Aggregator

Beyond the Zero-Day: See Your Network Like an Attacker | Webinar with HD Moore

The Hackers News
1 week 3 days ago
Assume the breach. Zero-days keep shipping, AI is writing exploits faster than anyone patches, and "patch everything in time" stopped working years ago. Stop betting the org on winning that race. You don't control which bug lands. You control what it can reach once it does. That is a question about the shape of your network, and most teams have the shape wrong. HD Moore, creator of Metasploit
The Hacker News

Microsoft 365 Android Apps Let Any App Steal Account Tokens via Leftover Debug Flag

The Hackers News
1 week 3 days ago
A development flag left switched on in production builds of several Microsoft 365 Android apps disabled the check that limits account-token sharing to trusted Microsoft apps. Any other app on the same phone could ask for the signed-in user's token and get it, then read email, open files, browse the calendar, and send messages as that user. No password, no login screen, no permission prompt.
The Hacker News

Hackers Use Fake Purchase Orders to Deploy JS.MonoGlyphRAT Targeting US Enterprises

Cyber Security News
1 week 3 days ago

A stealthy new threat is quietly making its way through US businesses, and most traditional security tools are completely missing it. Researchers have uncovered a previously unknown piece of malware that disguises itself as an everyday business document — a purchase order, a quote, or a request for proposal. Once an unsuspecting employee opens the […]

The post Hackers Use Fake Purchase Orders to Deploy JS.MonoGlyphRAT Targeting US Enterprises appeared first on Cyber Security News.

Tushar Subhra Dutta

CVE-2026-47324 | ProjectsAndPrograms school-management-system cross site scripting (6b6fae5)

VulDB Recent Entries
1 week 3 days ago
A vulnerability was found in ProjectsAndPrograms school-management-system and classified as problematic. This affects an unknown function. Executing a manipulation can lead to cross site scripting. The identification of this vulnerability is CVE-2026-47324. The attack may be launched remotely. There is no exploit available. It is best practice to apply a patch to resolve this issue.
vuldb.com

CVE-2026-44546 | djangoproject daphne up to 4.2.1 Websocket Handshake splitlines request smuggling

VulDB Recent Entries
1 week 3 days ago
A vulnerability has been found in djangoproject daphne up to 4.2.1 and classified as problematic. The impacted element is the function splitlines of the component Websocket Handshake Handler. Performing a manipulation results in http request smuggling. This vulnerability was named CVE-2026-44546. The attack may be initiated remotely. There is no available exploit. The affected component should be upgraded.
vuldb.com

CVE-2026-37460 | FRRouting FRR 10.0/10.6 BGP rfapi_rib.c rfapiRibBi2Ri denial of service (EUVD-2026-34083)

VulDB Recent Entries
1 week 3 days ago
A vulnerability, which was classified as problematic, was found in FRRouting FRR 10.0/10.6. The affected element is the function rfapiRibBi2Ri of the file rfapi_rib.c of the component BGP Handler. Such manipulation leads to denial of service. This vulnerability is uniquely identified as CVE-2026-37460. The attack can be launched remotely. No exploit exists. It is advisable to implement a patch to correct this issue.
vuldb.com

Managed ad