Aggregator

Submit #773891 / VDB-352070

A vulnerability labeled as critical has been found in SysAK up to 2.0. This affects an unknown part. The manipulation results in command injection. This vulnerability was named CVE-2024-44722. The attack may be performed from remote. There is no available exploit.

Geopolitical tensions are driving destructive cyberattacks designed to disrupt operations, not demand ransom. CISOs must limit lateral movement and contain breaches to reduce the impact of wiper campaigns. [...]

A vulnerability identified as problematic has been detected in Gainsight Assist. Affected by this issue is some unknown functionality of the component Parameters Handler. The manipulation of the argument error_description leads to cross site scripting. This vulnerability is uniquely identified as CVE-2026-31382. The attack is possible to be carried out remotely. No exploit exists.

A vulnerability categorized as problematic has been discovered in Gainsight Assist. Affected by this vulnerability is an unknown functionality of the component OAuth Call Handler. Executing a manipulation of the argument state can lead to use of get request method with sensitive query strings. This vulnerability is handled as CVE-2026-31381. The attack can be executed remotely. There is not any exploit available.

A vulnerability was found in Devolutions Server up to 2026.0. It has been rated as critical. Affected is an unknown function of the component TLS Certificate Verification. Performing a manipulation results in improper certificate validation. This vulnerability is known as CVE-2026-4434. Remote exploitation of the attack is possible. No exploit is available. Upgrading the affected component is advised.

Michael Smith, 54, admitted to inflating streaming numbers for hundreds of thousands of AI-generated songs by deploying thousands of fake accounts across major platforms, including Amazon Music, Apple Music, Spotify and YouTube Music.

A new Android banking trojan named Perseus has emerged in the wild, representing the next step in the ongoing evolution of mobile malware. Built on the leaked source code of Cerberus and drawing directly from the Phoenix codebase, Perseus refines and extends the capabilities of its predecessors. It combines credential theft, real-time device monitoring, and […]

The post Perseus Android Malware Steals User Notes and Enables Full Device Takeover appeared first on Cyber Security News.

Мышцы были слабые, вялые, бесполезные — пока им не устроили спарринг прямо в чашке Петри.

Cybersecurity researchers at Sublime Security have discovered a new scam that uses realistic, interactive JavaScript-based Zoom meeting invites to trick users into installing malware.

A critical vulnerability (CVE-2026-20131) in Cisco Secure Firewall Management Center (FMC) that Cisco disclosed and patched in early March 2026 has been exploited as a zero-day by the Interlock ransomware gang, Amazon CISO and VP of Security Engineering CJ Moses revealed. “Our research [using Amazon’s MadPot system of honeypots] found that Interlock was exploiting this vulnerability 36 days before its public disclosure, beginning January 26, 2026,” he said on Wednesday. CVE-2026-20131 exploited as zero-day for … More →

The post Cisco FMC flaw was exploited by Interlock weeks before patch (CVE-2026-20131) appeared first on Help Net Security.

By 2026, CSPM has evolved from a basic auditor into an AI-driven, context-aware pillar of CNAPP. Explore how modern Cloud Security Posture Management integrates with DevOps, utilizes "Security as Code," and automates remediation across AWS, Azure, and GCP to eliminate multi-cloud misconfigurations before they reach production.

The post Cloud Security Posture Management in 2026  appeared first on Security Boulevard.

The fraud rarely announces itself. It begins with a friendly message on social media, a wrong-number text that turns into a conversation, or a romantic connection that slowly builds over weeks. For tens of thousands of Americans, those innocent interactions have ended in financial ruin — savings wiped out, retirement funds emptied, and assets scattered […]

The post FBI, Thai Partners Target Southeast Asia Scam Centers Behind Cyber Fraud on Americans appeared first on Cyber Security News.

Найти выход из этого технологического тупика почти невозможно.

Interpol disrupts cybercrime networks, DarkSword steals iOS personal data, and Interlock exploits Cisco 0-day to breach enterprise firewalls.

The second half of 2025 marked a pivotal shift in the world of distributed denial-of-service (DDoS) attacks. Organizations across the globe faced a perfect storm: Artificial intelligence (AI) matured as an offensive weapon, botnet infrastructure reached new heights with multiterabit attack capacity, and DDoS-for-hire...

The ransomware gang, known for double-extortion attacks, had access to a critical Cisco firewall vulnerability weeks before it was publicly disclosed.

A New Class of Attack: No Malware, No Zero-Days, No Warning In early 2026, a pattern of attacks emerged that […]

The post Your Endpoint Management Platform Is the New Battleground appeared first on HawkEye.

A vulnerability was found in bagofwords1 bagofwords up to 0.0.297. It has been declared as critical. This impacts the function generate_df of the file backend/app/ai/code_execution/code_execution.py. Such manipulation leads to injection. This vulnerability is traded as CVE-2026-4500. The attack may be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.