Aggregator

A vulnerability has been found in SourceCodester Pharmacy Product Management System 1.0 and classified as critical. The affected element is an unknown function of the file add-sales.php. This manipulation of the argument txtprice/txttotalcost causes enforcement of behavioral workflow. The identification of this vulnerability is CVE-2026-30573. It is possible to initiate the attack remotely. There is no exploit available.

BLE 蓝牙协议：对智能设备的BLE抓包实战 (HCI + 空口)

Most teams govern AI workloads at the application layer. They configure guardrails for their Bedrock agents, scope IAM roles per workload, and build policies around approved models. That discipline matters, but it breaks down the moment a developer spins up a new account or invokes a model directly without touching the application stack. Org-level enforcement […]

The post 5 AWS AI Controls Every Security Team Should Have  appeared first on Security Boulevard.

Red Canary's monthly roundup of upcoming security conferences and call for papers (CFP) submission deadlines

漏洞来源漏洞描述n8n 是一个开源工作流自动化平台。在 2.2.0 和 1.123.8 版本之前，拥有创建或修改工作流权限的已认证用户可以利用 git 操作链接“从磁盘读取/写入文件”节点，从而实现远程代码执行。攻击者通过写入特定的配置文件并触发 git 操作，即可在 n8n 主机上执行任意 shell 命令。此问题已在 n8n 2.2.0 和 1.123.8 版本中修复。用户应升级到这些版本或更

New research maps the full infostealer lifecycle. Your credentials go from an employee’s device to an underground marketplace in less time than it takes your security team to notice anything is wrong. On March 24, 2026, researchers at Whiteintel’s Intelligence Division published a detailed map of the full infostealer lifecycle, tracing the exact sequence from […]

The post 48 Hours: The Window Between Infostealer Infection and Dark Web Sale appeared first on Security Boulevard.

AI辅助还原Coruna漏洞利用链混淆代码

ciscn-web-isw

Vulta Intelligence Launches as Credential Lookup Service With 14.2 Billion Indexed Records, Telegram Bot, and Pay-Per-Query ULP Extraction

一般威胁行为者登录系统时，绝不会使用真实 IP 地址。

A vulnerability, which was classified as problematic, was found in pymanager up to 26.0. Impacted is an unknown function of the component Working Directory Handler. The manipulation results in an unknown weakness. This vulnerability was named CVE-2026-5271. The attack needs to be approached locally. There is no available exploit. You should upgrade the affected component.

A vulnerability, which was classified as critical, has been found in libinput. This issue affects some unknown processing of the component Lua Handler. The manipulation leads to code injection. This vulnerability is uniquely identified as CVE-2026-35093. Local access is required to approach this attack. No exploit exists.

A vulnerability classified as problematic was found in libinput. This vulnerability affects unknown code. Executing a manipulation can lead to expired pointer dereference. This vulnerability is handled as CVE-2026-35094. It is possible to launch the attack on the local host. There is not any exploit available.

A vulnerability classified as problematic has been found in Tinybeans Private Family Album App 5.9.5-prod. This affects an unknown part. Performing a manipulation results in Local Privilege Escalation. This vulnerability is known as CVE-2026-30289. Attacking locally is a requirement. No exploit is available.

A vulnerability described as critical has been identified in Volcengine OpenViking up to 0.2.13. Affected by this issue is some unknown functionality of the file /bot/v1/chat. Such manipulation leads to missing authentication. This vulnerability is traded as CVE-2026-34999. The attack may be launched remotely. There is no exploit available. Upgrading the affected component is recommended.

A vulnerability marked as critical has been reported in Bytedance DeerFlow. Affected by this vulnerability is an unknown functionality. This manipulation causes incomplete blacklist. This vulnerability appears as CVE-2026-34430. The attack may be initiated remotely. There is no available exploit. It is suggested to install a patch to address this issue.

Author, Creator & Presenter: Kody Lundell, CEH - Senior Security Engineer at Podium

Our thanks to BSidesSLC for publishing their Creators, Authors and Presenter’s outstanding BSidesSLC 2025 content on the Organizations' YouTube Channel.

Permalink

The post BSidesSLC 2025 – Cybersecurity At Home – Protecting Your Family In A Connected World appeared first on Security Boulevard.

A vulnerability labeled as problematic has been found in Deep Thought Industries ACE Scanner PDF Scanner App 1.4.5 on Android. Affected is an unknown function of the component File Import. The manipulation results in Local Privilege Escalation. This vulnerability is reported as CVE-2026-30287. The attack requires a local approach. No exploit exists.

A vulnerability identified as critical has been detected in SourceCodester Loan Management System 1.0. This impacts an unknown function of the component Loan Plan Handler. The manipulation of the argument penalty_rate leads to business logic errors. This vulnerability is documented as CVE-2026-30522. The attack can be initiated remotely. There is not any exploit available.

A vulnerability categorized as problematic has been discovered in LibRaw up to 0.22.0. This affects the function LibRaw::nikon_load_padded_packed_raw of the file src/decoders/decoders_libraw.cpp of the component TIFF/NEF. Executing a manipulation of the argument load_flags/raw_width can lead to out-of-bounds read. This vulnerability is registered as CVE-2026-5342. It is possible to launch the attack remotely. Furthermore, an exploit is available. It is advisable to upgrade the affected component.