Aggregator
Luxembourg court overturns $858 million privacy fine against Amazon
2 weeks 2 days ago
The case, which had its roots in 2018, originated in the way that Amazon obtained consent from European consumers.
MEGA-кража. Почему облачные сервисы стали идеальным местом для кибершпионов
2 weeks 2 days ago
Злоумышленникам больше нет нужды скрываться в тени.
Hacked sites deliver Vidar infostealer to Windows users
2 weeks 2 days ago
We found fake “verify you are human” pages on hacked WordPress sites that trick Windows users into installing the Vidar infostealer.
The post Hacked sites deliver Vidar infostealer to Windows users appeared first on Security Boulevard.
Malwarebytes
Stryker says hospital tools are safe, but digital ordering systems still down after cyberattack
2 weeks 2 days ago
Electronic ordering systems belonging to the medical device company Stryker are still down a week after a cyberattack believed to have wiped thousands of company devices of all information. The company said its digital products are safe for use.
IBM Uncovers ‘Slopoly,’ Likely AI-Generated Malware Used in Hive0163 Ransomware Attack
2 weeks 2 days ago
A concerning development has emerged in early 2026, as IBM X-Force uncovered a likely AI-generated malware strain they named “Slopoly,” deployed during a ransomware attack by the financially motivated threat group Hive0163. The group is primarily focused on large-scale data theft and ransomware deployments, using a growing arsenal of custom-built tools to stay persistent inside […]
The post IBM Uncovers ‘Slopoly,’ Likely AI-Generated Malware Used in Hive0163 Ransomware Attack appeared first on Cyber Security News.
Tushar Subhra Dutta
Microsoft Edge security advisory (AV26-243)
2 weeks 2 days ago
Canadian Centre for Cyber Security
UK’s Companies House confirms security flaw exposed business data
2 weeks 2 days ago
Companies House, a British government agency that operates the registry for all U.K. companies, says its WebFiling service is back online after it was closed on Friday to fix a security flaw that exposed companies' information since October 2025. [...]
Sergiu Gatlan
Код как расходник. Зачем хакерам миллион одинаковых загрузчиков в разных обёртках
2 weeks 2 days ago
Новая техника «промптморфизм» превращает работу антивирусов в бессмысленную погоню за призраками.
Randall Munroe’s XKCD ‘Bad Map Projection: Zero Declination’
2 weeks 2 days ago
via the comic artistry and dry wit of Randall Munroe, creator of XKCD
The post Randall Munroe’s XKCD ‘Bad Map Projection: Zero Declination’ appeared first on Security Boulevard.
Marc Handelman
Qihoo 360 Leaked Its Own Wildcard SSL Private Key Inside Public AI Installer
2 weeks 2 days ago
China’s largest cybersecurity firm, Qihoo 360, has inadvertently exposed its own wildcard SSL private key by bundling it directly inside the public installer of its newly launched AI assistant, 360Qihoo (Security Claw). The flaw discovered on March 16, 2026, is a textbook operational security failure from a company trusted by over 461 million users to […]
The post Qihoo 360 Leaked Its Own Wildcard SSL Private Key Inside Public AI Installer appeared first on Cyber Security News.
Guru Baran
CVE-2026-4289 | Tiandy Easy7 Integrated Management Platform up to 7.17.0 getRecByTemplateId ID sql injection (EUVD-2026-12531)
2 weeks 2 days ago
A vulnerability was found in Tiandy Easy7 Integrated Management Platform up to 7.17.0. It has been classified as critical. This affects an unknown function of the file /rest/preSetTemplate/getRecByTemplateId. The manipulation of the argument ID leads to sql injection.
This vulnerability is listed as CVE-2026-4289. The attack may be initiated remotely. In addition, an exploit is available.
The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com
CVE-2026-4288 | Tiandy Easy7 Integrated Management Platform 7.17.0 Endpoint getDevDetailedInfo ID sql injection (EUVD-2026-12530)
2 weeks 2 days ago
A vulnerability was found in Tiandy Easy7 Integrated Management Platform 7.17.0 and classified as critical. The impacted element is an unknown function of the file /rest/devStatus/getDevDetailedInfo of the component Endpoint. Executing a manipulation of the argument ID can lead to sql injection.
This vulnerability is tracked as CVE-2026-4288. The attack can be launched remotely. Moreover, an exploit is present.
The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com
CVE-2026-4287 | Tiandy Easy7 Integrated Management Platform 7.17.0 Endpoint queryResources areaId sql injection (EUVD-2026-12529)
2 weeks 2 days ago
A vulnerability has been found in Tiandy Easy7 Integrated Management Platform 7.17.0 and classified as critical. The affected element is an unknown function of the file /rest/devStatus/queryResources of the component Endpoint. Performing a manipulation of the argument areaId results in sql injection.
This vulnerability is identified as CVE-2026-4287. The attack can be initiated remotely. Additionally, an exploit exists.
The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com
Кто украл секреты соседей? Опубликован отчёт о масштабной шпионской кампании в СНГ
2 weeks 2 days ago
Хакеры захватили десятки госорганов с помощью одного популярного мессенджера.
Submit #771997: Tiandy Technologies Co., Ltd. Tiandy Easy7 Integrated Management Platform 7.17.0 SQL Injection [Accepted]
2 weeks 2 days ago
Submit #771997 / VDB-351294
0menc
Submit #771963: Tiandy Technologies Co., Ltd. Tiandy Easy7 Integrated Management Platform 7.17.0 SQL Injection [Accepted]
2 weeks 2 days ago
Submit #771963 / VDB-351293
0menc
Submit #771956: Tiandy Technologies Co., Ltd. Tiandy Easy7 Integrated Management Platform 7.17.0 SQL Injection [Accepted]
2 weeks 2 days ago
Submit #771956 / VDB-351292
0menc
Akira
2 weeks 2 days ago
You must login to view this content
cohenido
Akira
2 weeks 2 days ago
You must login to view this content
cohenido