Aggregator

A vulnerability identified as problematic has been detected in Hitachi Infrastructure Analytics Advisor and Ops Center Analyzer. Impacted is an unknown function. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2026-2072. The attack is possible to be carried out remotely. No exploit exists. You should upgrade the affected component.

A vulnerability classified as problematic has been found in PeproDev PeproDev Ultimate Invoice Plugin up to 2.2.5 on WordPress. The impacted element is an unknown function of the component ZIP File Parser. Performing a manipulation results in information disclosure. This vulnerability was named CVE-2026-2343. The attack may be initiated remotely. There is no available exploit.

A vulnerability was found in OM Digital Solutions OM Workspace up to 2.4. It has been classified as problematic. This affects an unknown part of the component Installer. Performing a manipulation results in uncontrolled search path. This vulnerability is cataloged as CVE-2026-26306. The attack must be initiated from a local position. There is no exploit available.

A vulnerability described as problematic has been identified in Sanyo Denki Sanups Software Standalone and Sanups Software. The affected element is an unknown function of the component Windows Service. Such manipulation leads to unquoted search path. This vulnerability is uniquely identified as CVE-2026-33253. Local access is required to approach this attack. No exploit exists.

A vulnerability has been found in Sharp home 5G HR01, home 5G HR02, Wi-Fi STATION SH-52A, Wi-Fi STATION SH-52B, Wi-Fi STATION SH-54C, 5G Mobile Router SH-U01, Pocket WiFi 5G A503SH and Speed Wi-Fi 5G X01 and classified as critical. The affected element is an unknown function. The manipulation leads to missing authentication. This vulnerability is referenced as CVE-2026-32326. The attack needs to be initiated within the local network. No exploit is available.

Cloud VMs offer unmatched speed, scale and flexibility – all of which could eventually count for little if they’re left to fend for themselves

快来报名一起学习

从Trivy到LiteLLM，连环攻击是怎么发生的？

看雪论坛作者ID：Taardisaa

智慧校园代码审计

安全“养虾”秘密武器，原来是TA

Исход противостояния определит будущее домашних развлечений.

UK police trumpet success of Operation Henhouse as they seize and freeze over £27m in suspected fraud proceeds

Security research team has uncovered a critical vulnerability in ClawHub, the public skills registry for the OpenClaw agentic ecosystem. This flaw allowed attackers to artificially inflate the download counts of malicious skills, thereby bypassing security checks and manipulating search rankings. By pushing a compromised skill to the top, threat actors could orchestrate massive supply-chain attacks […]

The post ClawHub Vulnerability Let Attackers Manipulate Rankings to Become the #1 Skill appeared first on Cyber Security News.

Passwordless authentication was supposed to mark the end of account takeovers. Designed to replace traditional passwords with cryptographic keys tied to physical devices, it promised a future where stolen credentials could no longer unlock user accounts. But a close examination of how Google has actually built its passkey ecosystem reveals something far more complex than […]

The post Google Authenticator’s Hidden Passkey Architecture Could Open New Passwordless Attack Paths appeared first on Cyber Security News.

Свидетели утверждают, что улыбка не сходила с лица зачинщика до финала.

Auto mode is a new permissions feature in the Claude Code system that allows the AI to make approval decisions on a user’s behalf while safeguards review actions before execution. The feature is available on Team plans and requires administrator approval before use, with support for Enterprise and API users expected soon. It runs on newer models such as Claude Sonnet 4.6 and Claude Opus 4.6, and excludes older versions and third party platforms. By … More →

The post Anthropic trims action approval loop, lets Claude Code make the call appeared first on Help Net Security.

TeamPCP backdoored LiteLLM v1.82.7–1.82.8, likely via Trivy CI/CD, adding tools to steal credentials, move in Kubernetes, and keep persistent access. Threat actor TeamPCP compromised LiteLLM versions 1.82.7 and 1.82.8, likely through a Trivy CI/CD breach. LiteLLM, with over 95 million monthly downloads, helps developers route LLM requests via a single API. The malicious releases, now […]

A vulnerability was found in UltraJSON up to 5.11.x on Python and classified as problematic. Impacted is the function ujson.dumps. Executing a manipulation can lead to integer overflow. This vulnerability is handled as CVE-2026-32875. The attack can be executed remotely. There is not any exploit available. It is suggested to upgrade the affected component.

A vulnerability classified as critical has been found in dadrus heimdall up to 0.17.10. The affected element is an unknown function of the file /mypath?foo=bar of the component Control Decision Service. Performing a manipulation of the argument Query results in escaping of output. This vulnerability is cataloged as CVE-2026-32811. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.