Aggregator

A vulnerability, which was classified as critical, was found in pickplugins User Verification by PickPlugins Plugin up to 2.0.46 on WordPress. The impacted element is the function user_verification_form_wrap_process_otpLogin. Executing a manipulation can lead to authentication bypass using alternate channel. This vulnerability is handled as CVE-2026-7458. The attack can be executed remotely. There is not any exploit available.

A sophisticated cybercriminal operation dubbed “AccountDumpling” has compromised approximately 30,000 Facebook accounts worldwide. Discovered by Guardio Labs, this Vietnamese-linked campaign abuses Google’s AppSheet platform to bypass traditional email security filters. By routing fully authenticated phishing lures through legitimate channels, the attackers successfully harvest credentials and identity documents. These stolen Facebook Business accounts are subsequently monetized […]

The post Attackers Abuse Google AppSheet, Netlify, and Telegram in Facebook Phishing Campaign appeared first on Cyber Security News.

A vulnerability, which was classified as problematic, has been found in argoproj Argo CD up to 3.2.10/3.3.8. The affected element is an unknown function of the component ServerSideDiff. Performing a manipulation results in improper removal of sensitive information before storage or transfer. This vulnerability is known as CVE-2026-43824. Remote exploitation of the attack is possible. No exploit is available. It is advisable to upgrade the affected component.

A vulnerability classified as critical was found in mtrudel bandit up to 1.10.x on Untrusted. Impacted is the function Elixir.bandit.Pipeline:determine_scheme in the library lib/bandit/pipeline.ex of the component TCP Connection Handler. Such manipulation leads to reliance on untrusted inputs in a security decision. This vulnerability is traded as CVE-2026-39807. The attack may be launched remotely. There is no exploit available. Upgrading the affected component is advised.

A vulnerability classified as critical has been found in appcheap App Builder Plugin up to 5.6.0 on WordPress. This issue affects the function upload_avatar. This manipulation of the argument user_id causes authorization bypass. This vulnerability appears as CVE-2026-7638. The attack may be initiated remotely. There is no available exploit. It is recommended to upgrade the affected component.

A vulnerability described as problematic has been identified in quantumcloud Simple Link Directory Plugin up to 8.9.2 on WordPress. This vulnerability affects unknown code of the component Shortcode Handler. The manipulation of the argument title_font_size results in cross site scripting. This vulnerability is reported as CVE-2026-7209. The attack can be launched remotely. No exploit exists. Upgrading the affected component is recommended.

A vulnerability marked as problematic has been reported in ckp267 MaxiBlocks Builder Plugin up to 2.1.9 on WordPress. This affects an unknown part of the file /wp-json/maxi-blocks/v1.0/style-card of the component REST API Endpoint. The manipulation of the argument sc_styles leads to cross site scripting. This vulnerability is documented as CVE-2026-6378. The attack can be initiated remotely. There is not any exploit available. It is suggested to upgrade the affected component.

A vulnerability labeled as critical has been found in mtrudel bandit up to 1.10.x. Affected by this issue is the function Elixir.bandit.Headers:get_content_length in the library lib/bandit/headers.ex of the component HTTP Request Handler. Executing a manipulation can lead to http request smuggling. This vulnerability is registered as CVE-2026-39805. It is possible to launch the attack remotely. No exploit is available. The affected component should be upgraded.

A vulnerability identified as problematic has been detected in mtrudel bandit up to 1.10.x. Affected by this vulnerability is the function Elixir.bandit.HTTP2.Frame:deserialize in the library lib/bandit/http2/frame.ex. Performing a manipulation results in allocation of resources. This vulnerability is cataloged as CVE-2026-42788. It is possible to initiate the attack remotely. There is no exploit available. You should upgrade the affected component.

A vulnerability categorized as problematic has been discovered in mtrudel bandit up to 1.10.x. Affected is the function Elixir.Bandit.WebSocket.Connection in the library lib/bandit/websocket/connection.ex. Such manipulation leads to allocation of resources. This vulnerability is listed as CVE-2026-42786. The attack may be performed from remote. There is no available exploit. It is advisable to upgrade the affected component.

A vulnerability was found in mtrudel bandit up to 1.10.x. It has been rated as problematic. This impacts the function Elixir.Bandit.WebSocket.PerMessageDeflate in the library lib/bandit/websocket/permessage_deflate.ex. This manipulation causes allocation of resources. This vulnerability is tracked as CVE-2026-39804. The attack is possible to be carried out remotely. No exploit exists. Upgrading the affected component is advised.

Депутатам рекомендовали перейти на Wire из-за массовых фишинговых атак.

The financial services ecosystem in India is undergoing rapid digital transformation, and fintech organizations sit at the center of this evolution. With increasing cyber threats targeting digital payments, lending platforms, and financial data, regulatory oversight has intensified. The Reserve Bank of India mandates a strong RBI cybersecurity framework that fintechs must follow to ensure resilience, […]

The post RBI Cybersecurity Compliance Checklist for Fintech Organizations appeared first on Kratikal Blogs.

The post RBI Cybersecurity Compliance Checklist for Fintech Organizations appeared first on Security Boulevard.

The financial services ecosystem in India is undergoing rapid digital transformation, and fintec

当全球安全社区还在分析Copy Fail漏洞（CVE-2026-31431）的本地提权PoC时，绿盟科技漏洞研究智能体ApexEye，已在不依赖任何容器逃逸细节或公开PoC的情况下，自主完成了从原理分析到容器逃逸攻击链的完整构建。

微软公司正在测试其对 Windows 11 运行菜单更新，提供一个现代化的界面，该公司表示该界面更快并支持深色模式。该重新设计现正向新实验通道中的 Windows 11 预览体验成员推出。微软公司在一

Кто на самом деле управляет жизнью иранцев в режиме офлайн.

伦敦高等法院周五在三星与中兴两家公司全球许可纠纷的英国诉讼环节中裁定，三星电子必须一次性支付 3.92 亿美元，以获取中兴通讯手机专利的使用许可。中兴通讯已在中国、德国和巴西对三星提起了平行诉讼，目前

英国AI安全研究所（AISI）的最新研究表明，尽管Anthropic公司曾大肆宣传其Mythos预览模型的网络安全威胁，并限制了其发布，但OpenAI的GPT-5.5在网络安全评估中的表现与其不相上下

Microsoft Defender is investigating a high-severity local privilege escalation vulnerability (C