Aggregator

CVE-2026-32296 | Sipeed NanoKVM up to 2.3.0 Wi-Fi Configuration Endpoint missing authentication (EUVD-2026-12610)

VulDB Recent Entries
2 weeks ago
A vulnerability described as critical has been identified in Sipeed NanoKVM up to 2.3.0. Affected by this vulnerability is an unknown functionality of the component Wi-Fi Configuration Endpoint. The manipulation results in missing authentication. This vulnerability is cataloged as CVE-2026-32296. The attack may be launched remotely. There is no exploit available. Upgrading the affected component is recommended.
vuldb.com

CVE-2026-21570 | Atlassian Bamboo Data Center up to 9.6.23/10.2.15/12.1.2 privilege escalation

VulDB Recent Entries
2 weeks ago
A vulnerability identified as critical has been detected in Atlassian Bamboo Data Center up to 9.6.23/10.2.15/12.1.2. This affects an unknown function. Performing a manipulation results in privilege escalation. This vulnerability is identified as CVE-2026-21570. The attack can be initiated remotely. There is not any exploit available. You should upgrade the affected component.
vuldb.com

CVE-2026-4354 | TRENDnet TEW-824DRU 1.010B01/1.04B01 Web Interface apply_sec.cgi sub_420A78 Language cross site scripting

VulDB Recent Entries
2 weeks ago
A vulnerability categorized as problematic has been discovered in TRENDnet TEW-824DRU 1.010B01/1.04B01. The impacted element is the function sub_420A78 of the file apply_sec.cgi of the component Web Interface. Such manipulation of the argument Language leads to cross site scripting. This vulnerability is referenced as CVE-2026-4354. It is possible to launch the attack remotely. Furthermore, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

Iranian Cyber Ops Maintain US Network Footholds, Target Cameras for Regional Surveillance

Cyber Security News
2 weeks ago

Iran’s cyber operations took a sharp turn in early 2026, with state-linked threat actors quietly embedding themselves inside US and Canadian networks while also targeting internet-connected surveillance cameras across the Middle East for battlefield intelligence. The Iranian APT group MuddyWater, tied to Iran’s Ministry of Intelligence and Security (MOIS), maintained unauthorized access to multiple American […]

The post Iranian Cyber Ops Maintain US Network Footholds, Target Cameras for Regional Surveillance appeared first on Cyber Security News.

Tushar Subhra Dutta

Google Warns Ransomware Actors Are Shifting Tactics as Profits Fall and Data Theft Rises

Cyber Security News
2 weeks ago

The ransomware threat landscape entered a new phase in 2025. Once a highly reliable criminal business model built on encrypting victim files and collecting ransom payments, it is now under significant financial pressure. Ransom payment rates have hit historic lows, average demands have dropped sharply, and organizations are recovering from attacks more effectively than in […]

The post Google Warns Ransomware Actors Are Shifting Tactics as Profits Fall and Data Theft Rises appeared first on Cyber Security News.

Tushar Subhra Dutta

Glassworm Hits Popular React Native Packages With Credential-Stealing npm Malware

Cyber Security News
2 weeks ago

A coordinated supply chain attack struck the developer community on March 16, 2026, when a threat actor known as Glassworm backdoored two widely used React Native npm packages, turning them into silent credential and cryptocurrency stealers. The affected packages — [email protected] and [email protected] — were published within minutes of each other by the same publisher, AstrOOnauta, and together accounted […]

The post Glassworm Hits Popular React Native Packages With Credential-Stealing npm Malware appeared first on Cyber Security News.

Tushar Subhra Dutta

Simple Custom Font Rendering Can Poison ChatGPT, Claude, Gemini, and Other AI Systems

Cyber Security News
2 weeks ago

A novel attack technique that exploits a fundamental blind spot in AI web assistants the gap between what a browser renders for a user and what an AI tool actually reads from the underlying HTML. Using nothing more than a custom font file and basic CSS, attackers can silently deliver malicious instructions to users while […]

The post Simple Custom Font Rendering Can Poison ChatGPT, Claude, Gemini, and Other AI Systems appeared first on Cyber Security News.

Guru Baran

Managed ad