Posts of last 24 hours
A vulnerability classified as critical has been found in zephyrproject zephyr up to 4.4.x. Affected by this vulnerability is the function igmp_send of the file subsys/net/ip/igmp.c of the component Network Interface. Performing a manipulation results in use after free.
This vulnerability is cataloged as CVE-2026-10636. It is possible to initiate the attack remotely. There is no exploit available.
It is recommended to upgrade the affected component.
https://vuldb.com/vuln/371350
A vulnerability classified as critical was found in zephyrproject zephyr up to 4.4.x. Affected by this issue is the function mld_send of the file subsys/net/ip/ipv6_mld.c of the component Packet Interface. Executing a manipulation can lead to use after free.
This vulnerability is registered as CVE-2026-10637. The attack requires access to the local network. No exploit is available.
Upgrading the affected component is advised.
https://vuldb.com/vuln/371351
A vulnerability classified as problematic was found in Saad Iqbal WP EasyPay Plugin up to 4.4.0 on WordPress. This impacts an unknown function. Such manipulation leads to cross-site request forgery.
This vulnerability is referenced as CVE-2026-56024. It is possible to launch the attack remotely. No exploit is available.
https://vuldb.com/vuln/372261
A vulnerability classified as critical has been found in Microsoft Edge. This impacts an unknown function. Performing a manipulation results in cross site scripting.
This vulnerability is known as CVE-2026-32208. Remote exploitation of the attack is possible. No exploit is available.
https://vuldb.com/vuln/372316
A vulnerability labeled as critical has been found in joomshaper SP Page Builder extension for Joomla 1.0.0-6.6.1 on Joomla. Affected is an unknown function of the component SP Page. Such manipulation leads to improper access controls.
This vulnerability is documented as CVE-2026-48908. The attack can be executed remotely. There is not any exploit available.
https://vuldb.com/vuln/372537
A vulnerability, which was classified as critical, has been found in pgAdmin 4 up to 9.15. Impacted is an unknown function of the component Database Driver. This manipulation causes sql injection.
The identification of this vulnerability is CVE-2026-12045. It is possible to initiate the attack remotely. There is no exploit available.
It is advisable to upgrade the affected component.
https://vuldb.com/vuln/372290
A vulnerability was found in libssh2 up to 1.11.1 and classified as critical. This affects the function ssh2_transport_read of the component SSH Handler. Such manipulation leads to integer overflow to buffer overflow.
This vulnerability is referenced as CVE-2026-55200. It is possible to launch the attack remotely. No exploit is available.
It is best practice to apply a patch to resolve this issue.
https://vuldb.com/vuln/372111
Threat actors associated with the Anubis ransomware operation have been observed exploiting the Citrix Bleed 2 (CVE-2025-5777) vulnerability to obtain initial access.
"Although tactics differ between affiliates, common patterns emerged in tradecraft through use of legitimate Remote Management and Monitoring (RMM) tooling, credential access, and hands-on-keyboard procedures used for lateral
https://thehackernews.com/2026/07/ransomware-groups-turn-to-citrix-bleed.html
How a coordinated strike against a 2-million-device botnet exposes the hidden economy of residential proxies, and what it means for anyone with a connected device at home.
https://darkwebinformer.com/your-smart-tv-might-be-working-for-cybercriminals-inside-googles-takedown-of-the-netnut-proxy-network/
A stealthy campaign is turning trusted remote access software into a weapon against everyday users and businesses. Attackers have hidden the AsyncRAT trojan inside fake software installers, letting it slip past basic security checks. The campaign relies on DLL sideloading and a legitimate remote tool called ScreenConnect, making it hard for victims to notice anything […]
The post AsyncRAT Campaign Uses DLL Sideloading and ScreenConnect for Stealthy Remote Access appeared first on Cyber Security News.
https://cybersecuritynews.com/asyncrat-campaign-uses-dll-sideloading/