Aggregator

CVE-2026-21570 | Atlassian Bamboo Data Center up to 9.6.23/10.2.15/12.1.2 privilege escalation

VulDB Recent Entries
1 week 6 days ago
A vulnerability identified as critical has been detected in Atlassian Bamboo Data Center up to 9.6.23/10.2.15/12.1.2. This affects an unknown function. Performing a manipulation results in privilege escalation. This vulnerability is identified as CVE-2026-21570. The attack can be initiated remotely. There is not any exploit available. You should upgrade the affected component.
vuldb.com

CVE-2026-4354 | TRENDnet TEW-824DRU 1.010B01/1.04B01 Web Interface apply_sec.cgi sub_420A78 Language cross site scripting

VulDB Recent Entries
1 week 6 days ago
A vulnerability categorized as problematic has been discovered in TRENDnet TEW-824DRU 1.010B01/1.04B01. The impacted element is the function sub_420A78 of the file apply_sec.cgi of the component Web Interface. Such manipulation of the argument Language leads to cross site scripting. This vulnerability is referenced as CVE-2026-4354. It is possible to launch the attack remotely. Furthermore, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

Iranian Cyber Ops Maintain US Network Footholds, Target Cameras for Regional Surveillance

Cyber Security News
1 week 6 days ago

Iran’s cyber operations took a sharp turn in early 2026, with state-linked threat actors quietly embedding themselves inside US and Canadian networks while also targeting internet-connected surveillance cameras across the Middle East for battlefield intelligence. The Iranian APT group MuddyWater, tied to Iran’s Ministry of Intelligence and Security (MOIS), maintained unauthorized access to multiple American […]

The post Iranian Cyber Ops Maintain US Network Footholds, Target Cameras for Regional Surveillance appeared first on Cyber Security News.

Tushar Subhra Dutta

Google Warns Ransomware Actors Are Shifting Tactics as Profits Fall and Data Theft Rises

Cyber Security News
1 week 6 days ago

The ransomware threat landscape entered a new phase in 2025. Once a highly reliable criminal business model built on encrypting victim files and collecting ransom payments, it is now under significant financial pressure. Ransom payment rates have hit historic lows, average demands have dropped sharply, and organizations are recovering from attacks more effectively than in […]

The post Google Warns Ransomware Actors Are Shifting Tactics as Profits Fall and Data Theft Rises appeared first on Cyber Security News.

Tushar Subhra Dutta

Glassworm Hits Popular React Native Packages With Credential-Stealing npm Malware

Cyber Security News
1 week 6 days ago

A coordinated supply chain attack struck the developer community on March 16, 2026, when a threat actor known as Glassworm backdoored two widely used React Native npm packages, turning them into silent credential and cryptocurrency stealers. The affected packages — [email protected] and [email protected] — were published within minutes of each other by the same publisher, AstrOOnauta, and together accounted […]

The post Glassworm Hits Popular React Native Packages With Credential-Stealing npm Malware appeared first on Cyber Security News.

Tushar Subhra Dutta

Simple Custom Font Rendering Can Poison ChatGPT, Claude, Gemini, and Other AI Systems

Cyber Security News
2 weeks ago

A novel attack technique that exploits a fundamental blind spot in AI web assistants the gap between what a browser renders for a user and what an AI tool actually reads from the underlying HTML. Using nothing more than a custom font file and basic CSS, attackers can silently deliver malicious instructions to users while […]

The post Simple Custom Font Rendering Can Poison ChatGPT, Claude, Gemini, and Other AI Systems appeared first on Cyber Security News.

Guru Baran

CVE-2026-4349 | Duende IdentityServer 4 Token Renewal Endpoint /connect/authorize id_token_hint improper authentication

VulDB Recent Entries
2 weeks ago
A vulnerability was found in Duende IdentityServer 4. It has been rated as critical. The affected element is an unknown function of the file /connect/authorize of the component Token Renewal Endpoint. This manipulation of the argument id_token_hint causes improper authentication. The identification of this vulnerability is CVE-2026-4349. It is possible to initiate the attack remotely. There is no exploit available. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

How to Shop Online Safely While Finding Better Deals 

Cyber Security News
2 weeks ago

With the rapid growth of e-commerce and mobile payments, online shopping has become an essential part of everyday life for many people. Consumers now purchase everything from electronics and household products to digital services through online platforms. While this convenience has made shopping faster and more accessible, it has also introduced new cybersecurity challenges. Fake […]

The post How to Shop Online Safely While Finding Better Deals  appeared first on Cyber Security News.

Kavichselvan

CVE-2026-4147 | MongoDB Server up to 7.0.30/8.0.19/8.2.5 Issuances uninitialized variable

VulDB Recent Entries
2 weeks ago
A vulnerability was found in MongoDB Server up to 7.0.30/8.0.19/8.2.5. It has been declared as problematic. Impacted is an unknown function of the component Issuances Handler. The manipulation results in use of uninitialized variable. This vulnerability was named CVE-2026-4147. The attack may be performed from remote. There is no available exploit. It is recommended to upgrade the affected component.
vuldb.com

Managed ad