Aggregator

SLH

Dark Feed IO
5 days 7 hours ago

You must login to view this content

cohenido

SLH

Dark Feed IO
5 days 7 hours ago

You must login to view this content

cohenido

SLH

Dark Feed IO
5 days 7 hours ago

You must login to view this content

cohenido

SLH

Dark Feed IO
5 days 7 hours ago

You must login to view this content

cohenido

SLH

Dark Feed IO
5 days 7 hours ago

You must login to view this content

cohenido

SLH

Dark Feed IO
5 days 7 hours ago

You must login to view this content

cohenido

SLH

Dark Feed IO
5 days 7 hours ago

You must login to view this content

cohenido

CVE-2026-40459 | PAC4J up to 4.5.9/5.7.9/6.4.0 LDAP Search ldap injection (EUVD-2026-23423)

VulDB Recent Entries
5 days 7 hours ago
A vulnerability classified as critical has been found in PAC4J up to 4.5.9/5.7.9/6.4.0. Impacted is an unknown function of the component LDAP Handler. Performing a manipulation of the argument Search results in ldap injection. This vulnerability is reported as CVE-2026-40459. The attack is possible to be carried out remotely. No exploit exists. It is recommended to upgrade the affected component.
vuldb.com

CVE-2026-31317 | Craftql up to 1.3.7 GetAssetsFieldSchema.php server-side request forgery (EUVD-2026-23428)

VulDB Recent Entries
5 days 7 hours ago
A vulnerability described as critical has been identified in Craftql up to 1.3.7. This issue affects some unknown processing of the file vendor/markhuot/craftql/src/Listeners/GetAssetsFieldSchema.php. Such manipulation leads to server-side request forgery. This vulnerability is documented as CVE-2026-31317. The attack can be executed remotely. There is not any exploit available.
vuldb.com

CVE-2026-40458 | PAC4J up to 5.7.9/6.4.0 String.hashCode cross-site request forgery

VulDB Recent Entries
5 days 7 hours ago
A vulnerability marked as problematic has been reported in PAC4J up to 5.7.9/6.4.0. This vulnerability affects the function String.hashCode. This manipulation causes cross-site request forgery. This vulnerability is registered as CVE-2026-40458. Remote exploitation of the attack is possible. No exploit is available. It is suggested to upgrade the affected component.
vuldb.com

DraftKings hacker sentenced to prison, ordered to pay $1.4 Million

Security Affairs
5 days 8 hours ago
A DraftKings hacker got 30 months in prison for selling stolen credentials and must pay over $1.4 million in fines and restitution. Kamerin Stokes, 23, from Memphis (aka TheMFNPlug), received a 30-month prison sentence for his role in a 2022 credential stuffing attack against DraftKings. He continued selling stolen login data online even after pleading […]
Pierluigi Paganini

Attackers Weaponize CVE-2026-39987 to Spread Blockchain-Based Backdoor Via Hugging Face

Cyber Security News
5 days 8 hours ago

A critical vulnerability in the marimo Python notebook platform is now being actively used by attackers to deploy a blockchain-powered backdoor on developer systems. The flaw, tracked as CVE-2026-39987, allows remote code execution without authentication, making it a dangerous entry point for threat actors leveraging it to install a new variant of the NKAbuse malware […]

The post Attackers Weaponize CVE-2026-39987 to Spread Blockchain-Based Backdoor Via Hugging Face appeared first on Cyber Security News.

Tushar Subhra Dutta

Fake Ledger Hardware Wallets on Chinese Marketplaces Steal Crypto Seeds and PINs

Cyber Security News
5 days 8 hours ago

A Brazilian cybersecurity researcher has exposed a sophisticated, large-scale supply chain scam involving counterfeit Ledger Nano S Plus hardware wallets sold through a Chinese marketplace, devices engineered from the ground up to silently drain cryptocurrency across roughly 20 blockchains. The findings, posted to Reddit by user u/Past_Computer2901, have sent shockwaves through the crypto security community, […]

The post Fake Ledger Hardware Wallets on Chinese Marketplaces Steal Crypto Seeds and PINs appeared first on Cyber Security News.

Guru Baran

Managed ad