Aggregator

CVE-2026-2505 | elzahlan Categories Images Plugin up to 3.3.1 on WordPress Shortcode z_taxonomy_image cross site scripting (EUVD-2026-23672)

VulDB Recent Entries
3 days 15 hours ago
A vulnerability has been found in elzahlan Categories Images Plugin up to 3.3.1 on WordPress and classified as problematic. Affected by this vulnerability is the function z_taxonomy_image of the component Shortcode Handler. The manipulation leads to cross site scripting. This vulnerability is listed as CVE-2026-2505. The attack may be initiated remotely. There is no available exploit.
vuldb.com

CVE-2026-0894 | vanderwijk Content Blocks Plugin up to 3.3.9 on WordPress Custom Post Widget content_block cross site scripting (EUVD-2026-23670)

VulDB Recent Entries
3 days 15 hours ago
A vulnerability, which was classified as problematic, was found in vanderwijk Content Blocks Plugin up to 3.3.9 on WordPress. Affected is the function content_block of the component Custom Post Widget. Executing a manipulation can lead to cross site scripting. This vulnerability is tracked as CVE-2026-0894. The attack can be launched remotely. No exploit exists.
vuldb.com

拼多多美团等被罚 36 亿

Solidot
3 days 15 hours ago
市场监管总局发表公告,对上海寻梦信息技术有限公司(拼多多)、北京三快科技有限公司(美团)、北京京东叁佰陆拾度电子商务有限公司(京东)、上海拉扎斯信息科技有限公司(原饿了么,现淘宝闪购)、北京抖音科技有限公司(抖音)、浙江淘宝网络有限公司(淘宝)、浙江天猫网络有限公司(天猫)等7家电商平台“幽灵外卖”系列案,依据《中华人民共和国食品安全法》第一百三十一条、《中华人民共和国电子商务法》第八十三条的规定作出行政处罚决定,责令7家电商平台改正违法行为,暂停新增蛋糕店铺 3 至 9 个月不等,并处以罚没款共计 35.97 亿元。同时,依据《中华人民共和国食品安全法实施条例》第七十五条的规定,对 7 家平台企业法定代表人和食品安全总监合计处以罚款 1968.74 万元。其中拼多多被罚 1521930222.91元——即 15.2 亿。

Nexcorium Mirai variant exploits TBK DVR flaw to launch DDoS attacks

Security Affairs
3 days 15 hours ago
A Mirai variant called Nexcorium exploits a flaw in TBK DVRs to infect devices and use them in DDoS attacks, along with outdated TP-Link routers. Fortinet researchers found that threat actors are exploiting vulnerabilities in TBK DVRs and end-of-life TP-Link routers to spread a Mirai variant called Nexcorium. “IoT devices are increasingly prime targets for […]
Pierluigi Paganini

Fiverr Allegedly Leaks User Information to Google Indexing, Researchers Say

Cyber Security News
3 days 16 hours ago

Freelance service platform Fiverr is facing a significant privacy incident after researchers discovered that sensitive customer files are publicly accessible and indexed by Google search. According to a recent disclosure on Hacker News, an insecure file-hosting configuration has exposed personal identifiable information (PII), including completed tax forms, that were exchanged between freelancers and clients. The […]

The post Fiverr Allegedly Leaks User Information to Google Indexing, Researchers Say appeared first on Cyber Security News.

Dhivya

Ignoring DPDP Compliance? Here’s the Risk to Your Organization

Security Boulevard
3 days 16 hours ago

In boardroom discussions, data breaches are typically evaluated through the lens of financial impact, regulatory exposure, and operational disruption. While these factors are critical, they often overshadow a more fundamental concern: the consumer. Every piece of personal data collected by an organization represents a relationship built on trust. When that data is mishandled, exposed, or […]

The post Ignoring DPDP Compliance? Here’s the Risk to Your Organization appeared first on Kratikal Blogs.

The post Ignoring DPDP Compliance? Here’s the Risk to Your Organization appeared first on Security Boulevard.

Shikha Dhingra

Nexcorium-Associated Mirai Variant Uses TBK DVR Exploit to Scale Botnet Operations

Cyber Security News
3 days 16 hours ago

A new iteration of the notorious Mirai botnet, dubbed Nexcorium, has emerged in the wild, aggressively targeting internet-connected video recording devices. According to recent threat research published by Fortinet’s FortiGuard Labs, threat actors are exploiting a known command injection vulnerability to hijack TBK DVR systems and construct a large-scale Distributed Denial-of-Service (DDoS) botnet. Fortinet researchers […]

The post Nexcorium-Associated Mirai Variant Uses TBK DVR Exploit to Scale Botnet Operations appeared first on Cyber Security News.

Dhivya

CVE-2026-40880 | Zebra Cached Mempool Verification comparison using wrong factors

VulDB Recent Entries
3 days 17 hours ago
A vulnerability, which was classified as problematic, has been found in Zebra. This impacts an unknown function of the component Cached Mempool Verification. Performing a manipulation results in comparison using wrong factors. This vulnerability is identified as CVE-2026-40880. The attack can be initiated remotely. There is not any exploit available. It is advisable to upgrade the affected component.
vuldb.com

[Webinar] Eliminate Ghost Identities Before They Expose Your Enterprise Data

The Hackers News
3 days 17 hours ago
In 2024, compromised service accounts and forgotten API keys were behind 68% of cloud breaches. Not phishing. Not weak passwords. Unmanaged non-human identities that nobody was watching. For every employee in your org, there are 40 to 50 automated credentials: service accounts, API tokens, AI agent connections, and OAuth grants. When projects end or employees leave, most
The Hacker News

Managed ad