Aggregator

Obsidian publishes PoC for a 1-click Flowise RCE that can fully compromise self-hosted servers

Monday hit like a cron job with anger issues. A busted auth path here, a repo-side faceplant there, some "patched-ish" thing already getting chewed on in the wild, and then the usual bonus round: poisoned dev tools, sketchy forum chatter, phishing kits pretending to be productivity, and AI lowering the bar for people who already thought 'curl | sh' had a personality. The vibe is simple: old

Monday hit like a cron job with anger issues.A busted auth path here, a repo-side faceplant there

16,699 ransomware leak posts over 2 years show 84% drop Monday–Friday, peak at European afternoon hours. October spikes yearly. Someone analyzed 16,699 ransomware leak-site posts across 200 groups over two years and asked the question most threat intelligence reports dance around: when does this actually happen? The answer is mundane and useful. Ransomware runs on […]

Ransomware Operators Keep Business Hours. The Data Proves It16,

Submit #828539 / VDB-367647

Submit #828507 / VDB-367646

Submit #828406 / VDB-277000

Getting a Reddit API key starts with creating an application through Reddit’s developer portal and understanding how its…

Минцифры расширяет круг тех, кто обязан шифровать данные госорганов.

Submit #822026 / VDB-367645

A vulnerability was found in Open5GS up to 2.7.6. It has been rated as critical. This impacts an unknown function of the file src/amf/ngap-handler.c of the component NGAP PathSwitchRequest Message Handler. The manipulation leads to improper authentication. This vulnerability is traded as CVE-2026-10157. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is suggested to install a patch to address this issue.

Entra ID agent users can send malicious content to human users via Microsoft Teams. Here’s what to look out for.

Semperis is set to bring ‘Enter the War Room: A Tabletop Experience’ to Infosecurity Europe to help cybersecurity leaders prepare to face real incidents

A vulnerability identified as critical has been detected in Linux Kernel up to 7.1-rc3. Affected by this vulnerability is an unknown functionality of the component x86. The manipulation leads to privilege escalation. This vulnerability is documented as CVE-2026-46174. The attack requires being on the local network. There is not any exploit available. You should upgrade the affected component.