Aggregator
Americans sentenced for running 'laptop farms' for North Korea
1 month 2 weeks ago
Two U.S. nationals were sentenced to 18 months in prison each for operating so-called laptop farms that helped North Korean IT workers fraudulently obtain remote employment at nearly 70 American companies. [...]
Sergiu Gatlan
CMD
1 month 2 weeks ago
You must login to view this content
cohenido
PAN-OS RCE Exploit Under Active Use Enabling Root Access and Espionage
1 month 2 weeks ago
Palo Alto Networks has disclosed that threat actors may have attempted to unsuccessfully exploit a recently disclosed critical security flaw as early as April 9, 2026.
The vulnerability in question is CVE-2026-0300 (CVSS score: 9.3/8.7), a buffer overflow vulnerability in the User-ID Authentication Portal service of Palo Alto Networks PAN-OS software that could allow an unauthenticated attacker
The Hacker News
Касперский: 20% паролей длиной 15 символов могут быть взломаны менее чем за минуту
1 month 2 weeks ago
Пользователи продолжают собирать пароли из самых очевидных слов
CVE-2026-8094 | Mozilla Firefox up to 140.10.1 WebRTC Remote Code Execution
1 month 2 weeks ago
A vulnerability classified as critical has been found in Mozilla Firefox up to 140.10.1. Affected by this issue is some unknown functionality of the component WebRTC. Performing a manipulation results in Remote Code Execution.
This vulnerability is reported as CVE-2026-8094. The attack is possible to be carried out remotely. No exploit exists.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2026-8091 | Mozilla Firefox up to 115.35.1/140.10.1 Playback memory corruption
1 month 2 weeks ago
A vulnerability described as critical has been identified in Mozilla Firefox up to 115.35.1/140.10.1. Affected by this vulnerability is an unknown functionality of the component Playback Component. Such manipulation leads to memory corruption.
This vulnerability is documented as CVE-2026-8091. The attack can be executed remotely. There is not any exploit available.
Upgrading the affected component is recommended.
vuldb.com
CVE-2026-8090 | Mozilla Firefox up to 115.35.1/140.10.1/150.0.1 Networking use after free
1 month 2 weeks ago
A vulnerability marked as critical has been reported in Mozilla Firefox up to 115.35.1/140.10.1/150.0.1. Affected is an unknown function of the component Networking. This manipulation causes use after free.
This vulnerability is registered as CVE-2026-8090. Remote exploitation of the attack is possible. No exploit is available.
It is suggested to upgrade the affected component.
vuldb.com
CVE-2026-6002 | DivvyDrive 4.8.2.15 cross site scripting
1 month 2 weeks ago
A vulnerability labeled as problematic has been found in DivvyDrive 4.8.2.15. This impacts an unknown function. The manipulation results in basic cross site scripting.
This vulnerability is cataloged as CVE-2026-6002. The attack may be launched remotely. There is no exploit available.
The affected component should be upgraded.
vuldb.com
CVE-2026-5784 | DivvyDrive 4.8.2.15 cross site scripting
1 month 2 weeks ago
A vulnerability identified as problematic has been detected in DivvyDrive 4.8.2.15. This affects an unknown function. The manipulation leads to cross site scripting.
This vulnerability is listed as CVE-2026-5784. The attack may be initiated remotely. There is no available exploit.
You should upgrade the affected component.
vuldb.com
CVE-2026-5791 | DivvyDrive 4.8.2.15 cross-site request forgery
1 month 2 weeks ago
A vulnerability categorized as problematic has been discovered in DivvyDrive 4.8.2.15. The impacted element is an unknown function. Executing a manipulation can lead to cross-site request forgery.
This vulnerability is tracked as CVE-2026-5791. The attack can be launched remotely. No exploit exists.
It is advisable to upgrade the affected component.
vuldb.com
CVE-2026-8093 | Mozilla Firefox up to 150.0.1 memory corruption
1 month 2 weeks ago
A vulnerability was found in Mozilla Firefox up to 150.0.1. It has been rated as critical. The affected element is an unknown function. Performing a manipulation results in memory corruption.
This vulnerability is identified as CVE-2026-8093. The attack can be initiated remotely. There is not any exploit available.
Upgrading the affected component is advised.
vuldb.com
CVE-2026-8098 | code-projects Feedback System 1.0 /admin/checklogin.php email sql injection
1 month 2 weeks ago
A vulnerability was found in code-projects Feedback System 1.0. It has been declared as critical. Impacted is an unknown function of the file /admin/checklogin.php. Such manipulation of the argument email leads to sql injection.
This vulnerability is referenced as CVE-2026-8098. It is possible to launch the attack remotely. Furthermore, an exploit is available.
vuldb.com
CVE-2026-8092 | Mozilla Firefox up to 115.35.1 memory corruption
1 month 2 weeks ago
A vulnerability was found in Mozilla Firefox up to 115.35.1. It has been classified as critical. This issue affects some unknown processing. This manipulation causes memory corruption.
The identification of this vulnerability is CVE-2026-8092. It is possible to initiate the attack remotely. There is no exploit available.
Upgrading the affected component is recommended.
vuldb.com
CVE-2026-8097 | CodeAstro Online Classroom 1.0 /askquery.php squeryx sql injection
1 month 2 weeks ago
A vulnerability was found in CodeAstro Online Classroom 1.0 and classified as critical. This vulnerability affects unknown code of the file /askquery.php. The manipulation of the argument squeryx results in sql injection.
This vulnerability was named CVE-2026-8097. The attack may be performed from remote. In addition, an exploit is available.
vuldb.com
Submit #808126: code-projects FEEDBACK SYSTEM V1.0 SQL Injection [Accepted]
1 month 2 weeks ago
Submit #808126 / VDB-361851
n0name
Submit #808115: codeastro Online Classroom V1.0 SQL Injection [Accepted]
1 month 2 weeks ago
Submit #808115 / VDB-361849
Kun Liang
Fake Claude AI Site Drops Beagle Backdoor on Windows Users
1 month 2 weeks ago
Sophos finds fake Claude site spreading DonutLoader and a new Beagle backdoor via DLL sideloading
One keypress is all it takes to compromise four AI coding tools
1 month 2 weeks ago
Developers clone unfamiliar repositories all the time. Open-source projects, work from teammates, sample code from a tutorial, a library someone recommended on a forum. The convention is old and reasonable: you look at what’s inside before you run it. AI coding assistants that work from the command line have inherited that convention, and a new piece of research from Adversa AI shows where the convention breaks. The research, called TrustFall, covers four agentic coding tools: … More →
The post One keypress is all it takes to compromise four AI coding tools appeared first on Help Net Security.
Mirko Zorz
Hackers Using Fake Claude AI Installer Pages to Trick Users Into Running Malware on Their Systems
1 month 2 weeks ago
Hackers are using convincing fake pages for Claude AI to trick users into running malware on their own systems. The campaign, known as “InstallFix” or the Fake Claude Installer threat, marks a sharp shift in how cybercriminals exploit the trust people place in artificial intelligence tools. Instead of targeting software vulnerabilities, these attackers are targeting […]
The post Hackers Using Fake Claude AI Installer Pages to Trick Users Into Running Malware on Their Systems appeared first on Cyber Security News.
Tushar Subhra Dutta