Aggregator

UPGRADE and DigiSeals Programs at ARPA-H Remain Fully Funded
A U.S. federal grant effort to develop autonomous medical device patching platforms for hospitals evaded the budget-cutting knife of the Trump administration. Program boosters hope to automate cyber defenses so that hospitals of any size can more quickly patch vulnerabilities.

Officials Warned New Models Could Accelerate Cyber Risks Faster Than Rules
Global finance officials meeting in Washington warned that advanced artificial intelligence models could expose structural weaknesses across banking and payment systems, speeding vulnerability discovery and cyber exploitation faster than regulators can build guardrails.

Tyler Buchanan Pleads Guilty to Conspiracy to Commit Wire Fraud and Identity Theft
A senior figure in the Scattered Spider cybercrime group pleaded guilty to one count of conspiracy to commit wire fraud and one count of aggravated identity theft on Friday in US federal district court. The plea marks the conclusion of a digital crime spree by Tyler Robert Buchanan.

A vulnerability has been found in elzahlan Categories Images Plugin up to 3.3.1 on WordPress and classified as problematic. Affected by this vulnerability is the function z_taxonomy_image of the component Shortcode Handler. The manipulation leads to cross site scripting. This vulnerability is listed as CVE-2026-2505. The attack may be initiated remotely. There is no available exploit.

A vulnerability, which was classified as problematic, was found in vanderwijk Content Blocks Plugin up to 3.3.9 on WordPress. Affected is the function content_block of the component Custom Post Widget. Executing a manipulation can lead to cross site scripting. This vulnerability is tracked as CVE-2026-0894. The attack can be launched remotely. No exploit exists.

A Mirai variant called Nexcorium exploits a flaw in TBK DVRs to infect devices and use them in DDoS attacks, along with outdated TP-Link routers. Fortinet researchers found that threat actors are exploiting vulnerabilities in TBK DVRs and end-of-life TP-Link routers to spread a Mirai variant called Nexcorium. “IoT devices are increasingly prime targets for […]

В Visual Studio 18.5 появился «автопилот» для отладки, но за экономию времени придется платить.

Детекторы годами игнорировали грубость генеративных алгоритмов. Пора это исправить.

A vulnerability, which was classified as problematic, has been found in Zebra. This impacts an unknown function of the component Cached Mempool Verification. Performing a manipulation results in comparison using wrong factors. This vulnerability is identified as CVE-2026-40880. The attack can be initiated remotely. There is not any exploit available. It is advisable to upgrade the affected component.

A vulnerability classified as problematic was found in Zebra. This affects an unknown function of the component addr Message Handler. Such manipulation leads to resource consumption. This vulnerability is referenced as CVE-2026-40881. It is possible to launch the attack remotely. No exploit is available. Upgrading the affected component is advised.

Некогда сложные правила заменили на интуитивно понятный конструктор.

Name: WRECKCTF 2026 (an WRECKCTF event.)
Date: April 17, 2026, 4 a.m. — 18 April 2026, 04:00 UTC  [add to calendar]
Format: Jeopardy
On-line
Offical URL: http://wreckctf.com/
Rating weight: 0
Event organizers: Mad H@tters

Name: ZeroSecure CTF 2026 (an ZeroSecure CTF event.)
Date: April 17, 2026, 5:30 a.m. — 18 April 2026, 05:30 UTC  [add to calendar]
Format: Jeopardy
On-site
Offical URL: https://www.zerosecurectf.online/
Rating weight: 0.00
Event organizers: CLIENT - ZERO

Name: 47CON CTF 2026 (an 47CON CTF event.)
Date: April 17, 2026, 8 a.m. — 18 April 2026, 08:00 UTC  [add to calendar]
Format: Jeopardy
On-line
Location: Valladolid (Spain)
Offical URL: https://sugusuva.es/ctfd/
Rating weight: 0
Event organizers: SUGUS

A vulnerability classified as problematic has been found in Little CMS up to 2.18. The impacted element is an unknown function of the file cmslut.c of the component CubeSize. This manipulation causes incorrect behavior order. The identification of this vulnerability is CVE-2026-41254. The attack can only be executed locally. There is no exploit available.

A vulnerability described as critical has been identified in leepeuker movary up to 0.71.0. The affected element is an unknown function of the file /settings/users/ of the component Endpoint. The manipulation results in missing authorization. This vulnerability was named CVE-2026-40349. The attack may be performed from remote. There is no available exploit. Upgrading the affected component is recommended.

A vulnerability marked as problematic has been reported in gitroomhq postiz-app up to 2.21.5. Impacted is an unknown function. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2026-40487. The attack is possible to be carried out remotely. No exploit exists. It is suggested to upgrade the affected component.

A vulnerability labeled as critical has been found in nocobase up to 2.0.36. This issue affects some unknown processing. Executing a manipulation can lead to server-side request forgery. This vulnerability is handled as CVE-2026-40346. The attack can be executed remotely. There is not any exploit available. The affected component should be upgraded.