Aggregator

A vulnerability, which was classified as critical, has been found in Mozilla Firefox up to 149. This vulnerability affects unknown code of the component WebRTC. This manipulation causes memory corruption. This vulnerability is handled as CVE-2026-6775. The attack can be initiated remotely. There is not any exploit available. It is advisable to upgrade the affected component.

Instant Payments Push Outpaces Regional Cross-Border Fraud Defenses
Cross-border payments across Southeast Asia are about to get significantly faster. The region is months away from launching the most ambitious cross-border payments network in its history - Project Nexus. But cross-border fraud response is still lagging.

Fraudulent Certificates Helped Ransomware Bypass Security Defenses
Microsoft says cybercrime service Fox Tempest sold stolen Microsoft code-signing certificates to ransomware gangs, enabling malware to masquerade as legitimate software in attacks targeting hospitals, schools and critical infrastructure worldwide.

Days After Beating Musk in Court, ChatGPT Maker Moves Toward Public Debut
OpenAI is preparing to confidentially file its IPO prospectus as soon as Friday, working with Goldman Sachs and Morgan Stanley, according to reports. The IPO could be one of the largest public market debuts in history - just days after OpenAI beat billionaire Elon Musk in court.

A Single Developer Downloaded a Poisoned VS Code Extension, and Now Look
GitHub warned late Tuesday that hackers stole roughly 3,800 internal repositories from the Microsoft-owned platform after a developer used a poisoned VS Code script, which is developed by Microsoft. TeamPCP and Lapsus$ appear to be cooperating to sell the stolen data for $95,000.

A vulnerability was found in nimiq core-rs-albatross up to 1.3.x. It has been classified as problematic. This affects the function Ed25519signature::from_bytes of the component Kademlia Handler. Performing a manipulation of the argument signature results in unchecked return value. This vulnerability is identified as CVE-2026-40092. The attack can be initiated remotely. There is not any exploit available. Upgrading the affected component is recommended.

A vulnerability was found in nimiq core-rs-albatross up to 1.3.x and classified as problematic. Affected by this issue is the function addresses.first. Such manipulation leads to improper check for unusual conditions. This vulnerability is referenced as CVE-2026-40094. It is possible to launch the attack remotely. No exploit is available. It is suggested to upgrade the affected component.

A vulnerability has been found in mantisbt Mantis Bug Tracker up to 2.28.1 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file bug_update_page.php of the component Update Issue Page. This manipulation causes cross site scripting. The identification of this vulnerability is CVE-2026-39960. It is possible to initiate the attack remotely. There is no exploit available. The affected component should be upgraded.

A vulnerability classified as critical was found in Linux Kernel up to 6.1.164/6.6.127/6.12.74/6.18.15/6.19.5. The impacted element is the function try_to_free_buffers. The manipulation results in null pointer dereference. This vulnerability was named CVE-2025-71295. The attack needs to be approached within the local network. There is no available exploit. Upgrading the affected component is advised.

The Ukrainian cyberpolice, working in conjunction with U.S. law enforcement, has identified an 18-year-old man from Odesa suspected of running an infostealer malware operation targeting users of an online store in California. [...]

A vulnerability, which was classified as problematic, was found in Taiko AG1000-01A SMS Alert Gateway 7.3/8. Affected is an unknown function of the component Embedded Web Configuration Interface. The manipulation results in cross site scripting. This vulnerability was named CVE-2026-9144. The attack may be performed from remote. There is no available exploit.

Threat actors brute-forced VPN credentials and bypassed multi-factor authentication (MFA) on SonicWall Gen6 SSL-VPN appliances to deploy tools used in ransomware attacks. [...]

A vulnerability, which was classified as critical, has been found in Frappe LMS up to 2.50.0. This impacts an unknown function of the component SCORM ZIP Package Handler. The manipulation leads to path traversal. This vulnerability is uniquely identified as CVE-2026-39405. The attack is possible to be carried out remotely. No exploit exists. It is advisable to upgrade the affected component.

A vulnerability classified as critical was found in Frappe up to 15.104.x/16.14.x. This affects an unknown function. Executing a manipulation can lead to path traversal. This vulnerability is handled as CVE-2026-39352. The attack can be executed remotely. There is not any exploit available. Upgrading the affected component is advised.

A vulnerability classified as problematic has been found in RRWO Crypt::SaltedHash up to 0.09 on Perl. The impacted element is an unknown function. Performing a manipulation results in observable timing discrepancy. This vulnerability is known as CVE-2026-47373. Remote exploitation of the attack is possible. No exploit is available.