Posts of last 24 hours

US racks up about 400 wins over illegal World Cup streaming sites
The World Cup’s organizing body, FIFA, helped identify hundreds of domains taken down in an action organized by the U.S., along with the help of U.S. broadcaster NBC Universal and other entities.
https://therecord.media/us-takes-down-hundreds-world-cup-streaming-sites
DragonForce Ransomware Leaks Data Allegedly Stolen from U.S. Healthcare Firm VIP Imaging
DragonForce ransomware has published 8.67 GB of data allegedly stolen from VIP Imaging, a U.S. cardiac imaging provider in Anaheim, California. Unverified.
https://darkwebinformer.com/dragonforce-ransomware-leaks-data-allegedly-stolen-from-u-s-healthcare-firm-vip-imaging/
U.S. Seizes Hundreds Domains Used to Stream World Cup Matches Illegally

The U.S. Department of Justice (DOJ) has announced the seizure of nearly 400 domains used to illegally stream FIFA World Cup 2026 matches, marking a significant crackdown on global digital piracy networks. The operation, conducted under “Operation Offsides,” targeted websites that were broadcasting live World Cup matches without authorization, in violation of U.S. copyright laws. […]

The post U.S. Seizes Hundreds Domains Used to Stream World Cup Matches Illegally appeared first on Cyber Security News.

https://cybersecuritynews.com/u-s-seizes-domains-world-cup-matches-illegally/
CVE-2024-21490 | angular 1.3.0 ng-srcset Directive redos (SNYK-JS-ANGULAR-6091113 / Nessus ID 242412)
A vulnerability has been found in angular 1.3.0 and classified as problematic. This issue affects some unknown processing of the component ng-srcset Directive Handler. Performing a manipulation results in inefficient regular expression complexity. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is cataloged as CVE-2024-21490. It is possible to initiate the attack remotely. There is no exploit available.
https://vuldb.com/vuln/253390
CVE-2026-41855 | Vmware Spring Framework up to 5.3.48/6.1.27/6.2.18/7.0.7 deserialization (EUVD-2026-35344)
A vulnerability has been found in Vmware Spring Framework up to 5.3.48/6.1.27/6.2.18/7.0.7 and classified as problematic. Impacted is an unknown function of the component org.springframework.jms.support.converter.MappingJackson2MessageConverter/org.springframework.jms.support.converter.JacksonJsonMessageConverter. The manipulation leads to deserialization. This vulnerability is uniquely identified as CVE-2026-41855. The attack is possible to be carried out remotely. No exploit exists. The affected component should be upgraded.
https://vuldb.com/vuln/369408
CVE-2026-53406 | Zoom Remote Control for Zoom Contact Center up to 6.x on Windows data authenticity (EUVD-2026-36521)
A vulnerability has been found in Zoom Remote Control for Zoom Contact Center up to 6.x on Windows and classified as problematic. This issue affects some unknown processing. This manipulation causes insufficient verification of data authenticity. This vulnerability is registered as CVE-2026-53406. The attack needs to be launched locally. No exploit is available. The affected component should be upgraded.
https://vuldb.com/vuln/369506
CVE-2026-12048 | pgAdmin 4 up to 9.15 Browser Tab cross site scripting (Issue 10068 / WID-SEC-2026-2005)
A vulnerability was found in pgAdmin 4 up to 9.15 and classified as problematic. This affects an unknown function of the component Browser Tab. Executing a manipulation can lead to cross site scripting. This vulnerability is tracked as CVE-2026-12048. The attack can be launched remotely. No exploit exists. It is suggested to upgrade the affected component.
https://vuldb.com/vuln/372293
CVE-2026-12047 | pgAdmin 4 up to 9.15 Backend /rds/verify_credentials errormsg cross site scripting (Issue 10069 / WID-SEC-2026-2005)
A vulnerability was found in pgAdmin 4 up to 9.15. It has been declared as problematic. This affects an unknown part of the file /rds/verify_credentials of the component Backend. Such manipulation of the argument errormsg leads to cross site scripting. This vulnerability is listed as CVE-2026-12047. The attack may be performed from remote. There is no available exploit. It is recommended to upgrade the affected component.
https://vuldb.com/vuln/372309
CVE-2026-12049 | pgAdmin 4 up to 9.15 /mfa/validate Next redirect (Issue 10028 / WID-SEC-2026-2005)
A vulnerability was found in pgAdmin 4 up to 9.15. It has been rated as problematic. This vulnerability affects unknown code of the file /mfa/validate. Performing a manipulation of the argument Next results in open redirect. This vulnerability is cataloged as CVE-2026-12049. It is possible to initiate the attack remotely. There is no exploit available. Upgrading the affected component is advised.
https://vuldb.com/vuln/372310
CVE-2026-12050 | pgAdmin 4 up to 9.15 restore_point str.format sql injection (Issue 10026 / WID-SEC-2026-2005)
A vulnerability has been found in pgAdmin 4 up to 9.15 and classified as critical. The impacted element is the function str.format of the file /browser/server/restore_point. Performing a manipulation results in sql injection. This vulnerability is identified as CVE-2026-12050. The attack can be initiated remotely. There is not any exploit available. The affected component should be upgraded.
https://vuldb.com/vuln/372292

Managed ad