Qilin
You must login to view this content
Aggregator
SEO Poisoning Campaign Impersonates 25+ Popular Apps to Deliver AsyncRAT Since October 2025
1 day 3 hours ago
A sophisticated SEO poisoning campaign has been quietly targeting Windows users since at least October 2025, luring them into downloading trojanized installers for more than 25 popular software applications. The operation went undetected for roughly five months before investigators uncovered its full scope in March 2026, revealing a multi-stage infection chain that silently compromises victims’ […]
The post SEO Poisoning Campaign Impersonates 25+ Popular Apps to Deliver AsyncRAT Since October 2025 appeared first on Cyber Security News.
Tushar Subhra Dutta
Critical QNAP QVR Pro Vulnerability Let Remote Attackers Gain Access to the System
1 day 3 hours ago
QNAP has released a critical security advisory addressing a severe vulnerability in its QVR Pro surveillance software. Tracked as CVE-2026-22898, this flaw allows remote, unauthenticated attackers to gain unauthorized access to affected systems. Users relying on QVR Pro 2.7. x must immediately apply the latest patches to secure their network-attached storage environments against potential intrusions. […]
The post Critical QNAP QVR Pro Vulnerability Let Remote Attackers Gain Access to the System appeared first on Cyber Security News.
Abinaya
CVE-2026-30007 | XnSoft NConvert 7.230 use after free (EUVD-2026-14469)
1 day 3 hours ago
A vulnerability has been found in XnSoft NConvert 7.230 and classified as critical. Affected by this issue is some unknown functionality. Performing a manipulation results in use after free.
This vulnerability is identified as CVE-2026-30007. The attack is only possible with local access. There is not any exploit available.
vuldb.com
CVE-2026-33502 | WWBN AVideo up to 26.0 HTTP Request plugin/Live/test.php server-side request forgery (GHSA-3fpm-8rjr-v5mc / EUVD-2026-13916)
1 day 3 hours ago
A vulnerability, which was classified as critical, was found in WWBN AVideo up to 26.0. Affected by this vulnerability is an unknown functionality of the file plugin/Live/test.php of the component HTTP Request Handler. Such manipulation leads to server-side request forgery.
This vulnerability is referenced as CVE-2026-33502. It is possible to launch the attack remotely. No exploit is available.
It is best practice to apply a patch to resolve this issue.
vuldb.com
CVE-2026-30006 | XnSoft NConvert 7.230 stack-based overflow (EUVD-2026-14467)
1 day 3 hours ago
A vulnerability, which was classified as critical, has been found in XnSoft NConvert 7.230. Affected is an unknown function. This manipulation causes stack-based buffer overflow.
The identification of this vulnerability is CVE-2026-30006. The attack can only be executed locally. There is no exploit available.
vuldb.com
CVE-2026-33507 | WWBN AVideo up to 26.0 ZIP File Parser pluginImport.json.php cross-site request forgery (GHSA-hv36-p4w4-6vmj / EUVD-2026-13916)
1 day 3 hours ago
A vulnerability classified as problematic was found in WWBN AVideo up to 26.0. This impacts an unknown function of the file objects/pluginImport.json.php of the component ZIP File Parser. The manipulation results in cross-site request forgery.
This vulnerability was named CVE-2026-33507. The attack may be performed from remote. There is no available exploit.
It is advisable to implement a patch to correct this issue.
vuldb.com
Trivy supply-chain attack spreads to Docker, GitHub repos
1 day 3 hours ago
The TeamPCP hackers behind the Trivy supply-chain attack continued to target Aqua Security, pushing malicious Docker images and hijacking the company's GitHub organization to tamper with dozens of repositories. [...]
Bill Toulas
Диоды — всё? Китайские ученые использовали экзотический металл, чтобы создать супер-антенну, которой не нужен кремний
1 day 3 hours ago
Разработка Китайской академии наук показала широкую полосу, низкое энергопотребление и стабильную работу там, где тепловой шум обычно рушит чувствительность.
Critical NetScaler ADC and Gateway Vulnerabilities Enable Remote Attacks on Affected Systems
1 day 3 hours ago
Cloud Software Group has released urgent security patches for NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway), addressing two significant vulnerabilities that could allow unauthenticated remote attackers to compromise affected systems. Organizations running customer-managed deployments are strongly urged to apply the updates immediately. CVE-2026-3055: Critical Out-of-Bounds Read via SAML IDP The more […]
The post Critical NetScaler ADC and Gateway Vulnerabilities Enable Remote Attacks on Affected Systems appeared first on Cyber Security News.
Guru Baran
An AI-powered phishing campaign has compromised hundreds of organizations
1 day 3 hours ago
Huntress researchers said it’s likely the victims they've identified represent just a fraction of compromised organizations worldwide.
The post An AI-powered phishing campaign has compromised hundreds of organizations appeared first on CyberScoop.
djohnson
Physical Bitcoin Attacks: A Comprehensive Database of Known Physical Attacks Against Bitcoin and Crypto Asset Holders Occurring in Meatspace
1 day 3 hours ago
A comprehensive database of known physical attacks against Bitcoin and crypto asset holders occurring in meatspace.
Dark Web Informer
Langflow CSV Agent 远程代码执行漏洞(CVE-2026-27966)代码层面深度分析
1 day 3 hours ago
Langflow CSV Agent 远程代码执行漏洞(CVE-2026-27966)代码层面深度分析
CVE-2026-33500 | WWBN AVideo up to 26.0 Markdown Link inlineLink cross site scripting (EUVD-2026-13916)
1 day 4 hours ago
A vulnerability classified as problematic has been found in WWBN AVideo up to 26.0. This affects the function inlineLink of the component Markdown Link Handler. The manipulation leads to cross site scripting.
This vulnerability is uniquely identified as CVE-2026-33500. The attack is possible to be carried out remotely. No exploit exists.
To fix this issue, it is recommended to deploy a patch.
vuldb.com
CVE-2026-26828 | owntone-server up to 3d1652d DAAP src/httpd_daap.c daap_reply_playlists null pointer dereference (EUVD-2026-14463)
1 day 4 hours ago
A vulnerability described as problematic has been identified in owntone-server up to 3d1652d. The impacted element is the function daap_reply_playlists of the file src/httpd_daap.c of the component DAAP Handler. Executing a manipulation can lead to null pointer dereference.
This vulnerability is handled as CVE-2026-26828. The attack can be executed remotely. There is not any exploit available.
vuldb.com
CVE-2026-24516 | DigitalOcean Droplet Agent up to 1.3.2 Metadata Service Endpoint actioner.go command injection (EUVD-2026-14461)
1 day 4 hours ago
A vulnerability marked as critical has been reported in DigitalOcean Droplet Agent up to 1.3.2. The affected element is an unknown function of the file internal/troubleshooting/actioner/actioner.go of the component Metadata Service Endpoint. Performing a manipulation results in command injection.
This vulnerability is known as CVE-2026-24516. Remote exploitation of the attack is possible. No exploit is available.
vuldb.com
CVE-2026-26829 | owntone-server up to c4d57aa src/misc.c safe_atou64 null pointer dereference (EUVD-2026-14465)
1 day 4 hours ago
A vulnerability labeled as problematic has been found in owntone-server up to c4d57aa. Impacted is the function safe_atou64 of the file src/misc.c. Such manipulation leads to null pointer dereference.
This vulnerability is traded as CVE-2026-26829. The attack may be launched remotely. There is no exploit available.
vuldb.com
CVE-2026-33501 | WWBN AVideo up to 26.0 list.json.php User::isAdmin authorization (EUVD-2026-13917)
1 day 4 hours ago
A vulnerability identified as problematic has been detected in WWBN AVideo up to 26.0. This issue affects the function User::isAdmin of the file plugin/Permissions/View/Users_groups_permissions/list.json.php. This manipulation causes missing authorization.
This vulnerability appears as CVE-2026-33501. The attack may be initiated remotely. There is no available exploit.
It is recommended to apply a patch to fix this issue.
vuldb.com
CVE-2026-33499 | WWBN AVideo up to 26.0 Parameter view/forbiddenPage.php unlockPassword cross site scripting
1 day 4 hours ago
A vulnerability categorized as problematic has been discovered in WWBN AVideo up to 26.0. This vulnerability affects unknown code of the file view/forbiddenPage.php of the component Parameter Handler. The manipulation of the argument unlockPassword results in cross site scripting.
This vulnerability is reported as CVE-2026-33499. The attack can be launched remotely. No exploit exists.
It is best practice to apply a patch to resolve this issue.
vuldb.com
Интернет по талонам. Как работает система «белых списков» для избранных
1 day 4 hours ago
Рассказываем, во сколько теперь обходится минута связи в Тегеране.