Aggregator

A vulnerability classified as problematic was found in VertiGIS FM up to 10.13.402. Affected by this vulnerability is an unknown functionality. Such manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2026-3877. The attack can be launched remotely. No exploit exists. Upgrading the affected component is advised.

A vulnerability classified as critical has been found in VertiGIS FM up to 10.11.362. Affected is an unknown function. This manipulation causes externally controlled reference. This vulnerability is handled as CVE-2026-0522. The attack can be initiated remotely. There is not any exploit available. It is recommended to upgrade the affected component.

A vulnerability described as problematic has been identified in Corosync. This impacts an unknown function of the component UDP Packet Handler. The manipulation results in integer overflow. This vulnerability is known as CVE-2026-35092. It is possible to launch the attack remotely. No exploit is available.

A vulnerability marked as critical has been reported in Corosync. This affects an unknown function of the component UDP Packet Handler. The manipulation leads to incorrect check of function return value. This vulnerability is traded as CVE-2026-35091. It is possible to initiate the attack remotely. There is no exploit available. To fix this issue, it is recommended to deploy a patch.

A vulnerability labeled as critical has been found in shsuishang modulithshop up to 829bac71f507e84684c782b9b062b8bf3b5585d6. The impacted element is the function listItem of the file src/main/java/com/suisung/shopsuite/pt/service/impl/ProductIndexServiceImpl.java of the component ProductItemDao Interface. Executing a manipulation of the argument sidx/sort can lead to sql injection. This vulnerability appears as CVE-2026-5328. The attack may be performed from remote. In addition, an exploit is available. This product utilizes a rolling release system for continuous delivery, and as such, version information for affected or updated releases is not disclosed. A patch should be applied to remediate this issue.

漏洞来源一个评分十分的严重漏洞漏洞描述SandboxJS 是一个 JavaScript 沙箱库。在 0.8.34 版本之前，可以获取包含 Function 数组，从而导致沙箱逃逸。如果拥有包含 Function 的数组和 Object.fromEntries，就可以构造 {[p]: Function}，其中 p 是任何可构造的属。此漏洞已在 0.8.34 版本中修复漏洞原理CVE-2026-269

Venom Stealer malware-as-a-service automates ClickFix social engineering, credential and crypto exfiltration

Submit #780789 / VDB-354659

Submit #780776 / VDB-354658

Exabeam has announced the expansion of Exabeam Agent Behavior Analytics (ABA). Without direct visibility into how employees use AI assistants, what they query, what data they share, how frequently they interact, and from where, organizations cannot establish a baseline for normal AI behavior, investigate potential misuse, or detect emerging agentic insider threats. New support to detect agent behavior in OpenAI ChatGPT and Microsoft Copilot, alongside existing visibility into Google Gemini, transforms these agentic services into … More →

The post Exabeam expands ABA to detect AI agent threats across ChatGPT, Copilot, and Gemini appeared first on Help Net Security.

Submit #780773 / VDB-354657

Submit #780766 / VDB-354656

随着 Claude Code 的普及，大量用户选择通过第三方中转站（API Proxy）来使用 Claude 模型。然而，中转站作为用户与官方 API 之间的中间层，天然具备篡改请求和响应的能力。本文将从上下文空间异常、模型造假、提示词投毒三个维度，揭示中转站可能存在的安全风险，并给出对应的检测方法。

Submit #780752 / VDB-354655

Artificial intelligence agents are rapidly becoming integral to enterprise workflows, but they also introduce new attack surfaces. Security researchers recently uncovered a significant vulnerability within Google Cloud Platform’s Vertex AI Agent Engine. By exploiting default permission scoping, attackers could weaponize deployed AI agents into “double agents” that secretly exfiltrate data and compromise cloud infrastructure. Exploiting […]

The post Google Cloud’s Vertex AI platform Vulnerability Allow Attackers to Access Sensitive Data appeared first on Cyber Security News.

Submit #780733 / VDB-242865

Submit #780731 / VDB-354654

Как черные дыры спасают физику от краха.

A recent cybersecurity study reveals that threat actors are moving faster than ever to weaponize new software flaws. According to data collected from a high-interaction honeypot, hackers are actively exploiting a newly disclosed, maximum-severity vulnerability in Oracle WebLogic Server. The critical flaw, tracked as CVE-2026-21962, carries a CVSS score of 10.0. It allows unauthenticated attackers […]

The post Hackers Actively Exploiting Critical WebLogic RCE Vulnerabilities in Attacks appeared first on Cyber Security News.