Aggregator

A vulnerability was found in TotalSuite TotalContest Lite Plugin up to 2.9.1 on WordPress. It has been rated as problematic. The impacted element is an unknown function. This manipulation causes deserialization. This vulnerability is handled as CVE-2026-0677. The attack can be initiated remotely. There is not any exploit available.

A vulnerability was found in blakeblackshear frigate up to 0.16.x. It has been declared as critical. The affected element is an unknown function of the file /users/{username}/password of the component Password Reset Handler. The manipulation results in improper authentication. This vulnerability is known as CVE-2026-33124. It is possible to launch the attack remotely. No exploit is available. It is recommended to upgrade the affected component.

A vulnerability was found in blakeblackshear frigate up to 0.16.2. It has been classified as critical. Impacted is an unknown function. The manipulation leads to improper authorization. This vulnerability is traded as CVE-2026-33125. It is possible to initiate the attack remotely. There is no exploit available. Upgrading the affected component is recommended.

A vulnerability was found in PinchTab up to 0.8.2 and classified as critical. This issue affects the function validateDownloadURL of the file /download of the component Internal Service. Executing a manipulation can lead to server-side request forgery. This vulnerability appears as CVE-2026-33081. The attack may be performed from remote. There is no available exploit. It is suggested to upgrade the affected component.

A vulnerability has been found in h3js h3 up to 1.15.5 and classified as problematic. This vulnerability affects the function formatEventStreamMessage of the component SSE Message Handler. Performing a manipulation of the argument id/event/data/comment results in crlf injection. This vulnerability is reported as CVE-2026-33128. The attack is possible to be carried out remotely. No exploit exists. The affected component should be upgraded.

关注高级攻防对抗技术热点，研究对手技术进行高级威胁模拟，研判攻击安全发展方向。

A vulnerability, which was classified as problematic, was found in py-pdf pypdf up to 6.9.0. This affects an unknown part of the component PDF Handler. Such manipulation leads to resource consumption. This vulnerability is documented as CVE-2026-33123. The attack can be executed remotely. There is not any exploit available. You should upgrade the affected component.

What you do – and how fast – after an account is compromised often matters more than it may seem

Artificial Intelligence (AI) is changing how individuals and organizations conduct many activities, including how cybercriminals carry out phishing attacks and iterate on malware. Now, cybercriminals are using AI to generate personalized phishing emails, deepfakes and malware that evade traditional detection by impersonating normal user activity and bypassing legacy security models. As a result,

从0到1开发x32/x64Dbg插件，搞定高版本VMP

后门可窃取短信、录音、钥匙串、健康数据。苹果已修复，请速更至iOS 26.3或开启锁定模式。

文末投递简历

看雪论坛作者ID：执着的猫

We’re thrilled to announce that ANY.RUN has once again been recognized in IT-Harvest’s 2026 Cyber 150, a list of the fastest-growing cybersecurity companies. Receiving this recognition for the second year in a row makes this moment especially meaningful and reflects the strong progress our company made over the past year.  It also points to a broader shift in the market. […]

The post ANY.RUN Enters IT-Harvest’s 2026 Cyber 150 for Fast Growth and Industry Impact  appeared first on ANY.RUN's Cybersecurity Blog.

根据发表在《PNAS Nexus》上的一项考古学研究，北美居民大约是在 1400 年前开始用弓箭取代飞镖和投矛器。在南部区域弓箭几乎是立即被接受，北部区域的接受度比较慢，一开始是将弓箭作为现有工具的补充，花了千年时间才淘汰飞镖和投矛器。弓箭在精度、射程、速度、射击频率等方面都强于飞镖和投矛器，但制造和维护成本更高，且需要双手操作，无法同时持盾，但其优点大于缺点而获得广泛使用。弓箭由有机材料制成，没有石器、骨器或金属工具那样容易保存，因此确定其出现时间和流行时间比较困难。

分享一篇文章。

2026年3月20日，深瞳漏洞实验室监测到一则Langflow组件存在任意文件创建漏洞的信息，漏洞编号：CVE-2026-33309，漏洞威胁等级：高危。

The National Crime Agency’s director general warns that technology is rapidly reshaping crime

ConnectWise has patched a critical vulnerability (CVE-2026-3564) that could enable attackers to hijack ScreenConnect sessions by abusing ASP.NET machine keys to forge trusted authentication. About CVE-2026-3564 The ScreenConnect remote access platform is popular with managed service providers, IT departments, and technology solution providers. They can opt for the cloud-hosted version or can deploy it on their own servers or in their private cloud. CVE-2026-3564 stems from improper verification of cryptographic signature, can be exploited remotely … More →

The post Unpatched ScreenConnect servers open to attack (CVE-2026-3564) appeared first on Help Net Security.