SLH
You must login to view this content
Aggregator
SLH
5 days 1 hour ago
You must login to view this content
cohenido
SLH
5 days 1 hour ago
You must login to view this content
cohenido
SLH
5 days 1 hour ago
You must login to view this content
cohenido
SLH
5 days 1 hour ago
You must login to view this content
cohenido
RCE в Thymeleaf. Уязвимость позволяет захватить тысячи серверов на Spring
5 days 1 hour ago
Разработчики Thymeleaf устранили брешь, позволявшую тайно записывать файлы в систему.
CVE-2026-40459 | PAC4J up to 4.5.9/5.7.9/6.4.0 LDAP Search ldap injection (EUVD-2026-23423)
5 days 1 hour ago
A vulnerability classified as critical has been found in PAC4J up to 4.5.9/5.7.9/6.4.0. Impacted is an unknown function of the component LDAP Handler. Performing a manipulation of the argument Search results in ldap injection.
This vulnerability is reported as CVE-2026-40459. The attack is possible to be carried out remotely. No exploit exists.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2026-31317 | Craftql up to 1.3.7 GetAssetsFieldSchema.php server-side request forgery (EUVD-2026-23428)
5 days 1 hour ago
A vulnerability described as critical has been identified in Craftql up to 1.3.7. This issue affects some unknown processing of the file vendor/markhuot/craftql/src/Listeners/GetAssetsFieldSchema.php. Such manipulation leads to server-side request forgery.
This vulnerability is documented as CVE-2026-31317. The attack can be executed remotely. There is not any exploit available.
vuldb.com
CVE-2026-40458 | PAC4J up to 5.7.9/6.4.0 String.hashCode cross-site request forgery
5 days 1 hour ago
A vulnerability marked as problematic has been reported in PAC4J up to 5.7.9/6.4.0. This vulnerability affects the function String.hashCode. This manipulation causes cross-site request forgery.
This vulnerability is registered as CVE-2026-40458. Remote exploitation of the attack is possible. No exploit is available.
It is suggested to upgrade the affected component.
vuldb.com
Safepay
5 days 1 hour ago
You must login to view this content
cohenido
Qilin
5 days 1 hour ago
You must login to view this content
cohenido
Every Old Vulnerability Is Now an AI Vulnerability
5 days 2 hours ago
AI's danger isn't that it's creating new bugs, it's that it's amplifying old ones.
Nik Kale
$505 миллионов за 19 дней. Криминальный рынок Xinbi Guarantee захватил Telegram
5 days 2 hours ago
Почему руководство Telegram предпочитает не замечать очевидное?
DraftKings hacker sentenced to prison, ordered to pay $1.4 Million
5 days 2 hours ago
A DraftKings hacker got 30 months in prison for selling stolen credentials and must pay over $1.4 million in fines and restitution. Kamerin Stokes, 23, from Memphis (aka TheMFNPlug), received a 30-month prison sentence for his role in a 2022 credential stuffing attack against DraftKings. He continued selling stolen login data online even after pleading […]
Pierluigi Paganini
Attackers Weaponize CVE-2026-39987 to Spread Blockchain-Based Backdoor Via Hugging Face
5 days 2 hours ago
A critical vulnerability in the marimo Python notebook platform is now being actively used by attackers to deploy a blockchain-powered backdoor on developer systems. The flaw, tracked as CVE-2026-39987, allows remote code execution without authentication, making it a dangerous entry point for threat actors leveraging it to install a new variant of the NKAbuse malware […]
The post Attackers Weaponize CVE-2026-39987 to Spread Blockchain-Based Backdoor Via Hugging Face appeared first on Cyber Security News.
Tushar Subhra Dutta
Ukraine confirms suspected APT28 campaign targeting prosecutors, anti-corruption agencies
5 days 2 hours ago
The intrusions exploited vulnerabilities in the open-source Roundcube webmail platform that allow attackers to execute malicious code when a victim simply opens an email in their inbox.
Fake Ledger Hardware Wallets on Chinese Marketplaces Steal Crypto Seeds and PINs
5 days 2 hours ago
A Brazilian cybersecurity researcher has exposed a sophisticated, large-scale supply chain scam involving counterfeit Ledger Nano S Plus hardware wallets sold through a Chinese marketplace, devices engineered from the ground up to silently drain cryptocurrency across roughly 20 blockchains. The findings, posted to Reddit by user u/Past_Computer2901, have sent shockwaves through the crypto security community, […]
The post Fake Ledger Hardware Wallets on Chinese Marketplaces Steal Crypto Seeds and PINs appeared first on Cyber Security News.
Guru Baran
Смена поз, откровенные наряды и обход фильтров. Нейросеть Илона Маска продолжает штамповать сексуализированные дипфейки
5 days 2 hours ago
Громкие обещания руководства оказались пустым звуком.
CVE-1999-0871 | Microsoft Internet Explorer 4.0/4.0.1 Frame privileges management (MS98-013 / XFDB-3668)
5 days 2 hours ago
A vulnerability identified as critical has been detected in Microsoft Internet Explorer 4.0/4.0.1. The impacted element is an unknown function of the component Frame Handler. The manipulation leads to improper privilege management.
This vulnerability is traded as CVE-1999-0871. It is possible to initiate the attack remotely. There is no exploit available.
To fix this issue, it is recommended to deploy a patch.
vuldb.com
CVE-1999-1048 | GNU Bash 1.4.17/2.0.0 Directory Name memory corruption (XFDB-3414 / OSVDB-8345)
5 days 2 hours ago
A vulnerability labeled as critical has been found in GNU Bash 1.4.17/2.0.0. This affects an unknown function of the component Directory Name Handler. The manipulation results in memory corruption.
This vulnerability is known as CVE-1999-1048. Attacking locally is a requirement. Furthermore, an exploit is available.
It is recommended to add additional authentication.
vuldb.com