Aggregator

A vulnerability, which was classified as problematic, was found in pygments up to 2.19.2. The impacted element is the function AdlLexer of the file pygments/lexers/archetype.py. The manipulation results in inefficient regular expression complexity. This vulnerability is identified as CVE-2026-4539. The attack is only possible with local access. Additionally, an exploit exists. The project was informed of the problem early through an issue report but has not responded yet.

Submit #774685 / VDB-352327

…и оно будет доступно по подписке.

每个人有自己擅长而又十分狭窄的领域

A sophisticated supply chain attack targeting the official Trivy GitHub Action (aquasecurity/trivy-action) has compromised continuous integration and continuous deployment (CI/CD) pipelines globally. Disclosed in late March 2026, this incident marks the second distinct compromise affecting the Trivy ecosystem within a single month. Threat actors successfully force-pushed 75 out of 76 existing version tags to distribute […]

The post Hackers Compromise Trivy Scanner to Inject malicious Scripts and Steal Login Credentials appeared first on Cyber Security News.

6 min readMost organizations still treat credentials as something that must be protected, stored, and rotated. But a second model is quietly reshaping how machine authentication works: eliminate static secrets altogether and authenticate workloads using identity and just-in-time access.

The post Secrets Management vs. Secrets Elimination: Where Should You Invest? appeared first on Aembit.

The post Secrets Management vs. Secrets Elimination: Where Should You Invest? appeared first on Security Boulevard.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added five security flaws impacting Apple, Craft CMS, and Laravel Livewire to its Known Exploited Vulnerabilities (KEV) catalog, urging federal agencies to patch them by April 3, 2026. The vulnerabilities that have come under exploitation are listed below - CVE-2025-31277 (CVSS score: 8.8) - A vulnerability in Apple

The threat actors behind the supply chain attack targeting the popular Trivy scanner are suspected to be conducting follow-on attacks that have led to the compromise of a large number of npm packages with a previously undocumented self-propagating worm dubbed CanisterWorm. The name is a reference to the fact that the malware uses an ICP canister, which denotes a tamperproof smart contract on

A vulnerability, which was classified as critical, has been found in PyTorch 2.10.0. The affected element is an unknown function of the component pt2 Loading Handler. The manipulation leads to deserialization. This vulnerability is referenced as CVE-2026-4538. The attack can only be performed from a local environment. Furthermore, an exploit is available. The project was informed of the problem early through a pull request but has not reacted yet.

PyGraphistry: Leverage the power of graphs & GPUs to visualize, analyze, and scale your data PyGraphistry is an

The post Beyond the Table: Unleash 100X Faster Graph AI and Visual Analytics with PyGraphistry appeared first on Penetration Testing Tools.

Submit #774682 / VDB-346174

Submit #774681 / VDB-352326

A vulnerability classified as critical was found in Cudy TR1200 R46-2.4.15-20250721-164017. Impacted is the function action_ipsec_conn of the file /usr/bin/lib/lua/luci/controller/ipsec.lua. Executing a manipulation can lead to command injection. The identification of this vulnerability is CVE-2026-4537. The attack may be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability classified as critical has been found in Acrel Environmental Monitoring Cloud Platform 1.1.0. This issue affects some unknown processing. Performing a manipulation results in unrestricted upload. This vulnerability was named CVE-2026-4536. The attack may be initiated remotely. In addition, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

Economical IP-KVM apparatuses, which facilitate remote, hardware-level dominion over computers, have emerged as a formidable peril to corporate

The post The Trojan at the Console: How Budget IP-KVMs Are Opening a Backdoor to Corporate Silicon appeared first on Penetration Testing Tools.

Submit #774672 / VDB-303135

A vulnerability described as critical has been identified in Tenda FH451 1.0.0.9. This vulnerability affects the function WrlclientSet of the file /goform/WrlclientSet. Such manipulation of the argument GO leads to stack-based buffer overflow. This vulnerability is uniquely identified as CVE-2026-4535. The attack can be launched remotely. Moreover, an exploit is present.

A vulnerability marked as critical has been reported in Tenda FH451 1.0.0.9. This affects the function formWrlExtraSet of the file /goform/WrlExtraSet. This manipulation of the argument GO causes stack-based buffer overflow. This vulnerability is handled as CVE-2026-4534. The attack can be initiated remotely. Additionally, an exploit exists.

Submit #774583 / VDB-319914

Google is orchestrating a profound transfiguration within the Android dominion, an evolution destined to irrevocably alter the landscape

The post The Sideloading Purgatory: Google’s Draconian Architecture to Subjugate the Independent APK appeared first on Penetration Testing Tools.