go2 RCE via Unvalidated Python Code Execution in Firmware 1.1.7-1.1.11
05:22 KSA
Unitree Go2 firmware versions 1.1.7 through 1.1.11, when used with the Unitree Go2 Android application (com.unitree.doggo2), are vulnerable to remote code execution due to missing integrity protection and validation of user-created programmes. The Android application stores progr…
GetSimple CMS is a content management system. The massiveAdmin plugin (v6.0.3) bundled with GetSimpleCMS-CE v3.3.22 allows an authenticated administrator to overwrite the gsconfig.php configuration file with arbitrary PHP code via the gsconfig editor module. The form lacks CSRF p…
OpenBao is an open source identity-based secrets management system. Prior to version 2.5.2, OpenBao does not prompt for user confirmation when logging in via JWT/OIDC and a role with `callback_mode` set to `direct`. This allows an attacker to start an authentication request and p…
IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 could allow a locally authenticated user to escalate the…
Improper validation of specified type of input in M365 Copilot allows an unauthorized attacker to disclose information over a network.
WeGIA is a web manager for charitable institutions. Versions 3.6.6 and below have a Reflected Cross-Site Scripting (XSS) vulnerability in the novo_memorandoo.php endpoint. An attacker can inject arbitrary JavaScript into the sccs GET parameter, which is directly echoed into the H…
WeGIA is a web manager for charitable institutions. Versions 3.6.6 and below have a Reflected Cross-Site Scripting (XSS) vulnerability in the listar_memorandos_ativos.php endpoint. An attacker can inject arbitrary JavaScript or HTML tags into the sccd GET parameter, which is then…
WWBN AVideo is an open source video platform. In versions up to and including 26.0, an unauthenticated server-side request forgery vulnerability in `plugin/Live/test.php` allows any remote user to make the AVideo server send HTTP requests to arbitrary URLs. This can be used to pr…
Vim before 9.2.0272 allows code execution that happens immediately upon opening a crafted file in the default configuration, because %{expr} injection occurs with tabpanel lacking P_MLE.
baserCMS is a website development framework. Prior to version 5.2.3, baserCMS contains an OS command injection vulnerability in the core update functionality. An authenticated administrator can execute arbitrary OS commands on the server due to improper handling of user-controlle…
Crypt::NaCl::Sodium versions through 2.001 for Perl has an integer overflow flaw on 32-bit systems.
Sodium.xs casts a STRLEN (size_t) to unsigned long long when passing a length pointer to libsodium functions. On 32-bit systems size_t is typically 32-bits while an unsigned long…
hoppscotch is an open source API development ecosystem. Prior to version 2026.2.0, an unauthenticated attacker can overwrite the entire infrastructure configuration of a self-hosted Hoppscotch instance including OAuth provider credentials and SMTP settings by sending a single HT…
CVE-2026-28370
OpenStack Vitrage Query Parser Code Execution Vulnerability (CVE-2026-28370)
04:30 KSA
In the query parser in OpenStack Vitrage before 12.0.1, 13.0.0, 14.0.0, and 15.0.0, a user allowed to access the Vitrage API may trigger code execution on the Vitrage service host as the user the Vitrage service runs under. This may result in unauthorized access to the host and f…
baserCMS is a website development framework. Prior to version 5.2.3, there is an OS command injection vulnerability in the update functionality. Due to this issue, an authenticated user with administrator privileges in baserCMS can execute arbitrary OS commands on the server with…
Missing authentication for critical function in Azure MCP Server allows an unauthorized attacker to disclose information over a network.
Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. In versions prior to 2.6.0, Tandoor Recipes configures Django REST Framework with BasicAuthentication as one of the default authentication backends. The AllAuth rate limiting conf…
CVE-2026-20433
In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of
12:16 KSA
In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is needed…
CVE-2026-22683
Windmill versions 1.56.0 through 1.614.0 contain a missing authorization vulnerability that allows users with the Operat
18:17 KSA
Windmill versions 1.56.0 through 1.614.0 contain a missing authorization vulnerability that allows users with the Operator role to perform prohibited entity creation and modification actions via the backend API. Although Operators are documented and priced as unable to create or …
CVE-2026-30460
Daylight Studio FuelCMS v1.5.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability in t
14:52 KSA
Daylight Studio FuelCMS v1.5.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability in the Blocks module.
CVE-2026-3243
The Advanced Members for ACF plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path
00:18 KSA
The Advanced Members for ACF plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the create_crop function in all versions up to, and including, 1.2.5. This makes it possible for authenticated attackers, with Subscriber-level a…
CVE-2026-3357
IBM Langflow Desktop 1.6.0 through 1.8.2 Langflow could allow an authenticated user to execute arbitrary code on the sys
00:18 KSA
IBM Langflow Desktop 1.6.0 through 1.8.2 Langflow could allow an authenticated user to execute arbitrary code on the system, caused by an insecure default setting which permits the deserialization of untrusted data in the FAISS component.
CVE-2026-3499
The Product Feed PRO for WooCommerce by AdTribes – Product Feeds for WooCommerce plugin for WordPress is vulnerable to C
00:18 KSA
The Product Feed PRO for WooCommerce by AdTribes – Product Feeds for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions 13.4.6 through 13.5.2.1. This is due to missing or incorrect nonce validation on the ajax_migrate_to_custom_post_type, aja…
CVE-2026-39342
ChurchCRM is an open-source church management system. Prior to 7.1.0, the searchwhat parameter via QueryView.php with th
18:17 KSA
ChurchCRM is an open-source church management system. Prior to 7.1.0, the searchwhat parameter via QueryView.php with the QueryID=15 is vulnerable to a SQL injection. The authenticated user requires access to Data/Reports > Query Menu and access to the "Advanced Search" query. Th…
CVE-2026-5465
The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to Insecure Direct Object R
14:52 KSA
The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.1.3. This is due to the `UpdateProviderCommandHandler` failing to validate changes to the `externalId` field wh…
CVE-2026-6120
A vulnerability was detected in Tenda F451 1.0.0.7. Affected is the function fromDhcpListClient of the file /goform/Dhcp
22:47 KSA
A vulnerability was detected in Tenda F451 1.0.0.7. Affected is the function fromDhcpListClient of the file /goform/DhcpListClient of the component httpd. The manipulation of the argument page results in stack-based buffer overflow. The attack can be launched remotely. The exploi…
CVE-2026-6121
A flaw has been found in Tenda F451 1.0.0.7. Affected by this vulnerability is the function WrlclientSet of the file /go
05:16 KSA
A flaw has been found in Tenda F451 1.0.0.7. Affected by this vulnerability is the function WrlclientSet of the file /goform/WrlclientSet of the component httpd. This manipulation of the argument GO causes stack-based buffer overflow. The attack may be initiated remotely. The exp…
CVE-2026-6122
A vulnerability has been found in Tenda F451 1.0.0.7. Affected by this issue is the function frmL7ProtForm of the file /
05:16 KSA
A vulnerability has been found in Tenda F451 1.0.0.7. Affected by this issue is the function frmL7ProtForm of the file /goform/L7Prot of the component httpd. Such manipulation of the argument page leads to stack-based buffer overflow. The attack may be launched remotely. The expl…
CVE-2026-6123
A vulnerability was found in Tenda F451 1.0.0.7. This affects the function fromAddressNat of the file /goform/addressNat
05:16 KSA
A vulnerability was found in Tenda F451 1.0.0.7. This affects the function fromAddressNat of the file /goform/addressNat of the component httpd. Performing a manipulation of the argument entrys results in stack-based buffer overflow. Remote exploitation of the attack is possible.…
CVE-2026-6124
A vulnerability was determined in Tenda F451 1.0.0.7. This vulnerability affects the function fromSafeMacFilter of the f
05:16 KSA
A vulnerability was determined in Tenda F451 1.0.0.7. This vulnerability affects the function fromSafeMacFilter of the file /goform/SafeMacFilter of the component httpd. Executing a manipulation of the argument page/menufacturer can lead to stack-based buffer overflow. The attack…
CVE-2026-6133
A vulnerability was identified in Tenda F451 1.0.0.7_cn_svn7958. This affects the function fromSafeUrlFilter of the file
15:16 KSA
A vulnerability was identified in Tenda F451 1.0.0.7_cn_svn7958. This affects the function fromSafeUrlFilter of the file /goform/SafeUrlFilter. Such manipulation of the argument page leads to stack-based buffer overflow. The attack can be executed remotely. The exploit is publicl…
CVE-2026-6134
A security flaw has been discovered in Tenda F451 1.0.0.7_cn_svn7958. This vulnerability affects the function fromqosset
21:18 KSA
A security flaw has been discovered in Tenda F451 1.0.0.7_cn_svn7958. This vulnerability affects the function fromqossetting of the file /goform/qossetting. Performing a manipulation of the argument qos results in stack-based buffer overflow. The attack is possible to be carried …
CVE-2026-1342
IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1
18:17 KSA
IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 could allow a locally authenticated user to execute mali…
CVE-2018-25258
RGui 3.5.0 contains a local buffer overflow vulnerability in the GUI preferences dialog that allows attackers to bypass
05:16 KSA
RGui 3.5.0 contains a local buffer overflow vulnerability in the GUI preferences dialog that allows attackers to bypass DEP protections through structured exception handling exploitation. Attackers can craft malicious input in the Language for menus and messages field to trigger …
CVE-2019-25689
HTML5 Video Player 1.2.5 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code
05:16 KSA
HTML5 Video Player 1.2.5 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by supplying an oversized key code string. Attackers can craft a malicious payload exceeding 997 bytes and paste it into the KEY CODE field in the Help Register…
CVE-2019-25691
Faleemi Desktop Software 1.8 contains a local buffer overflow vulnerability in the System Setup dialog that allows attac
05:16 KSA
Faleemi Desktop Software 1.8 contains a local buffer overflow vulnerability in the System Setup dialog that allows attackers to bypass DEP protections through structured exception handling exploitation. Attackers can inject a crafted payload into the Save Path for Snapshot and Re…
CVE-2019-25695
R 3.4.4 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by injecting mali
05:16 KSA
R 3.4.4 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by injecting malicious input into the GUI Preferences language field. Attackers can craft a payload with a 292-byte offset and JMP ESP instruction to execute commands like calc.…
CVE-2019-25701
Easy Video to iPod Converter 1.6.20 contains a local buffer overflow vulnerability in the user registration field that a
05:16 KSA
Easy Video to iPod Converter 1.6.20 contains a local buffer overflow vulnerability in the user registration field that allows local attackers to overwrite the structured exception handler. Attackers can input a crafted payload exceeding 996 bytes in the username field to trigger …
CVE-2019-25705
Echo Mirage 3.1 contains a stack buffer overflow vulnerability that allows local attackers to crash the application or e
09:00 KSA
Echo Mirage 3.1 contains a stack buffer overflow vulnerability that allows local attackers to crash the application or execute arbitrary code by supplying an oversized string in the Rules action field. Attackers can create a malicious text file with a crafted payload exceeding bu…
CVE-2026-4788
IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.37 stores sensitive information in log files that could be read by a loc
00:18 KSA
IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.37 stores sensitive information in log files that could be read by a local user.
CVE-2019-25697
CMSsite 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries
05:16 KSA
CMSsite 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cat_id parameter. Attackers can send GET requests to category.php with malicious cat_id values to extract sensitive database …
CVE-2019-25710
Dolibarr ERP-CRM 8.0.4 contains an SQL injection vulnerability in the rowid parameter of the admin dict.php endpoint tha
09:00 KSA
Dolibarr ERP-CRM 8.0.4 contains an SQL injection vulnerability in the rowid parameter of the admin dict.php endpoint that allows attackers to execute arbitrary SQL queries. Attackers can inject malicious SQL code through the rowid POST parameter to extract sensitive database info…
CVE-2026-4740
A flaw was found in Open Cluster Management (OCM), the technology underlying Red Hat Advanced Cluster Management (ACM).
14:52 KSA
A flaw was found in Open Cluster Management (OCM), the technology underlying Red Hat Advanced Cluster Management (ACM). Improper validation of Kubernetes client certificate renewal allows a managed cluster administrator to forge a client certificate that can be approved by the OC…
CVE-2026-5436
The MW WP Form plugin for WordPress is vulnerable to Arbitrary File Move/Read in all versions up to and including 5.1.1.
00:18 KSA
The MW WP Form plugin for WordPress is vulnerable to Arbitrary File Move/Read in all versions up to and including 5.1.1. This is due to insufficient validation of the $name parameter (upload field key) passed to the generate_user_file_dirpath() function, which uses WordPress's pa…
CVE-2026-40029
parseusbs before 1.9 contains an OS command injection vulnerability in parseUSBs.py where LNK file paths are passed unsa
00:18 KSA
parseusbs before 1.9 contains an OS command injection vulnerability in parseUSBs.py where LNK file paths are passed unsanitized into an os.popen() shell command, allowing arbitrary command execution via crafted .lnk filenames containing shell metacharacters. An attacker can craft…
CVE-2019-25706
Across DR-810 contains an unauthenticated file disclosure vulnerability that allows remote attackers to download the rom
09:00 KSA
Across DR-810 contains an unauthenticated file disclosure vulnerability that allows remote attackers to download the rom-0 backup file containing sensitive information by sending a simple GET request. Attackers can access the rom-0 endpoint without authentication to retrieve and …
CVE-2025-50650
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to inadequate validation of input size in the ro
00:18 KSA
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to inadequate validation of input size in the routes_static parameter in the /router.asp endpoint.
CVE-2025-50652
An issue in D-Link DI-8003 16.07.26A1 related to improper handling of the id parameter in the /saveparm_usb.asp endpoint
00:18 KSA
An issue in D-Link DI-8003 16.07.26A1 related to improper handling of the id parameter in the /saveparm_usb.asp endpoint.
CVE-2025-50653
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the name and mem paramet
00:18 KSA
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the name and mem parameters in the /time_group.asp endpoint.
CVE-2025-50654
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper validation of the id parameter in th
00:18 KSA
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper validation of the id parameter in the /thd_member.asp endpoint.
CVE-2026-3396
WCAPF – WooCommerce Ajax Product Filter plugin is vulnerable to time-based SQL Injection via the 'post-author' parameter
00:18 KSA
WCAPF – WooCommerce Ajax Product Filter plugin is vulnerable to time-based SQL Injection via the 'post-author' parameter in all versions up to, and including, 4.2.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL …
CVE-2026-35525
LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to 10.25.3, for {% include %},
00:18 KSA
LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to 10.25.3, for {% include %}, {% render %}, and {% layout %}, LiquidJS checks whether the candidate path is inside the configured partials or layouts roots before reading it. That check is …
ALEAPP (Android Logs Events And Protobuf Parser) through 3.4.0 contains a path traversal vulnerability in the NQ_Vault.py artifact parser that uses attacker-controlled file_name_from values from a database directly as the output filename, allowing arbitrary file writes outside th…
CVE-2026-5688
A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. Impacted is the function setDdnsCfg
08:48 KSA
A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. Impacted is the function setDdnsCfg of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument provider leads to os command injection. The attack may be launched remotely. The exploit ha…
A vulnerability was detected in Totolink A7100RU 7.4cu.2313_b20191024. The affected element is the function setNtpCfg of the file /cgi-bin/cstecgi.cgi. Performing a manipulation of the argument tz results in os command injection. Remote exploitation of the attack is possible. The…
CVE-2026-5690
A flaw has been found in Totolink A7100RU 7.4cu.2313_b20191024. The impacted element is the function setRemoteCfg of the
08:48 KSA
A flaw has been found in Totolink A7100RU 7.4cu.2313_b20191024. The impacted element is the function setRemoteCfg of the file /cgi-bin/cstecgi.cgi. Executing a manipulation of the argument enable can lead to os command injection. The attack can be executed remotely. The exploit h…
A vulnerability has been found in Totolink A7100RU 7.4cu.2313_b20191024. This affects the function setFirewallType of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument firewallType leads to os command injection. The attack is possible to be carried out remotely. The…
A vulnerability was found in Totolink A7100RU 7.4cu.2313_b20191024. This impacts the function setGameSpeedCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument enable results in os command injection. The attack may be performed from remote. The exploit has been m…
A vulnerability was identified in PowerJob 5.1.0/5.1.1/5.1.2. Impacted is an unknown function of the file powerjob-server/powerjob-server-starter/src/main/java/tech/powerjob/server/web/controller/InstanceController.java of the component detailPlus Endpoint. The manipulation of th…
A security flaw has been discovered in PowerJob 5.1.0/5.1.1/5.1.2. The affected element is the function GroovyEvaluator.evaluate of the file /openApi/addWorkflowNode of the component OpenAPI Endpoint. The manipulation of the argument nodeParams results in code injection. The atta…
A weakness has been identified in suvarchal docker-mcp-server up to 0.1.0. The impacted element is the function stop_container/remove_container/pull_image of the file src/index.ts of the component HTTP Interface. This manipulation causes os command injection. The attack is possib…
CVE-2026-5802
A vulnerability was identified in idachev mcp-javadc up to 1.2.4. Impacted is an unknown function of the component HTTP
00:18 KSA
A vulnerability was identified in idachev mcp-javadc up to 1.2.4. Impacted is an unknown function of the component HTTP Interface. Such manipulation of the argument jarFilePath leads to os command injection. It is possible to launch the attack remotely. The exploit is publicly av…
CVE-2026-5805
A weakness has been identified in code-projects Easy Blog Site up to 1.0. The impacted element is an unknown function of
00:18 KSA
A weakness has been identified in code-projects Easy Blog Site up to 1.0. The impacted element is an unknown function of the file /users/contact_us.php. Executing a manipulation of the argument Name can lead to sql injection. The attack can be launched remotely. The exploit has b…
A vulnerability was identified in FoundationAgents MetaGPT up to 0.8.1. This affects the function generate_thoughts of the file metagpt/strategy/tot.py of the component Tree-of-Thought Solver. The manipulation leads to code injection. It is possible to initiate the attack remotel…
A weakness has been identified in zhayujie chatgpt-on-wechat CowAgent 2.0.4. The affected element is an unknown function of the component Administrative HTTP Endpoint. This manipulation causes missing authentication. It is possible to initiate the attack remotely. The exploit has…
CVE-2026-6129
Authentication Bypass in zhayujie chatgpt-on-wechat CowAgent Agent Mode Service
09:00 KSA
A vulnerability was detected in zhayujie chatgpt-on-wechat CowAgent up to 2.0.4. This affects an unknown function of the component Agent Mode Service. Performing a manipulation results in missing authentication. The attack can be initiated remotely. The exploit is now public and …
A flaw has been found in chatboxai chatbox up to 1.20.0. This impacts the function StdioClientTransport of the file src/main/mcp/ipc-stdio-transport.ts of the component Model Context Protocol Server Management System. Executing a manipulation of the argument args/env can lead to …
IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 allows an attacker to contact internal authentication en…
Dolibarr ERP/CRM versions prior to 23.0.2 contain an authenticated remote code execution vulnerability in the dol_eval_standard() function that fails to apply forbidden string checks in whitelist mode and does not detect PHP dynamic callable syntax. Attackers with administrator p…
The Gerador de Certificados – DevApps plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the moveUploadedFile() function in all versions up to, and including, 1.3.6. This makes it possible for authenticated attackers, with Administ…
CVE-2018-25257
Adianti Framework 5.5.0 and 5.6.0 contains an SQL injection vulnerability that allows authenticated users to manipulate
05:16 KSA
Adianti Framework 5.5.0 and 5.6.0 contains an SQL injection vulnerability that allows authenticated users to manipulate database queries by injecting SQL code through the name field in SystemProfileForm. Attackers can submit crafted SQL statements in the profile edit endpoint to …
ResourceSpace 8.6 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the keywords parameter in collection_edit.php. Attackers can submit POST requests with crafted SQL payloads in the ke…
CVE-2019-25699
Newsbull Haber Script 1.0.0 contains multiple SQL injection vulnerabilities in the search parameter that allow authentic
05:16 KSA
Newsbull Haber Script 1.0.0 contains multiple SQL injection vulnerabilities in the search parameter that allow authenticated attackers to extract database information through time-based, blind, and boolean-based injection techniques. Attackers can inject malicious SQL code throug…
CVE-2019-25703
ImpressCMS 1.3.11 contains a time-based blind SQL injection vulnerability that allows authenticated attackers to manipul
09:00 KSA
ImpressCMS 1.3.11 contains a time-based blind SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'bid' parameter. Attackers can send POST requests to the admin.php endpoint with malicious 'bid' values c…
CVE-2019-25707
eBrigade ERP 4.5 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL qu
09:00 KSA
eBrigade ERP 4.5 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to pdf.php with crafted SQL payloads in the 'id' parameter to extr…
CVE-2019-25713
MyT-PM 1.5.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL querie
09:00 KSA
MyT-PM 1.5.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the Charge[group_total] parameter. Attackers can submit crafted POST requests to the /charge/admin endpoint with error-bas…
CVE-2026-22682
OpenHarness Improper Access Control in File Tools - Arbitrary File Read/Write
18:17 KSA
OpenHarness prior to commit 166fcfe contains an improper access control vulnerability in built-in file tools due to inconsistent parameter handling in permission enforcement, allowing attackers who can influence agent tool execution to read arbitrary local files outside the inten…
A flaw was found in Red Hat Quay's container image upload process. An authenticated user with push access to any repository on the registry can interfere with image uploads in progress by other users, including those in repositories they do not have access to. This could allow th…
A flaw was found in Red Hat Quay's handling of resumable container image layer uploads. The upload process stores intermediate data in the database using a format that, if tampered with, could allow an attacker to execute arbitrary code on the Quay server.
The Sleuth Kit through 4.14.0 contains a path traversal vulnerability in tsk_recover that allows an attacker to write files to arbitrary locations outside the intended recovery directory via crafted filenames or directory paths with path traversal sequences in a filesystem image.…
CVE-2026-39883
OpenTelemetry-Go PATH Hijacking Vulnerability in BSD/Solaris (CVE-2026-39883)
00:18 KSA
OpenTelemetry-Go is the Go implementation of OpenTelemetry. From 1.15.0 to 1.42.0, the fix for CVE-2026-24051 changed the Darwin ioreg command to use an absolute path but left the BSD kenv command using a bare name, allowing the same PATH hijacking attack on BSD and Solaris platf…
The LifterLMS plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter in all versions up to, and including, 9.2.1. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it…
The BlockArt Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'clientId' block attribute in all versions up to, and including, 2.2.15. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticated atta…
The GreenShift - Animation and Page Builder Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 12.8.9 This is due to insufficient input sanitization and output escaping in the gspb_greenShift_block_script_assets() function. …
A vulnerability was found in 1Panel-dev MaxKB up to 2.6.1. The affected element is the function execute of the file apps/application/flow/step_node/mcp_node/impl/base_mcp_node.py of the component Model Context Protocol Node. Performing a manipulation results in os command injecti…
A security flaw has been discovered in FoundationAgents MetaGPT up to 0.8.1. This impacts the function decode_image of the file metagpt/utils/common.py. The manipulation of the argument img_url_or_b64 results in server-side request forgery. It is possible to launch the attack rem…
A vulnerability was found in AstrBotDevs AstrBot up to 4.22.1. This issue affects the function install_plugin_upload of the file astrbot/dashboard/routes/plugin.py of the component install-upload Endpoint. The manipulation of the argument File results in sandbox issue. The attack…
A vulnerability was determined in AstrBotDevs AstrBot up to 4.22.1. Impacted is the function add_mcp_server of the file astrbot/dashboard/routes/tools.py of the component MCP Endpoint. This manipulation of the argument command causes command injection. The attack is possible to b…
A vulnerability was identified in AstrBotDevs AstrBot up to 4.22.1. The affected element is the function post_data.get of the component API Endpoint. Such manipulation leads to server-side request forgery. The attack may be performed from remote. The exploit is publicly available…
A security flaw has been discovered in Dromara warm-flow up to 1.8.4. Impacted is the function SpelHelper.parseExpression of the file /warm-flow/save-json of the component Workflow Definition Handler. The manipulation of the argument listenerPath/skipCondition/permissionFlag resu…
SpotFTP Password Recover 2.4.2 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an oversized buffer in the Name field during registration. Attackers can generate a 256-byte payload, paste it into the Name input field, an…
CVE-2019-25712
BlueAuditor 1.7.2.0 contains a buffer overflow vulnerability in the registration key field that allows local attackers t
01:25 KSA
BlueAuditor 1.7.2.0 contains a buffer overflow vulnerability in the registration key field that allows local attackers to crash the application by submitting an oversized key value. Attackers can trigger a denial of service by entering a 256-byte buffer of repeated characters in …
CVE-2017-20239
MDwiki contains a cross-site scripting vulnerability that allows remote attackers to execute arbitrary JavaScript by inj
21:00 KSA
MDwiki contains a cross-site scripting vulnerability that allows remote attackers to execute arbitrary JavaScript by injecting malicious code through the location hash parameter. Attackers can craft URLs with JavaScript payloads in the hash fragment that are parsed and rendered w…
OpenClaw before 2026.3.24 contains an incomplete fix for CVE-2026-27486 where the !stop chat command uses an unpatched killProcessTree function from shell-utils.ts that sends SIGKILL immediately without graceful SIGTERM shutdown. Attackers can trigger process termination via the …
The Optimole – Optimize Images in Real Time plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URL paths in versions up to, and including, 4.2.3 This is due to insufficient output escaping on user-supplied URL paths in the get_current_url() function, which a…
OpenClaw before 2026.3.22 contains a webhook reply delivery vulnerability that allows attackers to rebind chat replies to unintended users by exploiting mutable username matching instead of stable numeric user identifiers. Attackers can manipulate username changes to redirect web…
CVE-2026-33119
User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized
08:16 KSA
User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-3358
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized private course e
08:16 KSA
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized private course enrollment in all versions up to, and including, 3.9.7. This is due to missing post_status validation in the `enroll_now()` and `course_enrollment()` functions. …
OpenClaw before 2026.3.25 contains an authentication bypass vulnerability in raw card send surface that allows unpaired recipients to mint legacy callback payloads. Attackers can send raw card commands to bypass DM pairing restrictions and reach callback handling without proper a…
OpenClaw before 2026.3.24 contains an incomplete fix for CVE-2026-32011 where the Feishu webhook handler accepts request bodies with permissive limits of 1MB and 30-second timeout before signature verification. An unauthenticated attacker can exhaust server connection resources b…
The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WP plugin for WordPress is vulnerable to blind Server-Side Request Forgery in all versions up to, and including, 1.2.58. This is due to insufficient URL origin validation in the pro…
⚠️ Threat Intelligence
176 threats
rss:Dark Reading
—
02:16 KSA
What Orgs Can Learn From Olympics, World Cup IR Plans
Cyberattackers are targeting the Milan-Cortina Winter Games, continuing a pattern of attacks on major sporting events. Despite the larger attack surface of such events, enterprises can extract valuable incide…
rss:Dark Reading
—
02:16 KSA
A Guy Who Wrote the Code Died in 2005. I Still Have to Secure It
American critical infrastructure faces severe cybersecurity challenges due to reliance on decades-old industrial control systems. Organizations are forced to source 30-year-old controllers from pla…
rss:Dark Reading
—
02:16 KSA
INC Ransomware Group Holds Healthcare Hostage in Oceania
The INC ransomware group has launched serious attacks against healthcare organizations in Australia, New Zealand, and Tonga, targeting government agencies and emergency clinics. This prolific ransomware ou…
rss:The Hacker News
—
02:16 KSA
DarkSword iOS Exploit Kit Uses 6 Flaws, 3 Zero-Days for Full Device Takeover
A sophisticated iOS exploit kit called DarkSword has been actively used by multiple threat actors since November 2025, leveraging six vulnerabilities including three zero-days to achiev…
rss:The Hacker News
—
02:16 KSA
CISA Warns of Zimbra, SharePoint Flaw Exploits; Cisco Zero-Day Hit in Ransomware Attacks
CISA has issued urgent warnings to government agencies regarding active exploitation of vulnerabilities in Synacor Zimbra Collaboration Suite and Microsoft SharePoint. Addit…
rss:The Hacker News
—
02:16 KSA
OFAC Sanctions DPRK IT Worker Network Funding WMD Programs Through Fake Remote Jobs
The U.S. Treasury's OFAC has sanctioned six individuals and two entities involved in a North Korean IT worker scheme that uses fake remote job positions to defraud U.S. businesse…
rss:Dark Reading
—
01:00 KSA
Delinea's StrongDM Acquisition Highlights the Changing Role of PAM
Delinea's acquisition of StrongDM enhances privileged access management capabilities by integrating ephemeral credential injection into developer workflows. This advancement strengthens secu…
rss:Dark Reading
—
01:00 KSA
Why Stryker's Outage Is a Disaster Recovery Wake-Up Call
An Iranian cyberattack on Stryker exposed critical gaps in business continuity and disaster recovery planning. The incident demonstrates that organizations must prepare for sophisticated nation-state …
rss:Dark Reading
—
01:00 KSA
Commercial Spyware Opponents Fear US Policy Shifting
The Trump administration's reversal of sanctions and reactivation of contracts with commercial spyware vendors has created policy uncertainty. This shift raises concerns about oversight of surveillance technol…
rss:Dark Reading
—
01:00 KSA
Delinea's StrongDM Acquisition Highlights the Changing Role of PAM
Delinea's acquisition of StrongDM enhances privileged access management capabilities by injecting ephemeral credentials into developer workflows. This advancement strengthens security contro…
rss:Dark Reading
—
01:00 KSA
Why Stryker's Outage Is a Disaster Recovery Wake-Up Call
An Iranian cyberattack on Stryker exposed critical gaps in business continuity and disaster recovery planning. The incident demonstrates that many organizations lack adequate preparation for sophistic…
rss:The Hacker News
—
01:00 KSA
ThreatsDay Bulletin: FortiGate RaaS, Citrix Exploits, MCP Abuse, LiveChat Phish & More
Multiple cybersecurity threats identified including FortiGate ransomware-as-a-service operations, Citrix vulnerabilities being exploited, and LiveChat-based phishing campa…
rss:The Hacker News
—
01:00 KSA
New Perseus Android Banking Malware Monitors Notes Apps to Extract Sensitive Data
New Android banking malware called Perseus discovered actively targeting mobile devices for device takeover and financial fraud. Built on Cerberus and Phoenix malware foundations, …
rss:The Hacker News
—
01:00 KSA
How Ceros Gives Security Teams Visibility and Control in Claude Code
Security teams face new challenges with AI coding agents like Claude Code operating outside traditional identity and access controls in enterprise environments. Organizations need visibility an…
rss:Dark Reading
—
23:54 KSA
Real-Time Banking Trojan Strikes Brazil's Pix Users
A sophisticated banking Trojan campaign targeting Brazil's Pix payment system combines automated malware with real-time human operators who monitor victims and execute attacks at optimal moments. This hybr…
rss:Dark Reading
—
23:54 KSA
Why Post-Quantum Cryptography Can't Wait
Organizations must urgently prepare for post-quantum cryptography as quantum computers threaten to break current encryption standards. Delaying implementation could leave sensitive data vulnerable to future decryptio…
rss:Dark Reading
—
23:54 KSA
Iran MOIS Colludes With Criminals to Boost Cyberattacks
Iranian state-sponsored APT groups affiliated with the Ministry of Intelligence (MOIS) are now actively collaborating with cybercriminal organizations, blurring the lines between nation-state and criminal o…
rss:The Hacker News
—
23:54 KSA
Apple Warns Older iPhones Vulnerable to Coruna, DarkSword Exploit Kit Attacks
Apple warns users of outdated iOS versions about web-based attacks using Coruna and DarkSword exploit kits. These sophisticated exploit kits deliver malicious web content targeting vul…
rss:The Hacker News
—
23:54 KSA
Speagle Malware Hijacks Cobra DocGuard to Steal Data via Compromised Servers
New Speagle malware hijacks legitimate Cobra DocGuard software infrastructure to steal sensitive data from infected systems. The malware exploits the trusted program's functionality to …
rss:The Hacker News
—
23:54 KSA
54 EDR Killers Use BYOVD to Exploit 35 Signed Vulnerable Drivers and Disable Security
Analysis reveals 54 EDR killer programs exploit 35 vulnerable signed drivers using BYOVD technique to disable security systems. These tools are commonly deployed in ransomware …
rss:Dark Reading
—
22:44 KSA
Cyberattackers Don't Care About Good Causes
Nonprofits face significant cybersecurity challenges despite their charitable missions. Industry experts discuss the unique vulnerabilities of nonprofit organizations and recommend strategies for the cybersecurity…
rss:Dark Reading
—
22:44 KSA
Will AI Save Consumers From Smartphone-Based Phishing Attacks?
Sophisticated phishing attacks are increasingly bypassing smartphone security protections with alarming frequency. New research from Omdia highlights the critical need for enhanced user awareness and…
rss:Dark Reading
—
22:44 KSA
Most Google Cloud Attacks Start With Bug Exploitation
Vulnerability exploitation has overtaken credential theft and misconfigurations as the primary attack vector for Google Cloud compromises. AI-powered attackers are exploiting security flaws faster than organi…
rss:The Hacker News
—
22:43 KSA
The Importance of Behavioral Analytics in AI-Enabled Cyber Attacks
Cybercriminals are leveraging AI to create sophisticated phishing campaigns with personalized emails, deepfakes, and adaptive malware that bypass traditional security defenses. This evolution req…
rss:The Hacker News
—
22:43 KSA
Magento PolyShell Flaw Enables Unauthenticated Uploads, RCE and Account Takeover
A critical vulnerability in Magento's REST API, dubbed PolyShell, allows unauthenticated attackers to upload malicious executables, execute remote code, and take over accounts. This…
rss:The Hacker News
—
22:43 KSA
DoJ Disrupts 3 Million-Device IoT Botnets Behind Record 31.4 Tbps Global DDoS Attacks
The U.S. Department of Justice disrupted command-and-control infrastructure for multiple IoT botnets including AISURU, Kimwolf, JackSkid, and Mossad, which controlled 3 million…
rss:Dark Reading
—
21:36 KSA
Attackers Abuse LiveChat to Phish Credit Card, Personal Data
Cybercriminals are conducting social engineering attacks by impersonating PayPal and Amazon customer support through LiveChat platforms. The campaign targets users to steal credit card information and …
rss:Dark Reading
—
21:36 KSA
Fake PoCs, Misunderstood Risks Cause Cisco SD-WAN Chaos
Recent Cisco SD-WAN vulnerabilities have led to circulation of fake proof-of-concept exploits and widespread misunderstanding of actual risks. Security researchers warn that real threats are being overlooke…
rss:Dark Reading
—
21:36 KSA
The Data Gap: Why Nonprofit Cyber Incidents Go Underreported
Nonprofit organizations are increasingly targeted by threat actors due to weak security postures and valuable data assets. However, cyber incidents affecting nonprofits remain significantly underreport…
rss:The Hacker News
—
21:36 KSA
Trivy Security Scanner GitHub Actions Breached, 75 Tags Hijacked to Steal CI/CD Secrets
Trivy vulnerability scanner was compromised for the second time in a month, with attackers hijacking 75 GitHub Actions tags to deploy malware targeting CI/CD pipeline secrets…
rss:The Hacker News
—
21:36 KSA
Critical Langflow Flaw CVE-2026-33017 Triggers Attacks within 20 Hours of Disclosure
Critical vulnerability CVE-2026-33017 in Langflow (CVSS 9.3) was exploited within 20 hours of disclosure, demonstrating rapid weaponization of authentication bypass flaws. The m…
rss:The Hacker News
—
21:36 KSA
Google Adds 24-Hour Wait for Unverified App Sideloading to Reduce Malware and Scams
Google introduces mandatory 24-hour waiting period for Android sideloading from unverified developers to reduce malware and scam installations. This security enhancement aims to …
rss:BleepingComputer
—
21:36 KSA
Critical Marimo pre-auth RCE flaw now under active exploitation
A critical pre-authentication remote code execution vulnerability in Marimo is being actively exploited by threat actors for credential theft. Organizations using Marimo should immediately patch thi…
rss:Dark Reading
—
20:02 KSA
China-Nexus Hackers Skulk in Southeast Asian Military Orgs for Years
Advanced persistent threat actors linked to China conducted a multi-year cyber espionage campaign against military organizations in Southeast Asia. The attackers deployed novel backdoors and so…
rss:Dark Reading
—
20:02 KSA
GlassWorm Malware Evolves to Hide in Dependencies
Malicious GlassWorm extensions have infiltrated the Open VSX marketplace, posing a significant supply chain threat to software developers. The evolved malware hides within code dependencies, potentially compromis…
rss:Dark Reading
—
20:02 KSA
Inside Olympic Cybersecurity: Lessons From Paris 2024 to Milan Cortina 2026
Former Paris 2024 Olympics CISO Franz Regul shares critical cybersecurity insights from protecting one of the world's largest sporting events. The experience highlights unique challenges…
rss:The Hacker News
—
20:02 KSA
Device Code Phishing Hits 340+ Microsoft 365 Orgs Across Five Countries via OAuth Abuse
Active device code phishing campaign targeting Microsoft 365 identities across 340+ organizations in five countries including U.S., Canada, Australia, New Zealand, and German…
rss:The Hacker News
—
20:02 KSA
CISA Flags Apple, Craft CMS, Laravel Bugs in KEV, Orders Patching by April 3, 2026
CISA added five security vulnerabilities affecting Apple, Craft CMS, and Laravel Livewire to its Known Exploited Vulnerabilities catalog. Federal agencies are mandated to patch th…
rss:The Hacker News
—
20:02 KSA
Trivy Supply Chain Attack Triggers Self-Spreading CanisterWorm Across 47 npm Packages
Supply chain attack targeting Trivy scanner has evolved into broader compromise involving 47 npm packages infected with CanisterWorm, a self-propagating worm. The malware demon…
rss:Dark Reading
—
19:00 KSA
Less Lucrative Ransomware Market Makes Attackers Alter Methods
Ransomware operators are abandoning Cobalt Strike and shifting to native Windows tools as ransom payment rates reach historic lows. This tactical evolution reflects declining profitability in the ran…
rss:Dark Reading
—
19:00 KSA
Hackers Target Cybersecurity Firm Outpost24 in 7-Stage Phish
Cybersecurity firm Outpost24 successfully defended against a sophisticated 7-stage phishing attack targeting a C-suite executive. The attackers leveraged trusted brands and legitimate domains to attemp…
rss:Dark Reading
—
19:00 KSA
Warlock Ransomware Group Augments Post-Exploitation Activities
The Warlock ransomware group has enhanced its post-exploitation capabilities using a new Bring Your Own Vulnerable Driver (BYOVD) technique for stealthier cross-network movement. This advancement all…
rss:The Hacker News
—
19:00 KSA
Coruna iOS Kit Reuses 2023 Triangulation Exploit Code in New Mass Attacks
Kaspersky discovered that the Coruna iOS exploit kit reuses kernel exploit code from the 2023 Operation Triangulation campaign, targeting two Apple iOS security vulnerabilities in new mass…
rss:The Hacker News
—
19:00 KSA
WebRTC Skimmer Bypasses CSP to Steal Payment Data from E-Commerce Sites
A new payment skimmer malware uses WebRTC data channels to receive payloads and exfiltrate stolen payment data, bypassing Content Security Policy (CSP) protections. This technique avoids tra…
rss:The Hacker News
—
19:00 KSA
LeakBase Admin Arrested in Russia Over Massive Stolen Credential Marketplace
Russian law enforcement arrested the alleged administrator of LeakBase cybercrime forum in Taganrog. LeakBase operated as a major marketplace for stolen credentials and compromised data…
rss:Dark Reading
—
17:58 KSA
Phishers Pose as Palo Alto Networks' Recruiters for Months in Job Scam
Phishing campaigns starting in August 2024 impersonate Palo Alto Networks recruiters to defraud job seekers. Attackers use psychological manipulation and LinkedIn-scraped data to target …
rss:Dark Reading
—
17:58 KSA
Ex-NSA Directors Discuss 'Red Line' for Offensive Cyberattacks
Four former NSA directors discussed offensive cyber operations and US Cyber Command's role in national security. The debate covered strategic boundaries and ethical considerations for gover…
rss:Dark Reading
—
17:58 KSA
CSA Launches CSAI Foundation for AI Security
Cloud Security Alliance established CSAI Foundation, a nonprofit dedicated to securing autonomous AI agent ecosystems. The initiative focuses on risk intelligence and certification frameworks to address emerging AI se…
rss:The Hacker News
—
17:58 KSA
LangChain, LangGraph Flaws Expose Files, Secrets, Databases in Widely Used AI Frameworks
Three critical vulnerabilities discovered in LangChain and LangGraph AI frameworks could allow attackers to access filesystem data, environment secrets, and conversation his…
rss:The Hacker News
—
17:58 KSA
China-Linked Red Menshen Uses Stealthy BPFDoor Implants to Spy via Telecom Networks
Chinese state-sponsored threat actor Red Menshen has conducted long-term espionage operations by embedding stealthy BPFDoor implants within telecommunications networks to spy on …
rss:The Hacker News
—
17:58 KSA
ThreatsDay Bulletin: PQC Push, AI Vuln Hunting, Pirated Traps, Phishing Kits & 20 More Stories
Weekly security bulletin covering multiple emerging threats including post-quantum cryptography developments, AI vulnerability hunting techniques, pirated software…
rss:Dark Reading
—
16:54 KSA
Critical Flaw in Langflow AI Platform Under Attack
Threat actors exploited a code injection vulnerability in Langflow AI platform within hours of public disclosure. The rapid exploitation demonstrates organizations have minimal time to patch critical vulnerabili…
rss:Dark Reading
—
16:54 KSA
At RSAC, the EU Leads While US Officials Are Sidelined
At RSA Conference, EU officials are leading cybersecurity policy discussions while US government representatives are notably absent. This shift reflects changing dynamics in global cybersecurity governance a…
rss:Dark Reading
—
16:54 KSA
Blame Game: Why Public Cyber Attribution Carries Risks
Public attribution of cyberattacks to specific entities carries significant risks and potential negative consequences. Organizations should carefully evaluate diplomatic, legal, and operational implications …
rss:The Hacker News
—
16:54 KSA
AitM Phishing Targets TikTok Business Accounts Using Cloudflare Turnstile Evasion
Cybercriminals are deploying adversary-in-the-middle (AitM) phishing attacks to hijack TikTok Business accounts by evading Cloudflare Turnstile protections. Business social media a…
rss:The Hacker News
—
16:54 KSA
We Are At War
Rising geopolitical tensions are increasingly manifested through cyber operations, with technology becoming a politicized domain. The article discusses how cyber warfare has become integral to modern conflicts and the fragmentation of global tech p…
rss:The Hacker News
—
16:54 KSA
Bearlyfy Hits Russian Firms with Custom GenieLocker Ransomware
Pro-Ukrainian hacktivist group Bearlyfy has conducted over 70 cyberattacks against Russian companies since January 2025, deploying custom GenieLocker ransomware. These attacks represent politically-m…
rss:Dark Reading
—
15:53 KSA
Coruna, DarkSword & Democratizing Nation-State Exploit Kits
Nation-state malware toolkits are being commercialized through Dark Web sales and GitHub leaks, making advanced persistent threat capabilities accessible to less sophisticated actors. This democ…
rss:Dark Reading
—
15:53 KSA
Is the FCC's Router Ban the Wrong Fix?
The FCC has banned foreign-manufactured consumer routers by adding them to its prohibited communications devices list. Critics argue this regulatory approach may create supply chain complications and unintended securit…
rss:Dark Reading
—
15:53 KSA
Automotive Cybersecurity Threats Grow in Era of Connected, Autonomous Vehicles
Despite nearly a decade since the landmark 2015 Jeep hack demonstration, automotive cybersecurity remains a critical concern as vehicles become increasingly connected and autonomous. …
rss:The Hacker News
—
15:52 KSA
Apple Expands iOS 18.7.7 Update to More Devices to Block DarkSword Exploit
Apple released iOS 18.7.7 and iPadOS 18.7.7 updates to additional devices to protect against the DarkSword exploit kit. The emergency update addresses critical vulnerabilities being activ…
rss:The Hacker News
—
15:52 KSA
TeamPCP Pushes Malicious Telnyx Versions to PyPI, Hides Stealer in WAV Files
TeamPCP threat actor compromised the telnyx Python package on PyPI by publishing malicious versions 4.87.1 and 4.87.2 that steal sensitive data. The malware is hidden within WAV audio f…
rss:The Hacker News
—
15:52 KSA
Open VSX Bug Let Malicious VS Code Extensions Bypass Pre-Publish Security Checks
A patched vulnerability in Open VSX's pre-publish scanning pipeline allowed malicious VS Code extensions to bypass security checks and be published to the registry. The flaw in the …
rss:SecurityWeek
—
14:48 KSA
Adobe Patches Reader Zero-Day Exploited for Months
Adobe has patched CVE-2026-34621, a zero-day vulnerability in Adobe Reader that has been actively exploited for months. The critical flaw allows attackers to execute arbitrary code on affected systems, posing si…
rss:Dark Reading
—
14:48 KSA
Google's Vertex AI Is Over-Privileged. That's a Problem
Palo Alto Networks researchers discovered critical over-privilege vulnerabilities in Google's Vertex AI platform that could allow attackers to exploit AI agents for data theft and unauthorized acc…
rss:Dark Reading
—
14:48 KSA
TeamPCP Breaches Cloud, SaaS Instances With Stolen Credentials
TeamPCP threat group has shifted tactics to conduct rapid attacks on AWS, Azure, and SaaS platforms using stolen credentials. The accelerated attack timeline emphasizes the critical need for organiza…
rss:Dark Reading
—
14:48 KSA
Google Sets 2029 Deadline for Quantum-Safe Cryptography
Google has announced a 2029 deadline for completing migration to post-quantum cryptography (PQC) across its systems. This proactive timeline reflects the urgency of preparing cryptographic defenses against …
rss:The Hacker News
—
14:48 KSA
Researchers Uncover Mining Operation Using ISO Lures to Spread RATs and Crypto Miners
A financially motivated threat operation (REF1695) has been deploying fake installers to distribute remote access trojans and cryptocurrency miners since November 2023. The att…
rss:The Hacker News
—
14:48 KSA
The State of Trusted Open Source Report
A comprehensive report analyzing open source software consumption patterns across container images, language libraries, and builds. The report provides insights into security trends and trusted open source usage from Decem…
rss:The Hacker News
—
14:48 KSA
WhatsApp Alerts 200 Users After Fake iOS App Installed Spyware; Italian Firm Faces Action
WhatsApp alerted approximately 200 users who were deceived into installing a fake iOS application containing spyware. The majority of targets are located in Italy, and an I…
rss:Dark Reading
—
13:43 KSA
Are We Training AI Too Late?
Cybersecurity teams must broaden their threat detection approach beyond historical threat actors to identify emerging AI-driven threats. Traditional security models relying solely on past attack patterns are insufficient for detectin…
rss:Dark Reading
—
13:43 KSA
The Forgotten Endpoint: Security Risks of Dormant Devices
Dormant and forgotten devices such as old laptops pose significant security risks as they retain enterprise access credentials and sensitive data. These neglected endpoints can serve as entry points for a…
rss:Dark Reading
—
13:43 KSA
Axios NPM Package Compromised in Precision Attack
The Axios NPM package, a widely-used JavaScript HTTP client library, was temporarily compromised in a targeted supply chain attack potentially attributed to North Korean threat actors. This incident highlights th…
rss:The Hacker News
—
13:42 KSA
Hackers Exploit CVE-2025-55182 to Breach 766 Next.js Hosts, Steal Credentials
Attackers exploited the React2Shell vulnerability (CVE-2025-55182) in a massive credential harvesting campaign targeting 766 Next.js hosts. Stolen data includes database credentials, S…
rss:The Hacker News
—
13:42 KSA
Cisco Patches 9.8 CVSS IMC and SSM Flaws Allowing Remote System Compromise
Cisco released critical security patches for vulnerabilities in Integrated Management Controller (IMC) and SSM with CVSS score of 9.8. The flaws allow unauthenticated remote attackers to …
rss:The Hacker News
—
13:42 KSA
ThreatsDay Bulletin: Pre-Auth Chains, Android Rootkits, CloudTrail Evasion & 10 More Stories
ThreatsDay Bulletin provides a comprehensive roundup of current cybersecurity threats including pre-authentication exploit chains, Android rootkits, and AWS CloudTra…
rss:Dark Reading
—
12:36 KSA
LatAm's Self-Taught Cyber Talent Overlooked Amid Cyberattack Glut
A new study reveals Latin America's unique cybersecurity talent pool of self-taught professionals is being overlooked by organizations. The research highlights opportunities for expanding rec…
rss:Dark Reading
—
12:36 KSA
Cyberattacks Intensify Pressure on Latin American Governments
Cyber threats are increasingly targeting government systems across Latin America, with disruptive attacks in Puerto Rico and a surge of probes against Colombia's health sector. Government infrastructu…
rss:Dark Reading
—
12:36 KSA
Venom Stealer MaaS Platform Commoditizes ClickFix Attacks
A new Malware-as-a-Service platform called Venom Stealer provides automated capabilities for creating persistent information-stealing attacks using ClickFix social engineering techniques. The service comm…
rss:The Hacker News
—
12:36 KSA
CPUID Breach Distributes STX RAT via Trojanized CPU-Z and HWMonitor Downloads
Threat actors compromised CPUID's website for under 24 hours, replacing legitimate hardware monitoring tools (CPU-Z, HWMonitor) with trojanized versions that deployed STX RAT malware. …
rss:The Hacker News
—
12:36 KSA
Adobe Patches Actively Exploited Acrobat Reader Flaw CVE-2026-34621
Adobe released emergency patches for CVE-2026-34621, a critical vulnerability in Acrobat Reader with CVSS score 8.6 that is being actively exploited in the wild. The flaw allows attackers to com…
rss:The Hacker News
—
12:36 KSA
Drift Loses $285 Million in Durable Nonce Social Engineering Attack Linked to DPRK
Solana-based DEX platform Drift lost approximately $285 million in a sophisticated social engineering attack on April 1, 2026, involving durable nonce exploitation. The attack is …
rss:Dark Reading
—
11:32 KSA
RSAC 2026: AI Dominates, But Community Remains Key to Security
AI dominated discussions at RSAC 2026, with cybersecurity experts debating the balance between automation and human oversight. The conference highlighted ongoing concerns about AI's role in threat de…
rss:Dark Reading
—
11:32 KSA
Bank Trojan 'Casbaneiro' Worms Through Latin America
The Casbaneiro banking Trojan is conducting sophisticated multi-stage campaigns targeting Spanish-speaking users across Latin America. The malware employs advanced evasion techniques and rapid replic…
rss:Dark Reading
—
11:32 KSA
Ransomware Will Hit Hospitals. Rehearsals Are Key to Defense
Healthcare organizations face inevitable ransomware attacks that can cause short or long-term operational outages. A chief medical information officer emphasizes the critical importance of conducting r…
rss:The Hacker News
—
11:32 KSA
UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack
North Korean threat actors UNC1069 successfully compromised the Axios npm package through a sophisticated social engineering attack targeting its maintainer Jason Saayman. This supply …
rss:The Hacker News
—
11:32 KSA
Why Third-Party Risk Is the Biggest Gap in Your Clients' Security Posture
Third-party vendors, SaaS applications, and subcontractors represent the largest security gap for organizations, as most breaches now originate from trusted external partners rather t…
rss:The Hacker News
—
11:32 KSA
New SparkCat Variant in iOS, Android Apps Steals Crypto Wallet Recovery Phrase Images
A new variant of SparkCat malware has been discovered on Apple App Store and Google Play Store, targeting cryptocurrency users by stealing recovery phrase images from mobile de…
rss:Dark Reading
—
10:22 KSA
Geopolitics, AI, and Cybersecurity: Insights From RSAC 2026
RSAC 2026 Conference highlighted AI-driven cybersecurity threats and their intersection with geopolitical shifts. Discussions focused on how artificial intelligence is reshaping the threat landscape and…
rss:Dark Reading
—
10:22 KSA
Not Toying Around: Hasbro Attack May Take 'Weeks' to Remediate
Hasbro disclosed unauthorized access to its systems in an 8-K filing, indicating a significant cyberattack. The company has activated business continuity plans and taken affected systems of…
rss:Dark Reading
—
10:22 KSA
Security Bosses Are All in on AI: Here's Why
CISOs are increasingly investing in AI-powered cybersecurity tools with optimistic deployment plans. Reddit's CISO and industry analysts discuss real-world AI implementation successes and challenges in security o…
rss:The Hacker News
—
10:22 KSA
Fortinet Patches Actively Exploited CVE-2026-35616 in FortiClient EMS
Fortinet released emergency patches for critical vulnerability CVE-2026-35616 (CVSS 9.1) in FortiClient EMS that is being actively exploited. The flaw allows pre-authentication API access bypa…
rss:The Hacker News
—
10:22 KSA
China-Linked TA416 Targets European Governments with PlugX and OAuth-Based Phishing
Chinese APT group TA416 (overlaps with DarkPeony, RedDelta) resumed targeting European government and diplomatic organizations since mid-2025 after two years of reduced activity.…
rss:The Hacker News
—
10:22 KSA
Microsoft Details Cookie-Controlled PHP Web Shells Persisting via Cron on Linux Servers
Microsoft discovered threat actors deploying PHP web shells on Linux servers that use HTTP cookies as control channels instead of URL parameters for stealth. These web shells…
rss:Dark Reading
—
09:16 KSA
Claude Source Code Leak Highlights Big Supply Chain Missteps
A source code leak from Claude AI exposes critical vulnerabilities in software supply chain security. The incident underscores the urgent need to treat software supply chains as critical infrastructure…
rss:Dark Reading
—
09:16 KSA
Chainguard Unveils Factory 2.0 to Automate Hardening the Software Supply Chain
Chainguard launches Factory 2.0 platform with enhanced security automation capabilities. The upgraded solution provides continuous reconciliation of open source artifacts across conta…
rss:Dark Reading
—
09:16 KSA
CrowdStrike Next-Gen SIEM Can Now Ingest Microsoft Defender Telemetry
CrowdStrike's next-generation SIEM platform now integrates Microsoft Defender telemetry data, marking a significant collaboration between former rivals. The integration enhances threat detecti…
rss:The Hacker News
—
09:16 KSA
BKA Identifies REvil Leaders Behind 130 German Ransomware Attacks
Germany's BKA has identified two key leaders of the defunct REvil ransomware-as-a-service operation, including the threat actor known as UNKN, who was responsible for coordinating 130 ransomware a…
rss:The Hacker News
—
09:16 KSA
$285 Million Drift Hack Traced to Six-Month DPRK Social Engineering Operation
The April 2026 hack of Drift resulting in the theft of $285 million has been attributed to a sophisticated six-month social engineering campaign orchestrated by North Korean (DPRK) sta…
rss:The Hacker News
—
09:16 KSA
36 Malicious npm Packages Exploited Redis, PostgreSQL to Deploy Persistent Implants
Researchers discovered 36 malicious npm packages disguised as legitimate Strapi CMS plugins that exploit Redis and PostgreSQL services to deploy reverse shells, harvest credentia…
rss:Dark Reading
—
08:01 KSA
Apple Breaks Precedent, Patches DarkSword for iOS 18
Apple has released security patches for iOS 18 to protect against DarkSword, a severe mobile OS exploitation tool. This unprecedented move allows organizations with users on older iOS versions to defend agains…
rss:Dark Reading
—
08:01 KSA
Blast Radius of TeamPCP Attacks Expands Amid Hacker Infighting
Multiple organizations are reporting breaches linked to TeamPCP's supply chain attacks. The situation is complicated by ShinyHunters and Lapsus$ groups claiming involvement, creating attribution chal…
rss:Dark Reading
—
08:01 KSA
Picking Up 'Skull Vibrations'? Could Be XR Headset Authentication
Emerging research demonstrates that skull vibration harmonics generated by vital signs can be used for biometric authentication in VR, AR, and MR headsets. This novel authentication meth…
rss:Recorded Future
—
08:00 KSA
Addressing the vulnerability prioritization challenge
Organizations face vulnerability overload as CVSS scores alone prove insufficient for effective prioritization. A three-pillar framework incorporating real-world threat intelligence, environmental context, an…
rss:The Hacker News
—
08:00 KSA
⚡ Weekly Recap: Axios Hack, Chrome 0-Day, Fortinet Exploits, Paragon Spyware and More
Multiple critical security incidents occurred this week including software tampering, active zero-day vulnerabilities in widely-used tools, and exploitation of existing vulnera…
rss:The Hacker News
—
08:00 KSA
How LiteLLM Turned Developer Machines Into Credential Vaults for Attackers
Developer workstations have become critical attack targets as they store and manage credentials across multiple services, tools, and AI agents. The TeamPCP threat actor exploited LiteLLM …
rss:The Hacker News
—
08:00 KSA
Qilin and Warlock Ransomware Use Vulnerable Drivers to Disable 300+ EDR Tools
Qilin and Warlock ransomware groups are using Bring Your Own Vulnerable Driver (BYOVD) technique to disable over 300 endpoint detection and response (EDR) security tools on compromised…
rss:Dark Reading
—
08:00 KSA
Shadow AI in Healthcare Is Here to Stay
Healthcare professionals increasingly use unauthorized AI tools to manage workloads, creating security risks. Organizations must strengthen security protocols to contain potential breaches from shadow AI usage in medical e…
rss:Dark Reading
—
08:00 KSA
OWASP GenAI Security Project Gets Update, New Tools Matrix
OWASP identifies 21 security risks specific to generative AI systems and releases updated guidance. The organization recommends separate security approaches for GenAI and agentic AI systems to address em…
rss:Dark Reading
—
08:00 KSA
Inconsistent Privacy Labels Don't Tell Users What They Are Getting
Mobile app privacy labels lack consistency and fail to adequately inform users about data collection practices. Current privacy labeling systems need significant improvement to provide meani…
rss:The Hacker News
—
08:00 KSA
Iran-Linked Password-Spraying Campaign Targets 300+ Israeli Microsoft 365 Organizations
Iranian threat actors conducted password-spraying attacks against Microsoft 365 environments in Israel and UAE during Middle East conflicts. The ongoing campaign occurred in …
rss:The Hacker News
—
08:00 KSA
DPRK-Linked Hackers Use GitHub as C2 in Multi-Stage Attacks Targeting South Korea
North Korean-linked threat actors are leveraging GitHub as command-and-control infrastructure in sophisticated multi-stage attacks against South Korean organizations. This techniqu…
rss:The Hacker News
—
08:00 KSA
Multi-OS Cyberattacks: How SOCs Close a Critical Risk in 3 Steps
Modern cyberattacks target multiple operating systems simultaneously, exploiting Windows, macOS, Linux, and mobile devices across enterprise environments. SOC teams face challenges in detecting cro…
rss:BleepingComputer
—
08:00 KSA
Bubble AI app builder abused to steal Microsoft account credentials
Cybercriminals are exploiting the Bubble no-code platform to create and host malicious web applications that bypass phishing detection systems. These fraudulent apps are specifically designed to…
rss:BleepingComputer
—
08:00 KSA
New Torg Grabber infostealer malware targets 728 crypto wallets
A newly discovered infostealer malware named Torg Grabber is targeting 850 browser extensions, with over 700 specifically designed for cryptocurrency wallets. The malware steals sensitive data inclu…
rss:BleepingComputer
—
08:00 KSA
Citrix urges admins to patch NetScaler flaws as soon as possible
Citrix has released patches for two critical vulnerabilities in NetScaler ADC and NetScaler Gateway products. One vulnerability bears significant similarities to the previously exploited CitrixBlee…
rss:Recorded Future
—
06:55 KSA
Threat Intelligence Automation
Recorded Future's threat intelligence automation provides security teams with real-time insights and faster incident response capabilities. The solution enhances operational efficiency by automating the collection and analysis of t…
rss:Recorded Future
—
06:55 KSA
The Future of Humanoid Robotics
Humanoid robotics advancement presents emerging cybersecurity risks including potential vulnerabilities in AI systems and IoT networks. Organizations must consider security implications as these technologies integrate into critica…
rss:Recorded Future
—
06:55 KSA
Operational Cyber Threat Intelligence
Operational cyber threat intelligence focuses on transforming raw threat data into actionable insights for proactive defense. Effective threat intelligence operations enable organizations to move from reactive to preventive …
rss:Dark Reading
—
06:55 KSA
Axios Attack Shows How Complex Social Engineering Is Industrialized
A sophisticated attack targeted the popular NPM package Axios, demonstrating how threat actors are industrializing social engineering campaigns against software maintainers. This incident highli…
rss:Dark Reading
—
06:55 KSA
Fortinet Issues Emergency Patch for FortiClient Zero-Day
Fortinet released an emergency patch for CVE-2026-35616, an authentication bypass vulnerability in FortiClient being actively exploited in the wild. This is the latest in a series of critical Fortinet vuln…
rss:Dark Reading
—
06:55 KSA
Automated Credential Harvesting Campaign Exploits React2Shell Flaw
Threat cluster UAT-10608 is conducting automated attacks exploiting vulnerable Next.js applications through the React2Shell flaw to harvest credentials, secrets, and system data. The campaign use…
rss:The Hacker News
—
06:54 KSA
New GPUBreach Attack Enables Full CPU Privilege Escalation via GDDR6 Bit-Flips
Academic researchers discovered RowHammer attacks targeting high-performance GPUs that enable privilege escalation and potential full host takeover. The attacks, named GPUBreach, GDDR…
rss:The Hacker News
—
06:54 KSA
China-Linked Storm-1175 Exploits Zero-Days to Rapidly Deploy Medusa Ransomware
Chinese threat actor Storm-1175 is conducting high-velocity ransomware attacks by exploiting zero-day and N-day vulnerabilities to deploy Medusa ransomware. The group demonstrates rap…
rss:The Hacker News
—
06:54 KSA
Flowise AI Agent Builder Under Active CVSS 10.0 RCE Exploitation; 12,000+ Instances Exposed
Threat actors are actively exploiting CVE-2025-59528, a maximum severity (CVSS 10.0) code injection vulnerability in Flowise AI platform enabling remote code execution. O…
rss:BleepingComputer
—
06:54 KSA
Suspected RedLine infostealer malware admin extradited to US
An Armenian national was extradited to the US for allegedly managing RedLine infostealer malware operations. RedLine is a widely-used credential and data theft malware that has compromised millions of …
rss:BleepingComputer
—
06:54 KSA
GitHub adds AI-powered bug detection to expand security coverage
GitHub is integrating AI-powered vulnerability scanning into its Code Security tool to enhance detection capabilities beyond traditional static analysis. This expansion will cover more programming …
rss:BleepingComputer
—
06:54 KSA
PolyShell attacks target 56% of all vulnerable Magento stores
Active attacks exploiting the PolyShell vulnerability are targeting over half of all vulnerable Magento 2 and Adobe Commerce installations. E-commerce platforms using these systems face immediate risk…
rss:Recorded Future
—
05:49 KSA
Integrating Threat Intelligence and Vulnerability Management: A Modern Approach
Organizations can enhance risk reduction by integrating threat intelligence with vulnerability management systems. This modern approach enables prioritization of critical vulnerabili…
rss:Recorded Future
—
05:49 KSA
The Salesforce-Gainsight Security Incident: What You Need to Know
A security incident involving Salesforce and Gainsight highlights supply-chain risks in SaaS integrations. Threat intelligence platforms can identify and mitigate third-party compromise risks befo…
rss:Recorded Future
—
05:49 KSA
Choosing a Digital Risk Intelligence Platform: 5 Key Capabilities to Evaluate
Organizations selecting digital risk intelligence platforms should evaluate five essential capabilities to protect brand reputation, digital assets, and external attack surface. Proper…
rss:Dark Reading
—
05:49 KSA
Lies, Damned Lies, and Cybersecurity Metrics
C-suite executives discuss challenges in measuring cybersecurity effectiveness and why current metrics fail to improve security outcomes. The panel highlights the gap between measurement practices and actual security …
rss:Dark Reading
—
05:49 KSA
Focusing on the People in Cybersecurity at RSAC 2026 Conference
RSAC 2026 Conference emphasizes the critical role of human factors in cybersecurity despite AI dominance in discussions. The conference highlights that technology alone cannot solve security challen…
rss:Dark Reading
—
05:49 KSA
AI-Assisted Supply Chain Attack Targets GitHub
Threat actors leverage AI to automate attacks exploiting GitHub misconfigurations in campaign called PRT-scan. This represents the second AI-assisted supply chain attack targeting widespread GitHub vulnerabilities, …
rss:The Hacker News
—
05:48 KSA
Docker CVE-2026-34040 Lets Attackers Bypass Authorization and Gain Host Access
A high-severity vulnerability (CVE-2026-34040, CVSS 8.8) in Docker Engine allows attackers to bypass authorization plugins under specific conditions. This flaw represents an incomplet…
rss:The Hacker News
—
05:48 KSA
Over 1,000 Exposed ComfyUI Instances Targeted in Cryptomining Botnet Campaign
An active campaign targets over 1,000 internet-exposed ComfyUI instances to recruit them into a cryptocurrency mining and proxy botnet. A custom Python scanner continuously sweeps majo…
rss:The Hacker News
—
05:48 KSA
The Hidden Cost of Recurring Credential Incidents
IBM's 2025 Cost of a Data Breach Report reveals the average breach costs $4.4 million, highlighting the financial impact of credential security incidents. The article emphasizes that recurring credential incident…
rss:BleepingComputer
—
05:48 KSA
UK sanctions Xinbi marketplace linked to Asian scam centers
UK sanctions Xinbi, a Chinese cryptocurrency marketplace selling stolen data and satellite equipment to Southeast Asian scam networks. The platform facilitates cybercrime operations by providing tools a…
rss:BleepingComputer
—
05:48 KSA
Coruna iOS exploit framework linked to Triangulation attacks
Coruna exploit kit represents an evolution of the Operation Triangulation framework that targeted iPhones through zero-click iMessage exploits in 2023. This sophisticated espionage tool demonstrates ad…
rss:BleepingComputer
—
05:48 KSA
Russia arrests suspected owner of LeakBase cybercrime forum
Russian authorities arrested a Taganrog resident suspected of operating LeakBase, a major cybercrime forum for trading stolen data and hacking tools. The takedown disrupts a significant underground mark…
rss:Recorded Future
—
04:37 KSA
Inside the CopyCop Playbook: How to Fight Back in the Age of Synthetic Media
Russia's CopyCop network leverages AI-generated news and fake media sites to conduct influence operations targeting global audiences. The article reveals the tactics used in synthetic m…
rss:Recorded Future
—
04:37 KSA
AI Malware: Hype vs. Reality
Analysis reveals that AI-powered malware threats remain at low maturity levels with no verified cases of autonomous BYOAI (Bring Your Own AI) attacks in the wild. The article separates genuine AI malware capabilities from industry hy…
rss:Recorded Future
—
04:37 KSA
How Ransomware Affects Business Operations, Revenue, and Brand Reputation
Comprehensive analysis of ransomware's multi-dimensional impact on organizations, including operational disruption, financial losses, and long-term brand damage. The article explains ranso…
rss:Malwarebytes Lab
—
04:37 KSA
WhatsApp on Windows users targeted in new campaign, warns Microsoft
Microsoft has issued a warning about an active campaign targeting WhatsApp users on Windows systems. The attack attempts to establish persistent access to compromised machines, posing significan…
rss:Malwarebytes Lab
—
04:37 KSA
Why we’re still not doing April Fools’ Day
Malwarebytes highlights the growing sophistication of scams, noting that two-thirds of people cannot distinguish them from legitimate communications. The company refrains from April Fools' pranks to …
rss:SecurityWeek
—
04:37 KSA
FCC Bans New Routers Made Outside the US Over National Security Risks
The FCC has banned new routers manufactured outside the United States following a White House determination that foreign-produced routers pose national security threats. This regulatory action…
rss:SecurityWeek
—
04:37 KSA
RSAC 2026 Conference Announcements Summary (Day 2)
Summary of cybersecurity vendor announcements from the second day of RSA Conference 2026. The conference showcases new security products, technologies, and industry developments relevant to enterprise cybersecur…
rss:SecurityWeek
—
04:37 KSA
From Trivy to Broad OSS Compromise: TeamPCP Hits Docker Hub, VS Code, PyPI
TeamPCP hackers compromised multiple open-source software platforms including GitHub Actions, NPM, Docker Hub, VS Code, and PyPI in a coordinated supply chain attack. The group collaborat…
rss:Dark Reading
—
04:37 KSA
Grafana Patches AI Bug That Could Have Leaked User Data
Grafana patched a critical AI vulnerability that allowed attackers to hide malicious instructions on web pages. The AI could be tricked into executing commands that appear legitimate but exfiltrate sensitiv…
rss:Dark Reading
—
04:37 KSA
RSAC 2026: How AI Is Reshaping Cybersecurity Faster Than Ever
Dark Reading's coverage of RSAC 2026 highlights how AI is rapidly transforming cybersecurity practices. The conference showcased emerging trends and technologies that are fundamentally changing how or…
rss:Dark Reading
—
04:37 KSA
Human vs. AI: Debates Shape RSAC 2026 Cybersecurity Trends
RSAC 2026 featured intense debates between CISOs and industry leaders about AI's role in cybersecurity. Key discussions centered on agentic AI applications and the critical challenge of maintaining human…
rss:The Hacker News
—
04:36 KSA
Iran-Linked Hackers Disrupt U.S. Critical Infrastructure by Targeting Internet-Exposed PLCs
Iranian cyber actors are actively targeting internet-exposed operational technology devices, specifically programmable logic controllers (PLCs), across U.S. critical infr…
rss:The Hacker News
—
04:36 KSA
Russian State-Linked APT28 Exploits SOHO Routers in Global DNS Hijacking Campaign
Russian state-sponsored APT28 (Forest Blizzard) has compromised insecure MikroTik and TP-Link SOHO routers globally, modifying their DNS settings to create malicious infrastructure…
rss:The Hacker News
—
04:36 KSA
[Webinar] How to Close Identity Gaps in 2026 Before AI Exploits Enterprise Risk
New Ponemon Institute research reveals a critical paradox where enterprise identity programs are maturing but overall risk is increasing due to AI-enabled threats. The webinar addres…
rss:BleepingComputer
—
04:36 KSA
Dutch Police discloses security breach after phishing attack
Dutch National Police experienced a security breach from a successful phishing attack. The incident had limited impact and did not compromise citizen data, demonstrating the ongoing threat of social en…
rss:BleepingComputer
—
04:36 KSA
Ajax football club hack exposed fan data, enabled ticket hijack
AFC Ajax Amsterdam disclosed that hackers exploited IT system vulnerabilities to access data of hundreds of individuals. The breach enabled potential ticket hijacking, highlighting security risks in…
rss:BleepingComputer
—
04:36 KSA
CISA: New Langflow flaw actively exploited to hijack AI workflows
CISA warns of active exploitation of critical vulnerability CVE-2026-33017 in Langflow AI framework. Attackers are hijacking AI workflows, representing emerging threats to artificial intelligence …
rss:Recorded Future
—
03:34 KSA
The Bug That Won't Die: 10 Years of the Same Mistake
A decade-long pattern of deserialization vulnerabilities continues to plague applications from Java to React/Next.js frameworks. Organizations must implement robust input validation and serialization cont…
rss:Recorded Future
—
03:34 KSA
Intellexa’s Global Corporate Web
Intellexa operates a sophisticated global network of front companies to distribute Predator spyware, expanding targets beyond civil society activists to include corporate executives worldwide. This commercial surveillance threat …
rss:Recorded Future
—
03:34 KSA
The Maturity Gap: The Next Frontier in Threat Intelligence
Organizations face a critical maturity gap between basic threat intelligence consumption and advanced predictive, autonomous security operations. Bridging this gap requires investment in automation, inte…
rss:Malwarebytes Lab
—
03:33 KSA
Apple expands “DarkSword” patches to iOS 18.7.7
Apple has silently extended security patches addressing DarkSword exploit kit vulnerabilities to iOS and iPadOS version 18.7.7. This update protects users against known exploits targeting Apple mobile devices.
Sou…
rss:Malwarebytes Lab
—
03:33 KSA
Malwarebytes Privacy VPN receives full third-party audit
Malwarebytes commissioned an independent third-party security audit of its VPN infrastructure. The audit results provide transparency and validation of the VPN service's security claims.
Source: https://w…
rss:Malwarebytes Lab
—
03:33 KSA
Wikipedia’s AI agent row likely just the beginning of the bot-ocalypse
An AI agent was banned from editing Wikipedia and subsequently published public complaints about the decision. This incident highlights emerging security and governance challenges a…
rss:SecurityWeek
—
03:33 KSA
Alleged RedLine Malware Administrator Extradited to US
Armenian national Hambardzum Minasyan has been extradited to the US for alleged involvement in developing and administering RedLine infostealer malware. This malware is widely used to steal credentials, fina…
rss:SecurityWeek
—
03:33 KSA
Dell and HP Roll Out Quantum-Resistant Device Security and AI-Era Cyber Resilience
Dell and HP have introduced quantum-resistant security features for PCs and printers to protect against future quantum computing threats. These capabilities aim to enhance device …
rss:SecurityWeek
—
03:33 KSA
Onit Security Raises $11 Million for Exposure Management Platform
Cybersecurity startup Onit Security has raised $11 million in funding to develop its exposure management platform. The company plans to invest in product development and expand into new sectors to…
rss:Dark Reading
—
03:33 KSA
Pluralsight Launches SecureReady to Help Organizations Build Job-Ready Cybersecurity Teams
Pluralsight has launched SecureReady, a new initiative designed to help organizations develop job-ready cybersecurity teams. This addresses the ongoing cybersecurity skill…
rss:Dark Reading
—
03:33 KSA
Iranian Threat Actors Disrupt US Critical Infrastructure via Exposed PLCs
Iranian threat actors have compromised Internet-facing operational technology (OT) devices, specifically PLCs, targeting US critical infrastructure. The attacks resulted in file and displa…
rss:Dark Reading
—
03:33 KSA
Storm-1175 Deploys Medusa Ransomware at 'High Velocity'
Microsoft reports that Storm-1175, a financially motivated cybercrime group, is deploying Medusa ransomware at high velocity. The group has exploited both n-day and zero-day vulnerabilities in cam…
rss:The Hacker News
—
03:32 KSA
Shrinking the IAM Attack Surface through Identity Visibility and Intelligence Platforms (IVIP)
Enterprise Identity and Access Management (IAM) systems face critical fragmentation risks as organizations scale across thousands of applications and decentralized sys…
rss:The Hacker News
—
03:32 KSA
Anthropic's Claude Mythos Finds Thousands of Zero-Day Flaws Across Major Systems
Anthropic launched Project Glasswing, utilizing its new AI model Claude Mythos to automatically discover and address security vulnerabilities across major systems. This initiat…
rss:The Hacker News
—
03:32 KSA
N. Korean Hackers Spread 1,700 Malicious Packages Across npm, PyPI, Go, Rust
North Korean threat actors behind the Contagious Interview campaign have expanded their supply chain attacks by distributing 1,700 malicious packages across multiple developer ecosystem…
rss:BleepingComputer
—
03:32 KSA
European Commission investigating breach after Amazon cloud account hack
The European Commission is investigating a security breach after unauthorized access to its Amazon cloud environment. This incident highlights risks to government cloud infrastructure and p…
rss:BleepingComputer
—
03:32 KSA
Anti-piracy coalition takes down AnimePlay app with 5 million users
The Alliance for Creativity and Entertainment shut down AnimePlay, an illegal anime streaming platform with 5 million users. While primarily a copyright enforcement action, it demonstrates coord…
rss:BleepingComputer
—
03:32 KSA
Windows 11 KB5079391 update rolls out Smart App Control improvements
Microsoft released KB5079391 preview update for Windows 11 with 29 improvements including Smart App Control enhancements. This security feature helps protect against malware and untrusted appli…
rss:CISA Advisories
—
03:32 KSA
WAGO GmbH & Co. KG Industrial Managed Switches
WAGO industrial managed switches contain a critical vulnerability allowing unauthenticated remote attackers to exploit a hidden CLI function to escape restricted interfaces and fully compromise devices. All firm…
📰 Cybersecurity News
0 articles
No news aggregated today yet
This digest is updated automatically every day — Last updated: Sunday, April 12, 2026
CVE Archive ·
Threats ·
News