Aggregator
VaultJacking Attack Steals Entire Google Password Manager Vault With One Captured PIN
1 month 1 week ago
A new phishing technique called VaultJacking has emerged, and it is raising serious alarms across the cybersecurity community. With just a single captured 6-digit PIN, an attacker can walk away with an entire Google Password Manager vault, including every saved password and passkey stored inside. This is not a theoretical risk, as it is a […]
The post VaultJacking Attack Steals Entire Google Password Manager Vault With One Captured PIN appeared first on Cyber Security News.
Tushar Subhra Dutta
CVE-2026-44262 | dedoc scramble up to 0.13.21 code injection (EDB-52582)
1 month 1 week ago
A vulnerability classified as critical has been found in dedoc scramble up to 0.13.21. This issue affects some unknown processing. Performing a manipulation results in code injection.
This vulnerability is identified as CVE-2026-44262. The attack can be initiated remotely. Additionally, an exploit exists.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2026-33534 | EspoCRM up to 9.3.3 fromImageUrl isNotInternalHost server-side request forgery (EDB-52583)
1 month 1 week ago
A vulnerability, which was classified as critical, has been found in EspoCRM up to 9.3.3. This affects the function HostCheck::isNotInternalHost of the file /api/v1/Attachment/fromImageUrl. This manipulation causes server-side request forgery.
This vulnerability is handled as CVE-2026-33534. The attack can be initiated remotely. Additionally, an exploit exists.
It is advisable to upgrade the affected component.
vuldb.com
One Forged Header: Unauthenticated Authentication Bypass in Fortinet FortiClient EMS (CVE-2026-35616)
1 month 1 week ago
Fortinet has disclosed a critical authentication bypass affecting FortiClient Endpoint Management Server (EMS).
Dark Web Informer
Физики телепортировали квантовые состояния при запредельной температуре — и обогнали классический предел
1 month 1 week ago
Это первый шаг к сети из нескольких квантовых компьютеров, соединённых обычным кабелем.
Hackers exploit FortiClient EMS flaw to push infostealer malware
1 month 1 week ago
Hackers are exploiting an authentication bypass vulnerability (CVE-2026-35616) in FortiClient Enterprise Management Server (EMS) to deliver an undocumented credential stealer called EKZ. [...]
Bill Toulas
Critical Gogs RCE Vulnerability Lets Any Authenticated User Execute Arbitrary Code
1 month 1 week ago
A critical security vulnerability has been disclosed in Gogs, a popular open-source self-hosted Git service, that allows an authenticated user to execute arbitrary code under certain conditions.
The security flaw, per Rapid7, is rated 9.4 on the CVSS scoring system. It does not have a CVE identifier.
"The vulnerability allows any authenticated user to achieve remote code execution (RCE) on
The Hacker News
CrystalDiskInfo, FurMark и DDU — всё поддельное. Microsoft предупредила о необычной атаке на геймеров
1 month 1 week ago
Купили мощную видеокарту? Злоумышленникам это точно понравится.
French Real-Estate Tour Platform EnVisite Hit by Alleged 138K-Record Leak
1 month 1 week ago
A threat actor using the alias ChimeraZ claims to have leaked a database allegedly belonging to EnVisite, a French platform for real-estate virtual tours used by agents to create and share interactive property presentations.
Dark Web Informer
The CISO Whisperer’s Watch List For The Gartner Security & Risk Management Summit 2026
1 month 1 week ago
New York, USA, 28th May 2026, CyberNewswire
CyberNewswire
AI安全网关:企业统一接入、安全防护与数据安全的必要性与实践路径
1 month 1 week ago
易安联零信任
CVE-2026-8980 | Mennekes Amtron up to 5.22.3 POST Request privileges management (EUVD-2026-32897)
1 month 1 week ago
A vulnerability, which was classified as critical, was found in Mennekes Amtron up to 5.22.3. This impacts an unknown function of the component POST Request Handler. Executing a manipulation can lead to improper privilege management.
This vulnerability is registered as CVE-2026-8980. It is possible to launch the attack remotely. No exploit is available.
vuldb.com
CVE-2026-9818 | Roundcube Webmail up to 1.6.15/1.7.0 incomplete blacklist (EUVD-2026-32893)
1 month 1 week ago
A vulnerability described as critical has been identified in Roundcube Webmail up to 1.6.15/1.7.0. Impacted is an unknown function. The manipulation results in incomplete blacklist.
This vulnerability is identified as CVE-2026-9818. The attack can be executed remotely. There is not any exploit available.
Upgrading the affected component is recommended.
vuldb.com
CVE-2026-8979 | Mennekes Amtron up to 5.22.3 POST Request /operator/operator improper authentication (EUVD-2026-32896)
1 month 1 week ago
A vulnerability, which was classified as critical, has been found in Mennekes Amtron up to 5.22.3. This affects an unknown function of the file /operator/operator of the component POST Request Handler. Performing a manipulation results in improper authentication.
This vulnerability is cataloged as CVE-2026-8979. It is possible to initiate the attack remotely. There is no exploit available.
vuldb.com
CVE-2026-8990 | View Concept Kidsview up to 4.4.2 Push Notification authentication bypass (EUVD-2026-32901)
1 month 1 week ago
A vulnerability was found in View Concept Kidsview up to 4.4.2. It has been declared as critical. This affects an unknown part of the component Push Notification Handler. Such manipulation leads to authentication bypass using alternate channel.
This vulnerability is traded as CVE-2026-8990. The attack can be executed directly on the physical device. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
借一个简单AI靶场初步了解提示词注入
1 month 1 week ago
sildraw
Утром — облака из камня, вечером — ясное небо: телескоп Уэбба проследил смену погоды на чужой планете
1 month 1 week ago
Готовы услышать самый странный климатический прогноз в вашей жизни?
French Real-Estate Platform Figaro Immobilier Hit by Alleged 100K Invoice Leak
1 month 1 week ago
A threat actor using the alias ChimeraZ claims to have leaked a database allegedly belonging to Figaro Immobilier / Explorimmo, a French real-estate platform offering property listings for sale, rent, and vacation stays.
Dark Web Informer
French Government Platform Resana Listed in Alleged 990K-Record User Data Sale
1 month 1 week ago
A threat actor using the alias xMetah claims to be selling a database allegedly belonging to Resana, a French government collaboration platform hosted on the state's numerique.gouv.fr domain.
Dark Web Informer