Aggregator

CVE-2014-2729 | EPiServer Ektron CMS prior 8.7.0 content.aspx category0 cross site scripting (ID 126187)

2 days 20 hours ago

A vulnerability classified as problematic has been found in EPiServer Ektron CMS. Impacted is an unknown function of the file content.aspx. This manipulation of the argument category0 causes cross site scripting. This vulnerability is handled as CVE-2014-2729. The attack can be initiated remotely. There is not any exploit available. It is recommended to upgrade the affected component.

vuldb.com

CVE-2026-45000 | OpenClaw up to 2026.4.19 server-side request forgery (GHSA-j4c5-89f5-f3pm / EUVD-2026-29145)

Vuldb Updates

2 days 20 hours ago

A vulnerability classified as critical has been found in OpenClaw up to 2026.4.19. This vulnerability affects unknown code. Performing a manipulation results in server-side request forgery. This vulnerability is cataloged as CVE-2026-45000. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

vuldb.com

CVE-2026-45001 | OpenClaw up to 2026.4.19 Setting config.apply authorization (GHSA-7jm2-g593-4qrc / EUVD-2026-29146)

Vuldb Updates

2 days 20 hours ago

A vulnerability classified as critical was found in OpenClaw up to 2026.4.19. This issue affects some unknown processing of the file config.apply of the component Setting Handler. Executing a manipulation can lead to missing authorization. This vulnerability is registered as CVE-2026-45001. It is possible to launch the attack remotely. No exploit is available. Upgrading the affected component is advised.

vuldb.com

Official CheckMarx Jenkins package compromised with infostealer

Bleeping Computer.

2 days 20 hours ago

Checkmarx warned over the weekend that a rogue version of its Jenkins Application Security Testing (AST) plugin had been published on the Jenkins Marketplace. [...]

Bill Toulas

New GhostLock tool abuses Windows API to block file access

Bleeping Computer.

2 days 20 hours ago

A security researcher has released a proof-of-concept tool named GhostLock that demonstrates how a legitimate Windows file API can be abused in attacks to block access to files stored locally or on SMB network shares. [...]

Lawrence Abrams

Qilin

Dark Feed IO

2 days 20 hours ago

You must login to view this content

cohenido

Google Says Hackers Used AI to Develop a Zero-Day Exploit

Hack Read

2 days 20 hours ago

Google researchers say hackers used AI to develop zero-day exploits, Android backdoors, and automated supply chain attacks targeting GitHub and PyPI.

Deeba Ahmed

VMware at Pwn2Own Berlin 2026

VMWare Security Blog

2 days 20 hours ago

The Broadcom PSIRT Team (VCF Division) is pleased to announce VMware’s participation in Pwn2Own Berlin 2026, organized by the Zero Day Initiative (ZDI). The competition will run from May 14–16, alongside OffensiveCon in Berlin, Germany. Members of our team will be on-site to validate any VMescape demonstrations on ESX. If you are attending and have … Continued

The post VMware at Pwn2Own Berlin 2026 appeared first on VMware Security Blog.

Praveen Singh and Monty Ijzerman

KAMS PARIS Allegedly Breached Exposing 187,927 Customer Records From the French Niche Perfumery

Dark Web Informer - Cyber Threat Intelligence

2 days 20 hours ago

A threat actor is selling the customer database of KAMS PARIS, a Parisian niche perfumery founded in 1960 and located at 6 Avenue de l’Opéra, specializing in rare niche perfumes, skincare, and beauty products with delivery across Europe.

Dark Web Informer

FCC Softens Ban on Foreign-Made Routers

darkreading

2 days 21 hours ago

The Federal Communications Commission eased some restrictions and pushed back deadlines for foreign router manufacturers, but the ban is still in place.

Jai Vijayan

The Threat Window Is Shrinking. The Response Gap Isn't

BankInfoSecurity.com

2 days 21 hours ago

Patching Workflows Built for Weekly Cycles Can't Survive an Era of Hourly Exploits
AI is shrinking the window between vulnerability disclosure and active exploitation from weeks to hours. But remediation workflows haven't kept pace. Security teams need real-time intelligence, unified IT and security operations, and automated remediation to close the gap before attackers do.

AI Researchers Target SIEM Migration Bottleneck

BankInfoSecurity.com

2 days 21 hours ago

System Translates Detection Rules Across Security Platforms
Researchers developed an AI framework that converts threat detection rules between major SIEM platforms including Splunk, Microsoft Sentinel and QRadar. The system uses LLMs and automated validation steps to preserve detection logic during migrations that often require months of manual work.

Cops Shutter Rebooted German Language Cybercrime Market

BankInfoSecurity.com

2 days 21 hours ago

Spanish Police Bust German Accused of Relaunching 'Crimenetwork' Cybercrime Forum
Spanish police have arrested a German national suspected of a string of cybercrime offenses, including remotely administering from the sunny island of Mallorca a relaunched version of "Crimenetwork," a German-language cybercrime market for stolen data, forged documents and drugs.

Tables Turned: Gentlemen Ransomware Group Suffers Data Leak

BankInfoSecurity.com

2 days 21 hours ago

Internal Communications Dumped Online, Revealing Fresh Victims, Repeat Tactics
Ransomware group The Gentlemen, a relative newcomer to the cybercrime scene, suffered a leak of its internal communications, revealing previously non-public victims, a variety of tactics, techniques and tools, and a relentless focus on popping backup and storage infrastructure.

INC

Dark Feed IO

2 days 22 hours ago

You must login to view this content

cohenido

Apple security advisory (AV26-446)

CCCS - Alerts and advisories

2 days 22 hours ago

Canadian Centre for Cyber Security

Qilin

Dark Feed IO

2 days 22 hours ago

You must login to view this content

cohenido

Texas sues Netflix over alleged data practices that create ‘surveillance machinery’ without user consent

The Record

2 days 22 hours ago

In addition to fines, Texas is asking a judge to prevent Netflix from illegally collecting and sharing user data and to mandate that the company no longer use autoplay by default on kids’ profiles.

Tech Can't Stop These Threats — Your People Can

darkreading

2 days 22 hours ago

Security controls can do only so much. Here are four attacks where your employees are usually your first, and only, line of cyber defense.

A. Stryker

JetBrains security advisory (AV26-445)

CCCS - Alerts and advisories

2 days 22 hours ago

Canadian Centre for Cyber Security

Aggregator

Managed ad