Aggregator

Trivy supply-chain attack spreads to Docker, GitHub repos

1 month ago

The TeamPCP hackers behind the Trivy supply-chain attack continued to target Aqua Security, pushing malicious Docker images and hijacking the company's GitHub organization to tamper with dozens of repositories. [...]

Bill Toulas

Диоды — всё? Китайские ученые использовали экзотический металл, чтобы создать супер-антенну, которой не нужен кремний

Securitylab.ru

1 month ago

Разработка Китайской академии наук показала широкую полосу, низкое энергопотребление и стабильную работу там, где тепловой шум обычно рушит чувствительность.

Critical NetScaler ADC and Gateway Vulnerabilities Enable Remote Attacks on Affected Systems

Cyber Security News

1 month ago

Cloud Software Group has released urgent security patches for NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway), addressing two significant vulnerabilities that could allow unauthenticated remote attackers to compromise affected systems. Organizations running customer-managed deployments are strongly urged to apply the updates immediately. CVE-2026-3055: Critical Out-of-Bounds Read via SAML IDP The more […]

The post Critical NetScaler ADC and Gateway Vulnerabilities Enable Remote Attacks on Affected Systems appeared first on Cyber Security News.

Guru Baran

An AI-powered phishing campaign has compromised hundreds of organizations

CyberScoop

1 month ago

Huntress researchers said it’s likely the victims they've identified represent just a fraction of compromised organizations worldwide.

The post An AI-powered phishing campaign has compromised hundreds of organizations appeared first on CyberScoop.

djohnson

Physical Bitcoin Attacks: A Comprehensive Database of Known Physical Attacks Against Bitcoin and Crypto Asset Holders Occurring in Meatspace

Dark Web Informer - Cyber Threat Intelligence

1 month ago

A comprehensive database of known physical attacks against Bitcoin and crypto asset holders occurring in meatspace.

Dark Web Informer

Langflow CSV Agent 远程代码执行漏洞（CVE-2026-27966）代码层面深度分析

先知技术社区

1 month ago

Langflow CSV Agent 远程代码执行漏洞（CVE-2026-27966）代码层面深度分析

CVE-2026-33500 | WWBN AVideo up to 26.0 Markdown Link inlineLink cross site scripting (EUVD-2026-13916)

VulDB Recent Entries

1 month ago

A vulnerability classified as problematic has been found in WWBN AVideo up to 26.0. This affects the function inlineLink of the component Markdown Link Handler. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2026-33500. The attack is possible to be carried out remotely. No exploit exists. To fix this issue, it is recommended to deploy a patch.

vuldb.com

CVE-2026-26828 | owntone-server up to 3d1652d DAAP src/httpd_daap.c daap_reply_playlists null pointer dereference (EUVD-2026-14463)

VulDB Recent Entries

1 month ago

A vulnerability described as problematic has been identified in owntone-server up to 3d1652d. The impacted element is the function daap_reply_playlists of the file src/httpd_daap.c of the component DAAP Handler. Executing a manipulation can lead to null pointer dereference. This vulnerability is handled as CVE-2026-26828. The attack can be executed remotely. There is not any exploit available.

vuldb.com

CVE-2026-24516 | DigitalOcean Droplet Agent up to 1.3.2 Metadata Service Endpoint actioner.go command injection (EUVD-2026-14461)

VulDB Recent Entries

1 month ago

A vulnerability marked as critical has been reported in DigitalOcean Droplet Agent up to 1.3.2. The affected element is an unknown function of the file internal/troubleshooting/actioner/actioner.go of the component Metadata Service Endpoint. Performing a manipulation results in command injection. This vulnerability is known as CVE-2026-24516. Remote exploitation of the attack is possible. No exploit is available.

vuldb.com

CVE-2026-26829 | owntone-server up to c4d57aa src/misc.c safe_atou64 null pointer dereference (EUVD-2026-14465)

VulDB Recent Entries

1 month ago

A vulnerability labeled as problematic has been found in owntone-server up to c4d57aa. Impacted is the function safe_atou64 of the file src/misc.c. Such manipulation leads to null pointer dereference. This vulnerability is traded as CVE-2026-26829. The attack may be launched remotely. There is no exploit available.

vuldb.com

CVE-2026-33501 | WWBN AVideo up to 26.0 list.json.php User::isAdmin authorization (EUVD-2026-13917)

VulDB Recent Entries

1 month ago

A vulnerability identified as problematic has been detected in WWBN AVideo up to 26.0. This issue affects the function User::isAdmin of the file plugin/Permissions/View/Users_groups_permissions/list.json.php. This manipulation causes missing authorization. This vulnerability appears as CVE-2026-33501. The attack may be initiated remotely. There is no available exploit. It is recommended to apply a patch to fix this issue.

vuldb.com

CVE-2026-33499 | WWBN AVideo up to 26.0 Parameter view/forbiddenPage.php unlockPassword cross site scripting

VulDB Recent Entries

1 month ago

A vulnerability categorized as problematic has been discovered in WWBN AVideo up to 26.0. This vulnerability affects unknown code of the file view/forbiddenPage.php of the component Parameter Handler. The manipulation of the argument unlockPassword results in cross site scripting. This vulnerability is reported as CVE-2026-33499. The attack can be launched remotely. No exploit exists. It is best practice to apply a patch to resolve this issue.

vuldb.com

Интернет по талонам. Как работает система «белых списков» для избранных

Securitylab.ru

1 month ago

Рассказываем, во сколько теперь обходится минута связи в Тегеране.

Новый ноутбук тормозит? Инструкция по радикальной очистке ПК от заводского мусора без потери гарантии

Securitylab.ru

1 month ago

Что можно снести, а что — смертельно опасно трогать?

Most Cybersecurity Staff Don’t Know How Fast They Could Stop a Cyber-Attack on AI Systems

Information Security Magazine

1 month ago

ISACA survey found that confusion over responsibility and lack of understanding around AI cyber-attacks makes containing them difficult

Libyan Oil Refinery Hit in Long-Running Espionage Campaign Using AsyncRAT

Cyber Security News

1 month ago

A Libyan oil refinery, a telecoms organization, and a state institution fell victim to a coordinated espionage campaign between November 2025 and February 2026. The attacks delivered AsyncRAT, a publicly available remote access Trojan with a documented history of use by state-sponsored threat groups, raising immediate concerns about the security of Libya’s critical infrastructure. AsyncRAT […]

The post Libyan Oil Refinery Hit in Long-Running Espionage Campaign Using AsyncRAT appeared first on Cyber Security News.

Tushar Subhra Dutta

US sentences Nigerian national to 7 years in $6 million email fraud scheme

The Record

1 month ago

James Junior Aliyu, 31, received a 90-month prison sentence for conspiracy to commit wire fraud and money laundering, U.S. Immigration and Customs Enforcement said Saturday.

Akira

Dark Feed IO

1 month ago

You must login to view this content

cohenido

Akira

Dark Feed IO

1 month ago

You must login to view this content

cohenido

CVE-2026-32845 | jkuhlmann cgltf up to 1.15.0 glTF/GLB cgltf_validate size integer overflow

VulDB Recent Entries

1 month ago

A vulnerability was found in jkuhlmann cgltf up to 1.15.0. It has been rated as problematic. This affects the function cgltf_validate of the component glTF/GLB. The manipulation of the argument size leads to integer overflow. This vulnerability is documented as CVE-2026-32845. The attack needs to be performed locally. There is not any exploit available.

vuldb.com

Aggregator

Managed ad