Aggregator

CVE-2026-33351 | WWBN AVideo up to 25.x saveDVR.json.php file_get_contents webSiteRootURL server-side request forgery (GHSA-5f7v-4f6g-74rj)

VulDB Recent Entries
4 weeks 1 day ago
A vulnerability labeled as critical has been found in WWBN AVideo up to 25.x. Affected is the function file_get_contents of the file plugin/Live/standAloneFiles/saveDVR.json.php. Executing a manipulation of the argument webSiteRootURL can lead to server-side request forgery. This vulnerability is handled as CVE-2026-33351. The attack can be executed remotely. There is not any exploit available. The affected component should be upgraded.
vuldb.com

CVE-2026-33297 | WWBN AVideo up to 25.x setPassword.json.php Password authorization (GHSA-6547-8hrg-c55m)

VulDB Recent Entries
4 weeks 1 day ago
A vulnerability identified as problematic has been detected in WWBN AVideo up to 25.x. This impacts an unknown function of the file setPassword.json.php. Performing a manipulation of the argument Password results in authorization bypass. This vulnerability is known as CVE-2026-33297. Remote exploitation of the attack is possible. No exploit is available. You should upgrade the affected component.
vuldb.com

CVE-2026-33352 | WWBN AVideo up to 25.x Request Parameter objects/category.php getAllCategories sql injection (GHSA-mcj5-6qr4-95fj)

VulDB Recent Entries
4 weeks 1 day ago
A vulnerability was found in WWBN AVideo up to 25.x. It has been rated as critical. The impacted element is the function getAllCategories of the file objects/category.php of the component Request Parameter Handler. This manipulation causes sql injection. This vulnerability appears as CVE-2026-33352. The attack may be initiated remotely. There is no available exploit. Upgrading the affected component is advised.
vuldb.com

GrapheneOS 拒绝年龄验证

Solidot
4 weeks 1 day ago
Android 安全加固版 GrapheneOS 通过其社交媒体账号宣布它不会遵守新出台的年龄验证法律,这些法律要求操作系统在设置时收集用户年龄数据。GrapheneOS 强调它不会要求用户提供个人信息、身份证明或注册账户,如果搭载 GrapheneOS 的设备因当地法律法规限制无法在特定地区销售,它会接受。GrapheneOS 目前只支持 Google Pixel 系列智能手机,本月初与联想旗下的摩托罗拉宣布了合作,预计会在 2027 年推出支持 GrapheneOS 的智能手机。目前美国加州和科罗拉多州,以及巴西制定了法律要求操作系统验证用户年龄。其中巴西的法律 Digital ECA (Law 15.211)于 3 月 17 日生效,它规定违反者将面临最高 950 万美元罚款。GrapheneOS 不是唯一一个拒绝遵守年龄验证法律的操作系统项目。开源计算器固件项目 DB48X 开发者声明永远不会实施年龄验证;MidnightBSD 项目更新了许可证,禁止巴西用户使用。

The devices winning the race to get hacked in 2026

Help Net Security
4 weeks 1 day ago

Enterprise networks keep adding connected devices, expanding the attack surface as threat actors target a wider range of systems, many of which are difficult to inventory, secure, and patch consistently. (Source: Forescout) Forescout’s 2026 Riskiest Devices research maps that shift in IT, IoT, OT, and IoMT environments, with 11 new riskiest asset types entering the list this year. That is the second-largest year-over-year increase on record, and two of the new entries moved straight into … More →

The post The devices winning the race to get hacked in 2026 appeared first on Help Net Security.

Sinisa Markovic

Top must-visit companies at RSAC 2026

Help Net Security
4 weeks 1 day ago

RSAC 2026 Conference is taking place at the Moscone Center in San Francisco March 23 – 26. With hundreds of booths, countless product demos, and nonstop buzz, navigating RSAC can be overwhelming. That’s why we’ve done the legwork to highlight the standout companies you won’t want to miss. Whether you’re looking for cutting-edge innovation, industry veterans with new offerings, or rising stars shaking things up, these exhibitors are bringing something special to the floor this … More →

The post Top must-visit companies at RSAC 2026 appeared first on Help Net Security.

Mirko Zorz

44 Aqua Security repositories defaced after Trivy supply chain breach

Security Affairs
4 weeks 1 day ago
Malicious Trivy images on Docker Hub spread infostealer malware, exposing developers after a supply chain attack. Researchers found malicious Trivy images on Docker Hub linked to a supply chain attack. Versions 0.69.4–0.69.6, now removed, contained TeamPCP infostealer code. Suspicious tags were pushed without matching GitHub releases, increasing the risk to developers using compromised container images. […]
Pierluigi Paganini

The bizarre Cyber War over Kimwolf and Aisuru

Link 11 (Dosarrest Internet Security Ltd)
4 weeks 1 day ago

What happens when you take away cybercriminals’ most expensive toy? They get angry and attack. When courageous security researchers decided to paralyze over 500 command servers of the notorious IoT botnets Kimwolf and Aisuru, the hackers reacted promptly: They launched massive revenge attacks on the researchers, whose data packets were filled to the brim with […]

The post The bizarre Cyber War over Kimwolf and Aisuru appeared first on Link11.

Irina

Managed ad