UserGate предупреждает: ProFTPD с открытым модулем SQL можно взломать за секунды
8,1 балла опасности: в ProFTPD нашли дыру, доступную без учётной записи.
Aggregator
Email threat landscape: Q1 2026 trends and insights
1 month 2 weeks ago
In early 2026, email threats increased with a rise in credential phishing, QR code phishing, and CAPTCHA-gated campaigns, highlighted by Microsoft’s disruption of the Tycoon2FA phishing platform which led to a 15% volume decrease and shifts in threat actor tactics.
The post Email threat landscape: Q1 2026 trends and insights appeared first on Microsoft Security Blog.
Microsoft Threat Intelligence and Microsoft Defender Security Research Team
Two new extortion crews are speedrunning the Scattered Spider playbook
1 month 2 weeks ago
CrowdStrike says The Com-affiliated threat groups are using voice phishing and fake SSO pages to break into SaaS environments and steal data fast for extortion.
The post Two new extortion crews are speedrunning the Scattered Spider playbook appeared first on CyberScoop.
Matt Kapko
Email threat landscape: Q1 2026 trends and insights
1 month 2 weeks ago
In early 2026, email threats increased with a rise in credential phishing, QR code phishing, and CAPTCHA-gated campaigns, highlighted by Microsoft’s disruption of the Tycoon2FA phishing platform which led to a 15% volume decrease and shifts in threat actor tactics.
The post Email threat landscape: Q1 2026 trends and insights appeared first on Microsoft Security Blog.
Microsoft Threat Intelligence and Microsoft Defender Security Research Team
Deep#Door Python Backdoor Evades Detection On Windows
1 month 2 weeks ago
Deep#Door Python RAT uses tunneling and obfuscation to evade detection and steal credentials
Submit #803531: Bootstrap CMS v0.9.0-alpha Bootstrap CMS [Accepted]
1 month 2 weeks ago
Submit #803531 / VDB-360316
fortuneh2c
CVE-2026-7506 | SourceCodester Hotel Management System 1.0 check room_type sql injection
1 month 2 weeks ago
A vulnerability labeled as critical has been found in SourceCodester Hotel Management System 1.0. This impacts an unknown function of the file /index.php/reservation/check. Such manipulation of the argument room_type leads to sql injection.
This vulnerability is traded as CVE-2026-7506. The attack may be launched remotely. Furthermore, there is an exploit available.
vuldb.com
CVE-2026-7505 | nextlevelbuilder GoClaw/GoClaw Lite up to 3.8.5 RPC improper authorization (Issue 866)
1 month 2 weeks ago
A vulnerability identified as critical has been detected in nextlevelbuilder GoClaw and GoClaw Lite up to 3.8.5. This affects an unknown function of the component RPC Handler. This manipulation causes improper authorization.
This vulnerability appears as CVE-2026-7505. The attack may be initiated remotely. In addition, an exploit is available.
You should upgrade the affected component.
vuldb.com
Submit #803492: SourceCodester Hotel Management System in PHP using CodeIgniter Framework Free Source Code V1.0 SQL Injection [Accepted]
1 month 2 weeks ago
Submit #803492 / VDB-360315
wangzhongyang085
GNU security advisory (AV26-407)
1 month 2 weeks ago
Canadian Centre for Cyber Security
Submit #803458: Goclaw V0.4.0 Command execution [Accepted]
1 month 2 weeks ago
Submit #803458 / VDB-360314
AiSec
CVE-2026-7503 | code-projects for Plugin 4.1.2cu.5137 /cgi-bin/cstecgi.cgi setWiFiMultipleConfig wepkey2 buffer overflow
1 month 2 weeks ago
A vulnerability categorized as critical has been discovered in code-projects for Plugin 4.1.2cu.5137. The impacted element is the function setWiFiMultipleConfig in the library /lib/cste_modules/wireless.so of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument wepkey2 results in buffer overflow.
This vulnerability is reported as CVE-2026-7503. The attack can be launched remotely. Moreover, an exploit is present.
vuldb.com
Managed vs Self-Managed Cloud Hosting: Choosing the Best Option for Your Business
1 month 2 weeks ago
As more businesses relocate their operations to the cloud, one important decision arises: should you choose managed or…
Owais Sultan
Submit #803120: TOTOLINK A800R V4.1.2cu.5137_B20200730 Stack-based Buffer Overflow [Accepted]
1 month 2 weeks ago
Submit #803120 / VDB-360313
xuanyu
Aur0ra New Threat Actor
1 month 2 weeks ago
You must login to view this content
cohenido
CVE-2026-7502 | LinkStackOrg LinkStack up to 4.8.6 Management Endpoint UserController.php saveLink authorization (ID 975)
1 month 2 weeks ago
A vulnerability was found in LinkStackOrg LinkStack up to 4.8.6. It has been rated as critical. The affected element is the function saveLink of the file app/Http/Controllers/UserController.php of the component Management Endpoint. The manipulation leads to authorization bypass.
This vulnerability is documented as CVE-2026-7502. The attack can be initiated remotely. Additionally, an exploit exists.
The pull request to fix this issue awaits acceptance.
vuldb.com
CVE-2026-7501 | LinkStackOrg LinkStack up to 4.8.6 UserController.php editPage pageDescription cross site scripting (ID 974)
1 month 2 weeks ago
A vulnerability was found in LinkStackOrg LinkStack up to 4.8.6. It has been declared as problematic. Impacted is the function editPage of the file app/Http/Controllers/UserController.php. Executing a manipulation of the argument pageDescription can lead to cross site scripting.
This vulnerability is registered as CVE-2026-7501. It is possible to launch the attack remotely. Furthermore, an exploit is available.
The project was informed of the problem early through a pull request but has not reacted yet.
vuldb.com
我的父亲是黑客
1 month 2 weeks ago
我的父亲是黑客。这名号,在益阳小城的弄堂里传了许多年,弄堂口的青石板被雨浸得发黑,住着的都是些靠手艺吃饭的人,哪见过这号人物。
Submit #801787: LinkStackOrg LinkStack 4.8.6 Authorization Bypass [Accepted]
1 month 2 weeks ago
Submit #801787 / VDB-360312
AliAz
Submit #801651: LinkStackOrg LinkStack 4.8.6 Improper Neutralization of Alternate XSS Syntax [Accepted]
1 month 2 weeks ago
Submit #801651 / VDB-360311
AliAz