Aggregator

The Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to patch a maximum-severity vulnerability, CVE-2026-20131, in Cisco Secure Firewall Management Center (FMC) by Sunday, March 22. [...]

A sweeping cyberattack campaign has compromised more than 7,500 Magento-powered e-commerce websites since late February 2026, with attackers uploading hidden malicious files into publicly accessible web directories across thousands of domains. The attack has spread to over 15,000 hostnames, affecting commercial brands, government agencies, universities, and non-profit organizations spanning multiple countries, making it one of […]

The post Hackers Compromised 7,500+ Magento Websites to Upload Hidden Malicious Files and Steal Data appeared first on Cyber Security News.

Это самая мощная из авиационных проникающих бомб в арсенале страны.

From golden images to agent governance, Chainguard Assemble 2026 focused on how teams can reduce risk by embedding trust, compliance, and security into delivery systems.

The post Chainguard Assemble 2026 and the Security Factory Mindset appeared first on Security Boulevard.

Author, Creator & Presenter: Scott Piper - Principal Cloud Security Researcher at Wiz

Our thanks to BSidesSLC for publishing their Creators, Authors and Presenter’s outstanding BSidesSLC 2025 content on the Organizations' YouTube Channel.

Permalink

The post BSidesSLC 2025 – Getting Things Fixed – Keynote On Security Wins (And Fails) appeared first on Security Boulevard.

预印本平台 arXiv.org 将于 7 月 1 日脱离康奈尔大学成立独立的非营利性公司，它正在招募 CEO。过去两年因为 AI 以及 AI 相关领域的火热 arXiv 收到的投稿数量激增，员工人数也增长到 27 人，导致出现了运营赤字，康奈尔大学帮助支付了超支。但 arXiv 在资金需求上与康奈尔内部项目存在竞争，而它在寻求赞助时对方会担心通过康奈尔捐赠的资金无法直接用于 arXiv 项目，成立独立机构就是为了解决该问题。此举有助于 arXiv 从更多的捐赠者手中直接筹集到用于该平台的资金，也有助于它解决投稿中的 AI slop 问题。分拆和独立运营是 arXiv 创始人、物理学家 Paul Ginsparg 最早提出的，Ginsparg 一直想退出和退休，独立运营也有助于他彻底放手。

A vulnerability classified as problematic has been found in Zimbra Collaboration Suite 10.0/10.1. This affects an unknown function of the file /h/rest of the component Webmail REST Interface. The manipulation leads to cross site scripting. This vulnerability is referenced as CVE-2026-33368. Remote exploitation of the attack is possible. No exploit is available.

A vulnerability described as problematic has been identified in Zimbra Collaboration Suite 10.0/10.1. The impacted element is an unknown function of the component Briefcase Feature. Executing a manipulation can lead to cross site scripting. The identification of this vulnerability is CVE-2026-33370. The attack may be launched remotely. There is no exploit available.

A vulnerability marked as problematic has been reported in Zimbra Collaboration Suite 10.0/10.1. The affected element is an unknown function of the component Request Header Handler. Performing a manipulation results in cross-site request forgery. This vulnerability was named CVE-2026-33372. The attack may be initiated remotely. There is no available exploit.

A vulnerability labeled as problematic has been found in Zimbra Collaboration Suite 10.0/10.1. Impacted is an unknown function of the component Exchange Web Service. Such manipulation leads to xml external entity reference. This vulnerability is uniquely identified as CVE-2026-33371. The attack can be launched remotely. No exploit exists.

A vulnerability identified as critical has been detected in Zimbra Collaboration Suite 10.0/10.1. This issue affects some unknown processing of the component Mailbox SOAP Service. This manipulation causes ldap injection. This vulnerability is handled as CVE-2026-33369. The attack can be initiated remotely. There is not any exploit available.

A vulnerability categorized as critical has been discovered in Foundation Agents MetaGPT up to 0.8.1. This vulnerability affects unknown code of the file metagpt/actions/di/write_analysis_code.py of the component DataInterpreter. The manipulation results in injection. This vulnerability is known as CVE-2026-4516. It is possible to launch the attack remotely. Furthermore, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in Foundation Agents MetaGPT up to 0.8.1. It has been rated as critical. This affects the function code_generate of the file metagpt/ext/aflow/scripts/operator.py. The manipulation leads to code injection. This vulnerability is traded as CVE-2026-4515. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A newly identified variant of the VoidStealer infostealer has drawn serious attention from the security community after it became the first malware known to bypass Google Chrome’s Application-Bound Encryption (ABE) without requiring code injection or elevated system privileges. The variant, introduced in VoidStealer version 2.0 on March 13, 2026, uses a debugger-based technique to silently […]

The post New VoidStealer Variant Bypasses Chrome ABE Without Injection or Privilege Escalation appeared first on Cyber Security News.

Rep. Darin LaHood (R-IL) talked about recent issues that have cropped up around Section 702 and what needs to be done to get a renewal over the finish line.

Submit #773930 / VDB-352081

Submit #773929 / VDB-352080

A vulnerability was found in PbootCMS up to 3.2.12. It has been declared as critical. Affected by this issue is some unknown functionality of the file apps/admin/controller/system/UserController.php of the component Backend. Executing a manipulation of the argument Field can lead to improper access controls. This vulnerability appears as CVE-2026-4514. The attack may be performed from remote. In addition, an exploit is available.

Submit #773907 / VDB-352079

A vulnerability was found in vanna-ai vanna up to 2.0.2. It has been classified as critical. Affected by this vulnerability is the function ask of the file vanna\legacy\base\base.py. Performing a manipulation results in sql injection. This vulnerability is reported as CVE-2026-4513. The attack is possible to be carried out remotely. Moreover, an exploit is present. The vendor was contacted early about this disclosure but did not respond in any way.