Aggregator

The Aisuru, Kimwolf, JackSkid and Mossad botnets enabled cybercriminals to initiate thousands of attacks. A crackdown targeting large-scale botnets continues amid growing challenges.

The post Justice Department disrupts botnet networks that hijacked 3 million devices appeared first on CyberScoop.

A vulnerability classified as critical was found in Mindinventory MindSQL up to 0.2.1. The affected element is the function ask_db of the file mindsql/core/mindsql_core.py. Executing a manipulation can lead to sql injection. This vulnerability is tracked as CVE-2026-4507. The attack can be launched remotely. Moreover, an exploit is present. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability classified as critical has been found in Mindinventory MindSQL up to 0.2.1. Impacted is the function ask_db of the file mindsql/core/mindsql_core.py. Performing a manipulation results in code injection. This vulnerability is identified as CVE-2026-4506. The attack can be initiated remotely. Additionally, an exploit exists. The vendor was contacted early about this disclosure but did not respond in any way.

Submit #773899 / VDB-352073

Submit #773898 / VDB-352072

A vulnerability described as critical has been identified in eosphoros-ai DB-GPT up to 0.7.5. This issue affects the function module_plugin.refresh_plugins of the file packages/dbgpt-serve/src/dbgpt_serve/agent/hub/controller.py of the component FastAPI Endpoint. Such manipulation leads to unrestricted upload. This vulnerability is referenced as CVE-2026-4505. It is possible to launch the attack remotely. Furthermore, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability marked as critical has been reported in eosphoros-ai db-gpt up to 0.7.5. This vulnerability affects unknown code of the file /api/v1/editor/ of the component Incomplete Fix. This manipulation causes sql injection. The identification of this vulnerability is CVE-2026-4504. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

WebP boosts performance raises compatibility issues, making image format conversion to PNG essential for secure, flexible, and efficient web workflows today.

Семь причин, по которым стоит вернуться на Firefox этой весной.

Submit #773897 / VDB-352071

Submit #773891 / VDB-352070

A vulnerability labeled as critical has been found in SysAK up to 2.0. This affects an unknown part. The manipulation results in command injection. This vulnerability was named CVE-2024-44722. The attack may be performed from remote. There is no available exploit.

Geopolitical tensions are driving destructive cyberattacks designed to disrupt operations, not demand ransom. CISOs must limit lateral movement and contain breaches to reduce the impact of wiper campaigns. [...]

A vulnerability identified as problematic has been detected in Gainsight Assist. Affected by this issue is some unknown functionality of the component Parameters Handler. The manipulation of the argument error_description leads to cross site scripting. This vulnerability is uniquely identified as CVE-2026-31382. The attack is possible to be carried out remotely. No exploit exists.

A vulnerability categorized as problematic has been discovered in Gainsight Assist. Affected by this vulnerability is an unknown functionality of the component OAuth Call Handler. Executing a manipulation of the argument state can lead to use of get request method with sensitive query strings. This vulnerability is handled as CVE-2026-31381. The attack can be executed remotely. There is not any exploit available.

A vulnerability was found in Devolutions Server up to 2026.0. It has been rated as critical. Affected is an unknown function of the component TLS Certificate Verification. Performing a manipulation results in improper certificate validation. This vulnerability is known as CVE-2026-4434. Remote exploitation of the attack is possible. No exploit is available. Upgrading the affected component is advised.

Michael Smith, 54, admitted to inflating streaming numbers for hundreds of thousands of AI-generated songs by deploying thousands of fake accounts across major platforms, including Amazon Music, Apple Music, Spotify and YouTube Music.