Aggregator
CVE-2026-8467 | phenixdigital phoenix_storybook up to 1.0.x Template String code injection
CVE-2026-24425 | twigphp Twig up to 2.16.x/3.25.x protection mechanism
Webworm APT targets European government organizations with new backdoors
ESET has released an analysis of the 2025 activity of Webworm, a China-aligned APT group tracked as Space Pirates and UAT-8302. Active since at least 2022, the group initially focused on targets in Asia, but has recently expanded its operations into Europe. ESET observed Webworm targeting government organizations in Belgium, Italy, Poland, Serbia, and Spain during 2025. The group also expanded its activity into South Africa, where researchers identified activity involving a local university. Discord … More →
The post Webworm APT targets European government organizations with new backdoors appeared first on Help Net Security.
CVE-2026-32244 | Discourse up to 2026.1.3/2026.3.0/2026.4.0 cache containing sensitive information (GHSA-hjmg-2mww-vfvx / CNNVD-202605-4266)
CVE-2026-32312 | glpi-project glpi up to 11.0.6 authorization (GHSA-cg63-qchq-q626 / CNNVD-202605-4267)
CVE-2026-45585 | Microsoft Windows 11 24H2/11 25H2/11 26H1/Server 2025 YellowKey command injection (WID-SEC-2026-1609 / CNNVD-202605-4268)
On AI Security
Grafana GitHub Breach Linked to TanStack npm Supply Chain Ransomware
Grafana Labs has disclosed a targeted ransomware-linked breach of its GitHub environment, traced to a broader TanStack npm supply chain compromise associated with the “Mini Shai-Hulud” campaign. The incident, detected on May 11, 2026, involved unauthorized access to internal repositories and culminated in a ransom demand issued on May 16 under threat of data disclosure. […]
The post Grafana GitHub Breach Linked to TanStack npm Supply Chain Ransomware appeared first on Cyber Security News.
Akira
You must login to view this content
Pardus Linux Local Privilege Escalation Flaw Allows Silent Root Access
A critical vulnerability chain affecting Pardus Linux has been disclosed, allowing local users to gain full root privileges without authentication. The issue, assigned a CVSS v3.1 score of 9.3, impacts the pardus-update package, a core component responsible for system updates in the Debian-based distribution maintained by TÜBİTAK. Pardus is widely deployed across government institutions, educational […]
The post Pardus Linux Local Privilege Escalation Flaw Allows Silent Root Access appeared first on Cyber Security News.
FreePBX Vulnerability Allow Attackers to Gain Access to User Portals
A critical vulnerability in the open-source IP PBX platform FreePBX could allow unauthenticated attackers to access user portals. The issue, tracked as CVE-2026-46376, affects the User Control Panel (UCP) interface due to hard-coded credentials in the userman module. It impacts FreePBX versions before 16.0.45 and 17.0.7. Systems running outdated versions are at risk if administrators […]
The post FreePBX Vulnerability Allow Attackers to Gain Access to User Portals appeared first on Cyber Security News.
Verizon DBIR: Vulnerability exploitation is the dominant initial access vector
Vulnerability exploitation has overtaken stolen credentials as the most common way attackers gain initial access to target networks, according to the 2026 Verizon Data Breach Investigations Report. This is the first time credential theft has been knocked off the top spot in the report’s 19-year history, the company noted. Known initial access vectors over time (Source: Verizon 2026 DBIR) What is Verizon DBIR? Published annually, Verizon’s DBIR is based on the analysis of real-world data … More →
The post Verizon DBIR: Vulnerability exploitation is the dominant initial access vector appeared first on Help Net Security.
Critical ExifTool Vulnerability Allows Attackers to Compromise Macs via Single Malicious Image
ExifTool, a ubiquitous open-source utility for reading and writing file metadata, is at the center of a severe security flaw affecting macOS environments. Discovered by Kaspersky’s Global Research and Analysis Team (GReAT) in February 2026, CVE-2026-3102 allows threat actors to execute arbitrary shell commands by concealing malicious instructions within an image file’s metadata. By weaponizing […]
The post Critical ExifTool Vulnerability Allows Attackers to Compromise Macs via Single Malicious Image appeared first on Cyber Security News.
«Подпись для вирусов как услуга». Microsoft уничтожила сервис Fox Tempest, который делал вредоносы «легитимными»
Identity Alone Isn't Enough: Why Device Security Has to Share the Load
NanoCo lands $12 million seed funding, launches enterprise assistant built on NanoClaw
NanoCo announced a $12 million seed round, alongside the commercial launch of a professional assistant built on its open-source agent framework NanoClaw. Valley Capital Partners led the round. Docker, Vercel, monday.com, Slow Ventures, Clutch Capital, Factorial Capital, and Hugging Face CEO Clem Delangue participated. NanoCo founders (Photo by Ran Bergman) From open source traction to enterprise product NanoClaw launched as an open source project in February 2026. It has since collected nearly 29,000 GitHub stars … More →
The post NanoCo lands $12 million seed funding, launches enterprise assistant built on NanoClaw appeared first on Help Net Security.