INC
You must login to view this content
Aggregator
Submit #832348: bytedance InfiniStore 0.2.33 Denial of Service [Accepted]
2 weeks 4 days ago
Submit #832348 / VDB-368398
Dem00
Submit #832308: LibreDWG libredwg main branch @0b57303 (latest as of 2026-04-29) Heap-buffer-overflow (Out-of-bounds Heap Write) [Duplicate]
2 weeks 4 days ago
Submit #832308 / VDB-365549
pwn3rd
Submit #832297: LibreDWG libredwg main branch @0b57303 (latest as of 2026-04-29) Heap-buffer-overflow (Out-of-bounds Heap Read) [Duplicate]
2 weeks 4 days ago
Submit #832297 / VDB-365549
pwn3rd
Your AI agent could become your biggest insider threat
2 weeks 4 days ago
New research details how the increasing integration of AI agents into businesses is making it easier than ever for insiders - malicious or otherwise - to put sensitive data at risk.
The post Your AI agent could become your biggest insider threat appeared first on CyberScoop.
djohnson
Russia seeks to label two anti-Kremlin hacker groups as ‘extremist’
2 weeks 4 days ago
The groups have previously claimed responsibility for cyberattacks targeting critical infrastructure and government institutions in Russia and Belarus.
Stock Exchange Executive’s Outlook Account Targeted to Exfiltrate Credentials
2 weeks 4 days ago
A senior executive at a major global stock exchange had their Microsoft Outlook account silently compromised for five straight months, with attackers carefully siphoning emails in small batches to avoid detection. The intrusion ran from October 2025 through at least March 2026, designed entirely around one single goal: stealing the complete contents of one person’s […]
The post Stock Exchange Executive’s Outlook Account Targeted to Exfiltrate Credentials appeared first on Cyber Security News.
Tushar Subhra Dutta
Томас Эдисон считался отцом звукозаписи 150 лет. Историки только что это опровергли
2 weeks 4 days ago
Говорящая машина XVIII века умела смеяться, плакать и петь арии. А не фонограф ли это?
Supreme Court rules FCC fines punishing telecom giants for sharing location data were legal
2 weeks 4 days ago
The Trump administration had backed the FCC’s position and, apart from Justice Clarence Thomas, the high court agreed.
Государство блокирует VPN, но разрешит «Билайну» сделать свой, правильный VPN
2 weeks 4 days ago
VPN, который не надо включать, искать и прятать — мечта или тариф?
iFood Confirms Data Breach Affecting 1.2 Million Users in Brazil
2 weeks 4 days ago
iFood confirms a data breach affecting 1.2 million customers in Brazil, while hackers on BreachForums claim the actual theft is much larger.
Deeba Ahmed
U.S. CISA adds Mirasvit Full Page Cache Warmer flaw to its Known Exploited Vulnerabilities catalog
2 weeks 4 days ago
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Mirasvit Full Page Cache Warmer flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Mirasvit Full Page Cache Warmer flaw, tracked as CVE-2026-45247 (CVSS ver 4.0 score of 9.3), to its Known Exploited Vulnerabilities (KEV) catalog. The CVE-2026-45247 flaw is a […]
Pierluigi Paganini
CISA Warns of critical Magento Cache Warmer RCE flaw Exploited in Attacks
2 weeks 4 days ago
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning about a critical remote code execution vulnerability affecting the Mirasvit Full Page Cache Warmer extension for Magento, tracked as CVE-2026-45247. The flaw, stemming from insecure deserialization of untrusted data, is now being actively exploited in real-world attacks, raising concerns across eCommerce environments […]
The post CISA Warns of critical Magento Cache Warmer RCE flaw Exploited in Attacks appeared first on Cyber Security News.
Abinaya
Cisco Patches CVE-2026-20230 in Unified CM as Exploit Code Goes Public
2 weeks 4 days ago
Cisco has patched a bug in Unified Communications Manager that lets an unauthenticated attacker on the network write files to the box and, from there, climb to root.
It is tracked as CVE-2026-20230, and proof-of-concept exploit code is already public. Cisco's PSIRT says it has not seen the flaw used in attacks yet. The PoC shortens that runway.
The flaw is a server-side request forgery.
The Hacker News
SSRF to Root: Unauthenticated File-Write Flaw in Cisco Unified CM (CVE-2026-20230)
2 weeks 4 days ago
CVE-2026-20230 is an unauthenticated, remote server-side request forgery (SSRF) vulnerability in Cisco Unified Communications Manager (Unified CM) and Unified CM Session Management Edition (Unified CM SME).
Dark Web Informer
Anthropic’s Claude Oceanus-v1-p Opens to Red Team Testing, but Distribution is Compromised
2 weeks 4 days ago
A next-generation Anthropic model has surfaced in restricted testing channels, but early distribution was already compromised before the evaluation formally began. References to claude-oceanus-v1-p began circulating among researchers on June 3, 2026, after the model identifier appeared inside Anthropic’s Claude Console and surfaced through unauthorized API proxy services. The sightings immediately triggered speculation that Anthropic […]
The post Anthropic’s Claude Oceanus-v1-p Opens to Red Team Testing, but Distribution is Compromised appeared first on Cyber Security News.
Guru Baran
UN food agency discloses breach affecting 600,000 Gaza households
2 weeks 4 days ago
The United Nations' World Food Programme (WFP), the world's largest humanitarian organization, revealed over the weekend that its self-registration application (SRA) for Palestine was breached. [...]
Sergiu Gatlan
Ледяной человек Эци погиб 5300 лет назад. Но внутри него — до сих пор кое-что живо
2 weeks 4 days ago
Бактерии внутри не просто дожили до наших дней — они эволюционировали прямо в мумии.
Poisoned Packages & Stolen Secrets: The Rise of Supply Chain Attacks
2 weeks 4 days ago
SANS Digital Forensics and Incident Response
Everest Forms Pro Vulnerability Allows Remote Code Execution on WordPress Sites
2 weeks 4 days ago
Critical Everest Forms Pro RCE flaw exploited to create rogue WordPress admin accounts