Technology Intelligence

Threats against technology companies, software vendors, cloud services, and tech infrastructure.

1000
Total Reports
221
Critical Threats
224
High Threats
HIGHRansomwareNEW

Agentic AI Used to Conduct Ransomware Attack via Langflow

Attack demonstrates how LLM agents can combine known exploitation techniques with real-time reasoning to automate complex, multi-stage intrusions. The post Agentic AI Used to Conduct Ransomware Attack via Langflow appeared first on SecurityWeek .

SecurityWeek
MEDIUMVulnerability

Lloyds to retire Halifax brand

The Halifax brand is set to disappear from UK high streets after 179 years as a financial institution.

Finextra
MEDIUMVulnerability

Visa launches Visa Destinations to give travellers discounted offers

Visa’s travel offer platform Visa Destinations is now live for users across 10 locations.

Finextra
CRITICALVulnerability

NVD CRITICAL: CVE-2026-4321 — Improper neutralization of special elements used in an SQL command ('SQL injecti...

Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in Raera - Ankara Web Design and Digital Advertising Agency Destekz allows SQL Injection. This issue affects Destekz: through 02062026. NOTE: The vendor was contacted and it was learned that the product is not supported.

CVE-2026-4321
NIST NVD
HIGHData Breach

Delaware & Florida Women’s Health Centers Announce Data Breaches

Two women’s healthcare providers have announced data privacy incidents. Women’s Wellness of Southern Delaware recently learned about unauthorized retention of […] The post Delaware & Florida Women’s Health Centers Announce Data Breaches appeared first on The HIPAA Journal .

HIPAA Journal
MEDIUMApt

Armored Likho digging a snake pit: inside the covert BusySnake Stealer campaign

An inside look at the active Armored Likho APT campaign. The attackers are using spear-phishing, AI-generated loaders, and a new Python-based tool, BusySnake Stealer, to target organizations in Russia, Kazakhstan, and Brazil.

Securelist (Kaspersky)
MEDIUMVulnerability

Employees Drop Class Action Lawsuit Against Stryker Over Hamdala Cyberattack

A consolidated class action lawsuit against the medtech company Stryker over a March 2026 cyberattack has been voluntarily dismissed by […] The post Employees Drop Class Action Lawsuit Against Stryker Over Hamdala Cyberattack appeared first on The HIPAA Journal .

HIPAA Journal
HIGHData Breach

Medtronic Data Breach Impacts 3.8 Million People

Medical technology giant Medtronic is notifying more than 3.8 million individuals that their personal and medical information was compromised in a recent data breach. The incident occurred in April 2026, when the infamous extortion group ShinyHunters accessed the company’s corporate IT systems. Medtronic confirmed the attack in late April, noting that its products and manufacturing […] The p

SecurityWeek
MEDIUMVulnerability

Hargreaves Lansdown appoints technology heads

Hargreaves Lansdown (HL), the UK-based wealth management platform, has strengthened its technology leadership with two senior appointments

Finextra
MEDIUMVulnerability

Signicat and TrustTech partner to bring reusable identity to European digital wallets

Signicat, the European digital identity leader and trust services provider, and TrustTech, the digital trust infrastructure company specialising in identity verification, reusable compliance checks and trusted signatures, today announced a partnership to help regulated businesses build reusable identity processes through private wallet ecosystems.

Finextra
MEDIUMMalware

FBI, Google Take Down NetNut Proxy Network Used by Cyber Threat Actors

The NetNut proxy network and the ‘Popa’ botnet are known to have infected devices with variants of Mirai DDoS botnets

Infosecurity Magazine
HIGHRansomware

Alleged Scattered Spider Hacker Extradited to US

Prosecutors say 19-year-old Peter Stokes was a member of Scattered Spider, the hacking group linked to more than 100 network intrusions and over $100 million in ransom payments. The post Alleged Scattered Spider Hacker Extradited to US appeared first on SecurityWeek .

SecurityWeek
MEDIUMVulnerability

BetGoodwin and Trust Payments sign partnership

BetGoodwin, online sportsbook and casino, has agreed a new 8-year partnership with Trust Payments, the leading payment service provider.

Finextra
MEDIUMVulnerability

MDOTM raises $27m for AI investment platform

MDOTM Ltd., the global provider of AI-driven investment solutions for Asset and Wealth Management companies, today announced the close of a $27 million growth equity round led by Expedition Growth Capital.

Finextra
MEDIUMVulnerability

WBS and Quai Digital extend fractional dealing partnership

WBS, a leading provider of dealing, custody, and technology solutions to the UK investment industry, today announces a five-year extension of its partnership with Quai Digital.

Finextra
CRITICALVulnerability

NVD CRITICAL: CVE-2026-14544 — A flaw was found in HPLIP (HP Linux Imaging and Printing Software). This vulnera...

A flaw was found in HPLIP (HP Linux Imaging and Printing Software). This vulnerability, an incomplete fix for CVE-2026-8631, may allow a remote attacker to escalate privileges or achieve arbitrary code execution. This can occur through an integer overflow in the hpcups processing path when handling specially crafted print data.

CVE-2026-14544
NIST NVD
LOWVulnerability

Google, FBI Disrupt NetNut Residential Proxy Network Powered by Millions of Devices

NetNut rented access to millions of compromised devices, allowing cybercriminals and nation-state actors to mask their identities during attacks. The post Google, FBI Disrupt NetNut Residential Proxy Network Powered by Millions of Devices appeared first on SecurityWeek .

SecurityWeek
MEDIUMVulnerability

PamStealer Uses Fake Maccy Sites and PAM Checks to Steal Mac Login Passwords

Cybersecurity researchers have flagged a new macOS information stealer called PamStealer that employs a series of clever tricks to infect systems and siphon sensitive data. The stealer, discovered by Jamf Threat Labs, is distributed as a compiled AppleScript (.scpt) file impersonating Maccy, a legitimate open-source clipboard manager. It has been codenamed PamStealer owing to its ability to

The Hacker News
CRITICALAi

Critical Cursor AI IDE Flaws Could Lead to OS-Level Remote Code Execution

The DuneSlide vulnerabilities enable zero-click prompt injection attacks that escape Cursor's sandbox and execute arbitrary code on the underlying operating system. The post Critical Cursor AI IDE Flaws Could Lead to OS-Level Remote Code Execution appeared first on SecurityWeek .

SecurityWeek
CRITICALAi

Critical Cursor AI Code Editor Flaws Could Lead to OS-Level Remote Code Execution

The DuneSlide vulnerabilities enable zero-click prompt injection attacks that escape Cursor's sandbox and execute arbitrary code on the underlying operating system. The post Critical Cursor AI Code Editor Flaws Could Lead to OS-Level Remote Code Execution appeared first on SecurityWeek .

SecurityWeek
MEDIUMData Breach

Swimming Pools, Pee, and Trying to Delete Your Data From the Internet

I can't recall if someone else originally came up with this saying or if I said it in some off-the-cuff comment and it just propagated, but since it's often attributed back to me , I'll relay it here regardless: Trying to delete yourself

Troy Hunt
CRITICALVulnerability

NVD CRITICAL: CVE-2026-9725 — The Printcart Web to Print Product Designer for WooCommerce plugin for WordPress...

The Printcart Web to Print Product Designer for WooCommerce plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to, and including, 2.5.2 This is due to insufficient path validation in the store_design_data() function, which constructs a filesystem path from the user-supplied 'nbd_item_key' POST parameter sanitized only with sanitize_text_field() — which does not strip path

CVE-2026-9725
NIST NVD
MEDIUMVulnerability

Spyware found on phone of European Parliament member probing it

Stelios Kouloglou, formerly a member of the European Parliament's committee investigation abuses of commercial spyware, was twice infected with Pegasus while serving, researchers said.

The Record
MEDIUMVulnerability

Someone infected a spyware probe overseer with spyware

Citizen Lab says the phone of a member of Europe’s PEGA Committee was infected twice with Pegasus, the NSO Group spyware that gave the panel its name. The post Someone infected a spyware probe overseer with spyware appeared first on CyberScoop .

CyberScoop
MEDIUMAi

Claude Fable 5 isn’t permanently leaving subscriptions, Anthropic says

Anthropic says Claude Fable 5 won't be accessible via Claude subscriptions after July 7, but it's not a permanent change, and the company expects the model to return outside the usage-based plan soon. [...]

BleepingComputer
MEDIUMAi

Claude Fable relaunch disappoints users with nerfed performance

Claude Fable, the company's most powerful model, is now available to all users, but early impressions are disappointing, as it appears to be nowhere near the original release. [...]

BleepingComputer
MEDIUMVulnerability

Standard Chartered gives institutional clients access to USDC minting and redemption

Standard Chartered has teamed up with Circle to enable its institutional clients to access USDC stablecoin minting and redemption.

Finextra
MEDIUMAi

Visa launches threat intelligence platform; carries out agentic transactions in Europe

Visa has launched a platform designed to help financial institutions detect and respond to cyber threats. Separately, the payments giant has carried out a host of agentic commerce transactions with banks across Europe.

Finextra
CRITICALVulnerability

NVD CRITICAL: CVE-2026-57100 — Server-side request forgery (ssrf) in Microsoft Entra Provisioning Service (Sync...

Server-side request forgery (ssrf) in Microsoft Entra Provisioning Service (SyncFabric) allows an authorized attacker to elevate privileges over a network.

CVE-2026-57100
NIST NVD
CRITICALVulnerability

NVD CRITICAL: CVE-2026-45499 — Server-side request forgery (ssrf) in Azure OpenAI allows an authorized attacker...

Server-side request forgery (ssrf) in Azure OpenAI allows an authorized attacker to elevate privileges over a network.

CVE-2026-45499
NIST NVD
CRITICALVulnerability

NVD CRITICAL: CVE-2026-41106 — Url redirection to untrusted site ('open redirect') in M365 Copilot allows an un...

Url redirection to untrusted site ('open redirect') in M365 Copilot allows an unauthorized attacker to elevate privileges over a network.

CVE-2026-41106
NIST NVD
MEDIUMVulnerability

Aussies Face Reduced Cybercrime Risk, as Pressure Shifts to SMBs

Improved institutional safeguards and stricter regulations have pushed the burdens of protection and risk reduction on to Australian businesses.

Dark Reading
CRITICALRansomware

FortiBleed Hacks Tied to INC Ransom and Lynx Operation

<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/fortibleed-tied-to-inc-ransom-lynx-operation-image_small-3-a-32147.jpg" align=right hspace=4><b>Theat Actor Accessed INC and Lynx Ransom Negotiation Panels</b><br>SOCRadar linked the FortiBleed credential-harvesting operation to ransomware groups INC Ransom and Lynx, citing evidence that a sophisticated initial access broker compr

Bank Info Security
MEDIUMVulnerability

Why CIOs Need an AI Sovereignty Strategy

<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/cios-need-ai-sovereignty-strategy-image_small-2-a-32146.jpg" align=right hspace=4><b>IBM Finds AI Vendor Disruptions Are Raising Costs and Operational Risk</b><br>Most enterprises are more dependent on their AI vendors than they realize, and a new IBM study puts a dollar figure on what that exposure costs. Here's what CIOs need to

Bank Info Security
MEDIUMVulnerability

How We Added WebAuthn to a Browser-Based RDP Client

A look inside the reverse-engineering journey of building the first RDP client outside of Windows to support WebAuthn redirection. The post How We Added WebAuthn to a Browser-Based RDP Client appeared first on Unit 42 .

Unit 42 (Palo Alto)
HIGHRansomware

Breach Roundup: DeepSeek Sparks Browser Ransomware

<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/breach-roundup-deepseek-sparks-browser-ransomware-image_small-6-a-32149.jpg" align=right hspace=4><b>Also, False Negatives Causes Trust in AI Pentest to Drop</b><br>This week: a DeepSeek browser-only ransomware path, AI pen testing trust dropped, Mustang Panda targeted India, Tata breach exposed iPhone 18 data, CISA flagged BlueHa

Bank Info Security
MEDIUMVulnerability

How Dragos Acquisition Expands Accenture's OT Security Reach

<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/how-dragos-acquisition-expands-accentures-ot-security-reach-image_small-9-a-32148.jpg" align=right hspace=4><b>Joint Accenture-Dragos Platform Adds OT, Threat Intelligence and Incident Response</b><br>Accenture says its acquisition of Dragos combines managed security services with leading OT threat intelligence, asset discovery an

Bank Info Security
MEDIUMAi

Anthropic Unveils AI Tool for Scientists and Medical R&amp;D

<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/anthropic-unveils-ai-workbench-for-scientists-image_small-8-a-32144.jpg" align=right hspace=4><b>Claude Science Aims to Speed Research and Drug Discovery, and Improve Collaboration</b><br>Much of the work involved with life science, biomedical and related research consists of tedious, time-consuming tasks that bog down the discove

Bank Info Security
MEDIUMVulnerability

FCC Router Ban Risks Freezing Home Security Updates

<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/fcc-router-ban-risks-freezing-home-security-updates-image_small-4-a-32142.jpg" align=right hspace=4><b>Verizon Waiver Is Latest Carve-Out in a Rule Experts Say Undercuts Router Security</b><br>The FCC granted Verizon a one-year waiver from its foreign-router ban, the latest carve-out in a rule that critics say would strip millions

Bank Info Security
MEDIUMVulnerability

How Renown Health Is Reshaping Its Digital ID Strategy

Renown Health is reshaping digital ID management with a strategy that reduces friction for clinicians, strengthens security and prepares the organization for emerging AI-driven identity challenges, said Steven Ramirez, Renown Health's chief information security and technology officer.

Bank Info Security
MEDIUMAi

Square adds ChatGPT and Claude integrations

Square today announced a new ChatGPT app and Claude plugin, helping sellers get discovered and transact at the exact moment customers are making purchasing decisions through AI-powered conversations.

Finextra
MEDIUMVulnerability

Launch of UK's National Cyber Action Plan delayed amid Labour leadership crisis

The plan had been due for publication on Monday, the sources said. It has been postponed amid the uncertainty over the governing Labour Party’s leadership contest, which opens July 9.

The Record
CRITICALVulnerability

NVD CRITICAL: CVE-2026-59099 — Apereo CAS 7.3.0 before 8.0.0-RC6 contains a cryptographic vulnerability that al...

Apereo CAS 7.3.0 before 8.0.0-RC6 contains a cryptographic vulnerability that allows remote unauthenticated attackers to recover plaintext conversation state by exploiting AES-GCM initialization vector reuse across the server lifetime. Attackers can collect multiple client-side webflow execution tokens from the unauthenticated login page and perform known-plaintext analysis to decrypt the webflow

CVE-2026-59099
NIST NVD
CRITICALVulnerability

NVD CRITICAL: CVE-2026-58466 — AutoBangumi before 3.2.8 contains a hard-coded default credentials vulnerability...

AutoBangumi before 3.2.8 contains a hard-coded default credentials vulnerability that allows unauthenticated attackers to authenticate as the administrator by using the publicly known default credentials seeded at startup via add_default_user() in the database user module when the users table is empty. Attackers can submit the default credentials to the authentication login endpoint to gain full c

CVE-2026-58466
NIST NVD
MEDIUMVulnerability

Apple Reverses Age-Old Patch Policy to Keep Up With AI

Expect more compressed patching cycles from Apple going forward, as attackers leverage artificial intelligence to reduce time to exploit.

Dark Reading
MEDIUMMalware

FBI Seizes NetNut Proxy Platform, Popa Botnet

The Federal Bureau of Investigation (FBI) said today it worked with industry partners to seize hundreds of domains associated with NetNut, a sprawling residential proxy service operated by the publicly-traded Israeli company Alarum Technologies [NASDAQ: ALAR]. The action comes roughly two weeks after KrebsOnSecurity published findings from multiple security firms connecting NetNut to the Popa botn

Krebs on Security
CRITICALRansomware

FortiBleed Actors Collaborating With Inc, Lynx Ransomware Gangs

After gaining a foothold in thousands of Fortinet firewalls, the attackers are starting to monetize that access, and are also piling on a Nextcloud zero-day bug.

Dark Reading
MEDIUMVulnerability

Google Disrupts NetNut Residential Proxy Network Spanning 2 Million Home Devices

Google has significantly degraded NetNut, one of the biggest networks that turns home devices into rented relays for other people's traffic. Working with the FBI, Lumen, and others, Google's Threat Intelligence Group (GTIG) said this week it had reduced the network's pool of usable devices by millions. Google identifies NetNut, also tracked as Popa, as a network spread across home

The Hacker News
HIGHRansomware

Ransomware Groups Turn to Citrix Bleed 2, BYOVD, and Supply Chain Credentials

Threat actors associated with the Anubis ransomware operation have been observed exploiting the Citrix Bleed 2 (CVE-2025-5777) vulnerability to obtain initial access. "Although tactics differ between affiliates, common patterns emerged in tradecraft through use of legitimate Remote Management and Monitoring (RMM) tooling, credential access, and hands-on-keyboard procedures used for lateral

CVE-2025-5777
The Hacker News
MEDIUMVulnerability

Global Schools Holdings Cites Two Injunctions in a Bid to Chill Our Reporting. It Won&#8217;t Work.

My About page is pretty clear about legal threats: If you want to send me legal threats about my reporting or comments, knock yourself out, but don’t be surprised to see me report on your threat, any confidentiality sig blocks you may attach notwithstanding. I have been threatened with lawsuits many times, and to be... Source

DataBreaches.net
HIGHRansomware

Ransomware Thugs Masquerade as Interpol to Entice Small Biz

The ransomware campaign relies on basic social engineering and stretches across multiple regions, including the US, Europe, Middle East, and elsewhere.

Dark Reading
MEDIUMVulnerability

Intesa Sanpaolo migrates core IT systems to Google Cloud infrastructure

Italy's biggest bank, Intesa Sanpaolo, has completed the migration of its core IT systems to Google Cloud infrastructure.

Finextra
MEDIUMApt

Catan and Mouse

What do board games and cybersecurity have in common? Pattern recognition. Strategy. Adaptation. In this week’s Threat Source Bill explores why curiosity may be a defender’s most valuable skill.

Cisco Talos
MEDIUMVulnerability

Cryptohack Roundup: Chinese Fraudster Gets 30 Years in Prison

<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/cryptohack-roundup-chinese-fraudster-gets-30-years-in-prison-image_small-7-a-32141.jpg" align=right hspace=4><b>Also: Hollywood Director Jailed for $11M Fraud</b><br>This week, a Chinese fraudster got 30 years, Hollywood director jailed for $11M fraud, Florida crypto scam plea, China jailed five in FX case, South Korea fines Bithu

Bank Info Security
MEDIUMAi

Infinite and Sardine launch two-way integration

Infinite, the AI-native compliance and payments platform built for the stablecoin economy, and Sardine, the fraud, risk, and payments platform, today announced a two-way integration that combines Sardine's real-time fraud and risk intelligence with Infinite's AI-powered compliance platform and account infrastructure.

Finextra
CRITICALVulnerability

NVD CRITICAL: CVE-2024-14037 — Redsea Cloud eHR contains an arbitrary file upload vulnerability that allows una...

Redsea Cloud eHR contains an arbitrary file upload vulnerability that allows unauthenticated attackers to achieve remote code execution by uploading malicious files through the PtFjk.mob servlet endpoint. Attackers can submit a multipart POST request with a JSP webshell disguised using a spoofed image/jpeg Content-Type to bypass the absence of extension and MIME type validation, with the uploaded

CVE-2024-14037
NIST NVD
CRITICALVulnerability

NVD CRITICAL: CVE-2022-50973 — Yonyou KSOA 9.0 contains an unauthenticated arbitrary file upload vulnerability ...

Yonyou KSOA 9.0 contains an unauthenticated arbitrary file upload vulnerability in the com.sksoft.bill.ImageUpload servlet that allows unauthenticated attackers to upload arbitrary files by submitting a POST request with attacker-controlled filepath and filename parameters without any authentication, file type, extension, or content validation. Attackers can upload a JSP webshell by specifying a m

CVE-2022-50973
NIST NVD
HIGHRansomware

The Gentlemen ransomware: what you need to know

Who Are The Gentlemen? Despite the impeccably polite name, there is nothing polite or refined about this particular gang of cybercriminals. Read more in my article on the Fortra blog.

Graham Cluley
LOWVulnerability

Supreme Court decision threatens EU-US data transfer agreement

In a Tuesday letter, Max Schrems, the founder of the Vienna-based privacy advocacy organization noyb, told European officials he plans to sue to invalidate the EU-U.S. Data Privacy Framework (DPF) that allows for the transfer of personal data from the EU to U.S. companies.

The Record
CRITICALVulnerability

NVD CRITICAL: CVE-2026-58455 — Dockwatch through 0.6.567 contains an unauthenticated OS command injection vulne...

Dockwatch through 0.6.567 contains an unauthenticated OS command injection vulnerability that allows remote attackers to execute arbitrary shell commands by exploiting a missing exit() after an authentication redirect in loader.php combined with unsanitized input passed to shell_exec() in ajax/compose.php. Attackers can seed the required session flag through the incomplete auth check, then inject

CVE-2026-58455
NIST NVD
MEDIUMVulnerability

Scattered Spider Suspect Extradited From Finland to US

<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/scattered-spider-suspect-extradited-from-finland-to-us-image_small-10-a-32140.jpg" align=right hspace=4><b>FBI Says Peter Stokes, 19, 'Exhibited Substantial Wealth for a Person of His Age'</b><br>A suspected member of the notorious Scattered Spider cybercrime group has been extradited from Finland to stand trial in the United Stat

Bank Info Security
HIGHRansomware

Alleged longstanding member of Scattered Spider extradited to US

Peter Stokes boasted on social media about the luxurious globetrotting life he enjoyed while he was still a child. The post Alleged longstanding member of Scattered Spider extradited to US appeared first on CyberScoop .

CyberScoop
HIGHRansomware

ThreatsDay: AI Compute Hijacking, Apple Email Flaw, BlueHammer Ransomware + 14 Stories

This week’s security news is mostly about weak spots. Browsers, bots, sandboxes, AI systems, and email flows all show the same problem in different ways. Everything looks normal until someone tests a small gap and finds a way through. This is not one big break. It is small permissions, weak checks, open systems, and normal tools doing things they were allowed to do. That same pattern runs

The Hacker News
MEDIUMVulnerability

Google loses final appeal to overturn €4.1 billion EU fine

Court of Justice of the European Union (CJEU) has dismissed Google's final appeal against a €4.1 billion ($4.7 billion) antitrust fine over the company's use of Android to promote its Chrome browser and search service. [...]

BleepingComputer
MEDIUMVulnerability

Anchorage Digital integrates with Lido to expand institutional access to Ethereum liquid staking

Anchorage Digital, home to America's first federally regulated crypto bank, has integrated with Lido, the largest liquid staking protocol on Ethereum, giving institutions compliant access to wstETH without leaving the Anchorage Digital platform.

Finextra
MEDIUMVulnerabilityPOC

New CitrixBleed Vulnerability Exploited Immediately After Public Disclosure

Hackers are targeting NetScaler appliances using public PoC code to retrieve arbitrary memory content in the HTTP response. The post New CitrixBleed Vulnerability Exploited Immediately After Public Disclosure appeared first on SecurityWeek .

CVE-2026-8451
SecurityWeek
MEDIUMVulnerability

Paysera becomes direct Visa member

Paysera LT, UAB has obtained the status of a direct Visa member (Issuing Principal Member) – one of the highest statuses in the payments industry.

Finextra
MEDIUMVulnerability

Ondo Finance launches custodial tokenised securities in the US

Ondo Finance today announced the first live solution of third-party tokenized U.S. securities operating entirely within the existing regulatory perimeter in the U.S., in partnership with Broadridge Financial Solutions Inc., (NYSE: BR) to provide full voting rights for tokenized equity holders.

Finextra
MEDIUMVulnerability

Major UK banks adopt Swift consumer payments framework

Barclays, HSBC, Lloyds and NatWest will be among the first financial institutions in the world to go live with Swift's new framework for cross-border retail payments.

Finextra
MEDIUMVulnerability

Payward completes Reap acquistion

Payward, a unified financial infrastructure platform advancing an open, global financial system, today announced the completion of its acquisition of Reap Technologies Holdings Limited (“Reap”), a leading stablecoin-native, card issuing and payments infrastructure company enabling global money movement.

Finextra
LOWVulnerability

ConsentFix and ClickFix: How Microsoft 365 Accounts are Hijacked in 3 Seconds

ConsentFix and ClickFix attacks steal Microsoft 365 tokens in seconds using fake prompts and OAuth flows. Learn how these MFA bypass tactics work and how to defend against them. [...]

BleepingComputer
MEDIUMMalware

ClickFix Social Engineering Technique is the Leading Method for Malware Delivery

The ClickFix social engineering technique is the leading method of malware delivery, according to an analysis by researchers at ReliaQuest. [&#8230;] The post ClickFix Social Engineering Technique is the Leading Method for Malware Delivery appeared first on The HIPAA Journal .

HIPAA Journal
HIGHAi

Formalizing Red Teaming Offensive Methodology as a Multi-Agent AI Architecture

Threat actors are integrating AI into their exploit chains, accelerating reconnaissance, automating vulnerability discovery, and scaling social engineering in ways that compress the timeline between initial access and impact. The barrier to sophisticated offensive operations is dropping fast. Rapid7's Red Team is doing the same. Over the past year we formalized our approach into a structured multi

Rapid7
MEDIUMVulnerability

Oman Arab Bank completes Visa tokenisation rollout

Oman Arab Bank (OAB) and BPC, a global leader in payment solutions, are marking 10 years of partnership, celebrating a decade of card and payments modernisation that has helped reshape the bank’s issuing and acquiring business in Oman.

Finextra
CRITICALVulnerability

NVD CRITICAL: CVE-2026-5524 — The Divi Form Builder plugin for WordPress is vulnerable to Arbitrary File Uploa...

The Divi Form Builder plugin for WordPress is vulnerable to Arbitrary File Upload leading to Remote Code Execution in all versions up to and including 5.1.8. This is due to insufficient file extension validation in the do_image_upload() function where user-supplied input from the acceptFileTypes POST parameter is directly interpolated into a regular expression used to validate uploaded files. Atta

CVE-2026-5524
NIST NVD
MEDIUMVulnerability

WealthAi and Flanks team up to solve wealth management&#39;s costly data problem

WealthAi, the AI operating system for wealth managers, has partnered with Flanks, the AI wealth data infrastructure, to bring institution-grade data from more than 650 institutions worldwide directly into the WealthAi platform.

Finextra
MEDIUMVulnerability

How to Conduct a Successful Audit of AI-Driven Software Development

As AI-generated code becomes commonplace, CISOs need new audit strategies to measure developer practices, govern AI tool usage, and identify software risks before they reach production. The post How to Conduct a Successful Audit of AI-Driven Software Development appeared first on SecurityWeek .

SecurityWeek
MEDIUMVulnerability

LinqAlpha raises $22m to build alpha intelligence layer for global public markets

LinqAlpha, the AI-native company building the Alpha Intelligence Layer for global public markets, today announced $22 million in Series A funding.

Finextra
MEDIUMMalware

ToddyCat-Linked Umbrij Malware Abuses OAuth to Access Gmail via Google API

The threat actor known as ToddyCat has been attributed to a new malware called Umbrij that's designed to gain surreptitious access to a victim's email correspondence via the Google API. "In this campaign, the attackers focused their attention on corporate email communications hosted on Gmail, targeting access compromise via APIs," Kaspersky said in a detailed report published this week. "

The Hacker News
MEDIUMAi

Context Engineering &#124; Compaction &#038; Agent Memory for Automated Malware Analysis

Compaction cut input tokens 86% across long-running agent evals with no quality loss. Context discipline matters as much as model selection.

SentinelLabs
MEDIUMVulnerability

Morphic launches RGLTD for digital assets

Morphic Financial Group, the London-based digital financial services group, today announces the launch of RGLTD and the expansion of its strategic partnership with Cashify, creating a new dual-brand operating structure designed to serve the evolving needs of Europe’s regulated digital asset market.

Finextra
CRITICALZero DayPOC

Researcher Behind 'Exploitarium' Explains Release of Undisclosed Zero-Day Exploits

Infosecurity spoke with the researcher who dumped over 30 proof-of-concept exploits without disclosing the vulnerabilities first

Infosecurity Magazine
MEDIUMVulnerability

WealthArc adds crypto assets to its data platform

WealthArc, today announced the integration of crypto assets as a fully supported asset class within its global data infrastructure service, enabling wealth managers, external asset managers, and family offices to deliver a complete portfolio view across digital and traditional assets from a single, reliable data source.

Finextra
HIGHRansomware

FortiBleed Campaign Linked to INC, Lynx Ransomware Attacks

Researchers say credentials harvested from hundreds of thousands of FortiGate firewalls are being used to facilitate ransomware attacks by the INC and Lynx operations. The post FortiBleed Campaign Linked to INC, Lynx Ransomware Attacks appeared first on SecurityWeek .

SecurityWeek
MEDIUMSupply Chain

Anthropic's AI Finds Bugs. IBM Bets $5B It Can Fix Them.

IBM and Red Hat assign 20,000 engineers to the new Project Lightwell service as Anthropic's Mythos findings ignite debate over how to secure the open-source software supply chain.

Dark Reading
MEDIUMVulnerability

One in four Brits have fallen for online financial scams

A quarter of British adults have lost money after falling for fraudulent online advertisements and have cut back on online shopping as a result.

Finextra
MEDIUMAi

Microsoft fixes bug that removed Copilot buttons in Outlook

Microsoft has fixed a known issue causing the Copilot Chat or Copilot buttons in Classic Outlook to disappear for Windows users with the Copilot Chat (Basic) license. [...]

BleepingComputer
CRITICALVulnerability

Gardyn IoT Hub

<p><a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-183-03.json"><strong>View CSAF</strong></a></p> <h2>Summary</h2> <p><strong>Successful exploitation of these vulnerabilities could allow unauthenticated users to access and control IoT Hub managed devices.</strong></p> <p>The following versions of Gardyn IoT Hub are affected:</p> <ul> <li>Home Firmware</li> <

CVE-2026-13768CVE-2026-55726
CISA Advisories
CRITICALPhishing

ST Engineering iDirect iQ-Series Terminals

<p><a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-183-01.json"><strong>View CSAF</strong></a></p> <h2>Summary</h2> <p><strong>Successful exploitation of these vulnerabilities could allow an attacker to gain unauthorized access to device information or cause a denial-of-service condition.</strong></p> <p>The following versions of ST Engineering iDirect iQ-Ser

CVE-2026-38059CVE-2026-38057
CISA Advisories
HIGHRansomware

Cybercriminals Pose as Interpol in Phishing Emails to Infect Victims With Ransomware

Bitdefender researchers warned of curious ransomware campaign which has targeted businesses around the world

Infosecurity Magazine
CRITICALPhishing

CubeSpace CW0057 Reaction Wheel

<p><a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-183-02.json"><strong>View CSAF</strong></a></p> <h2>Summary</h2> <p><strong>Successful exploitation of this vulnerability could allow an attacker to upload arbitrary malicious firmware to the device.</strong></p> <p>The following versions of CubeSpace CW0057 Reaction Wheel are affected:</p> <ul> <li>CW0057 Re

CVE-2026-13743
CISA Advisories
MEDIUMVulnerability

JP Morgan&#39;s AI head to depart after 4 decades

Teresa Heitsenrether, chief data and analytics officer at JP Morgan Chase, is set to leave the bank after a career spanning four decades

Finextra
MEDIUMVulnerability

Cisco finally confirms attackers exploiting Unified CM flaw

Cisco confirmed that attackers are now exploiting a Unified Communications Manager (Unified CM) vulnerability patched in early June. [...]

BleepingComputer
MEDIUMAi

Identity Lifecycle Management Wasn't Built for AI Agents

Identity lifecycle management was architected around a person with an employment record, a manager, and a departure date. AI agents have none of those. As autonomous principals proliferate across enterprise environments, the governance model built for humans develops structural blind spots that traditional IGA tools weren't designed to detect. This guide covers where that model breaks, what it

The Hacker News
MEDIUMVulnerability

Cybersecurity Mission Creep in the US

Interesting paper: &#8220; Cybersecurity Mission Creep .&#8221; Abstract: Cybersecurity is experiencing mission creep. Policymakers are casting more and more problems as issues of cybersecurity. So reframed, wildly different policy issues, from misinformation, to child social media safety laws, to antitrust regulations, to alleged journalist misconduct, to anti-sex trafficking statutes become what

Schneier on Security
MEDIUMAi

Trump Administration Lifts Restrictions on Anthropic’s Claude Models After Cybersecurity Alarm

Anthropic said Tuesday night that its AI model called Claude Fable 5 is now widely available. The post Trump Administration Lifts Restrictions on Anthropic’s Claude Models After Cybersecurity Alarm appeared first on SecurityWeek .

SecurityWeek
CRITICALAi

Field reports from Patch the Planet

<p>We’re running <a href="https://trailofbits.com/patch-the-planet">Patch the Planet</a>, an ongoing collaboration with OpenAI that pairs Trail of Bits engineers directly with more than 30 open-source projects. Its goal is to front-run a serious problem facing open-source maintainers: highly capable models like GPT-5.5-Cyber will soon create a firehose of bug reports, and OSS maintainers are alrea

Trail of Bits
CRITICALAi

GPT-5.5-Cyber built a zlib fuzzing lab in a day

<p>We’re running <a href="https://trailofbits.com/patch-the-planet">Patch the Planet</a>, an ongoing collaboration with OpenAI that pairs Trail of Bits engineers directly with more than 30 open-source projects. Its goal is to front-run a serious problem facing open-source maintainers: highly capable models like GPT-5.5-Cyber will soon create a firehose of bug reports, and OSS maintainers are alrea

Trail of Bits
CRITICALVulnerability

Argo CD flaw shows why GitOps infrastructure should be treated as tier zero

A newly disclosed vulnerability in Argo CD is drawing attention to the security risks of GitOps platforms, with researchers warning that the flaw could allow attackers who gain a foothold inside a Kubernetes cluster to execute code and manipulate application deployments. Security firm Synacktiv said in a report that the flaw affects Argo CD’s repo-server component, which fetches content from Git r

CSO Online
CRITICALVulnerability

CISA: Microsoft SharePoint RCE flaw now actively exploited

CISA warned on Wednesday that attackers have begun exploiting a high-severity Microsoft SharePoint remote code execution vulnerability patched in May. [...]

BleepingComputer
MEDIUMVulnerabilityPOC

Cisco Confirms In-the-Wild Exploitation of Unified CM Vulnerability

A PoC exploit has been available since public disclosure, and the first exploitation attempts were observed last week. The post Cisco Confirms In-the-Wild Exploitation of Unified CM Vulnerability appeared first on SecurityWeek .

CVE-2026-20230
SecurityWeek
MEDIUMVulnerability

Opera rolls out Paste Protect feature to fight ClickFix attacks

Opera has introduced Paste Protect, a security feature designed to block ClickFix-style attacks that trick users into executing malicious commands through social engineering. [...]

BleepingComputer
HIGHData Breach

Greater Rochester Independent Practice Association Settles MOVEit Data Breach Litigation

A settlement has been agreed to resolve claims against Greater Rochester Independent Practice Association (GRIPA) arising from the May 2023 [&#8230;] The post Greater Rochester Independent Practice Association Settles MOVEit Data Breach Litigation appeared first on The HIPAA Journal .

HIPAA Journal
MEDIUMAi

&#8216;BioShocking&#8217; Attack Tricks AI Browsers Into Stealing Credentials

Researchers show how context manipulation can cause agentic browsers to abandon safety guardrails and exfiltrate sensitive credentials. The post &#8216;BioShocking&#8217; Attack Tricks AI Browsers Into Stealing Credentials appeared first on SecurityWeek .

SecurityWeek
MEDIUMVulnerability

Mauritius issues five year fintech plan

Mauritius has launched its National Fintech Strategy 2026-2030, a five-year roadmap designed to boost areas such as digital finance and financial inclusion on the African island.

Finextra
HIGHData Breach

Serviceaide Pays $1.8 Million to Settle Data Breach Litigation

Serviceaide, Inc., a provider of AI-powered solutions to boost productivity and enhance service delivery, has agreed to pay $1.8 million [&#8230;] The post Serviceaide Pays $1.8 Million to Settle Data Breach Litigation appeared first on The HIPAA Journal .

HIPAA Journal
CRITICALVulnerability

CISA Warns of Actively Exploited Microsoft SharePoint Vulnerability

CISA says threat actors are exploiting a recently patched SharePoint remote code execution vulnerability (CVE-2026-45659). The post CISA Warns of Actively Exploited Microsoft SharePoint Vulnerability appeared first on SecurityWeek .

CVE-2026-45659
SecurityWeek
MEDIUMVulnerability

NCI and DataExpert launch crypto compliance training programme

The European Anti-Money Laundering Regulation (AMLR) will come into force on 10 July 2027, introducing stricter requirements for financial institutions, crypto-asset service providers (CASPs) and other regulated entities acting as financial gatekeepers

Finextra
MEDIUMVulnerability

Crypto platform Tothemoon secures MiCA licence in Cyprus

Tothemoon, a global crypto platform, today announced that it has secured authorisation from the Cyprus Securities and Exchange Commission (CySEC) as a Crypto-Asset Service Provider (CASP) under the European Union’s Markets in Crypto-Assets Regulation (MiCA).

Finextra
MEDIUMVulnerability

NCSC Shares Tips on How to Make a Pen Tester’s Job Harder

The NCSC has shared best practice advice from pen testers which could help improve system resilience

Infosecurity Magazine
MEDIUMVulnerability

Luxembourg Fund Services and bunch strike strategic alliance

bunch, the AI-native fund operations platform for private markets, today announced it has entered into a strategic partnership with founder Massimo Longoni and CFE Finance Group (“CFE”), joint owners of Luxembourg Fund Services S.A. ("LFS"), under which bunch will join Mr. Longoni and CFE as shareholders in LFS.

Finextra
HIGHRansomware

AI Agent Exploits Langflow RCE to Automate Database Ransomware Attack

Security firm Sysdig says it has found what it believes is the first ransomware attack run from start to finish by an AI agent. Its Threat Research Team calls the operator JADEPUFFER and says a large language model handled the whole job: breaking in, stealing credentials, moving deeper into the network, then encrypting and wiping a company's production database. Ransomware has always

The Hacker News
MEDIUMMalware

Missed incidents, persistent threats, and response gaps: Insights from compromise assessment projects

Kaspersky Compromise Assessment specialists analyze trends from the service's 2025 projects and provide tips on how to enhance your organization's security.

Securelist (Kaspersky)
MEDIUMVulnerability

Alleged Scattered Spider hacker extradited to the United States

A dual United States and Estonian citizen has been extradited to the U.S. to face charges alleging he was a member of the Scattered Spider hacking collective. [...]

BleepingComputer
MEDIUMVulnerability

Alleged Scattered Spider Member Extradited to US

A teenager accused of hacking as part of Scattered Spider has been arrested

Infosecurity Magazine
HIGHRansomware

FortiBleed Credential Theft Linked to INC and Lynx Ransomware Operations

The recently discovered financially-motivated FortiBleed campaign has been attributed to INC and Lynx ransomware operations, indicating that the verified, stolen credentials were intended for follow-on intrusions. "An operator tied to FortiBleed's infrastructure was found actively working negotiation panels for both groups, tying mass FortiGate credential theft directly to ransomware deployment

The Hacker News
MEDIUMVulnerability

Lloyds joins Integral global FX liquidity network

Integral, a leading currency technology provider to financial markets, today announced that Lloyds has joined its ecosystem as a liquidity provider, further strengthening its institutional FX network.

Finextra
MEDIUMVulnerability

Lightspark becomes first payments company in Estonia to get MiCA licence

Today, Lightspark Payments Europe AS announced it received a crypto-asset service provider (CASP) authorization under the EU's Markets in Crypto-Assets Regulation (MiCA), together with authorization to operate as an electronic money institution (EMI), from Estonia's Financial Supervision Authority (Finantsinspektsioon).

Finextra
MEDIUMMalwarePOC

New ChocoPoC RAT Targets Vulnerability Researchers via Fake PoC Exploit Repos

Attackers are hiding a data-stealing trojan inside fake exploit code aimed at the people who hunt bugs for a living. The malware, called ChocoPoC, travels in Python proof-of-concept (PoC) repositories on GitHub that claim to exploit hot new CVEs. Run one, and it quietly lifts your saved passwords, browser cookies, and files, then hands the attacker a shell on your machine. YesWeHack and

The Hacker News
MEDIUMVulnerability

SharePoint RCE CVE-2026-45659 Added to CISA KEV After Active Exploitation

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a high-severity flaw impacting Microsoft SharePoint Server to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability, tracked as CVE-2026-45659 (CVSS score: 8.8), is a case of remote code execution arising from the deserialization of untrusted data. The issue

CVE-2026-45659
The Hacker News
HIGHData Breach

Medtronic notifies customers impacted by ShinyHunters data breach

Healthcare device firm Medtronic is notifying affected customers about a data breach that exposed their personal data to an unauthorized third party. [...]

BleepingComputer
LOWAi

Sandbox bypass flaws in Cursor IDE highlight prompt injection as an RCE vector

Researchers have discovered two vulnerabilities in the widely used Cursor AI-enabled integrated development environment (IDE) that can be exploited through prompt injection to achieve remote code execution (RCE). The two flaws, tracked as CVE-2026-50548 and CVE-2026-50549 , allow attackers to break out of Cursor’s command execution sandbox, the protective layer that’s supposed to prevent the inter

CVE-2026-50548CVE-2026-50549
CSO Online
MEDIUMAi

OCBC adds AI-powered financial advisor avatars to app

OCBC has revamped its mobile app with two AI-powered avatars that deliver "hyper-personalised" wealth management services in real-time 24 hours a day.

Finextra
MEDIUMAi

SoFi buys AI-based investing startup Composer

US fintech SoFi has acquired Composer, a Toronto-based AI-powered retail investing startup. Financial terms were not disclosed.

Finextra
MEDIUMVulnerability

Quantum Breakthroughs Compress Post-Quantum Computing Timeline

<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/quantum-breakthroughs-compress-post-quantum-computing-timeline-image_small-2-a-32137.jpg" align=right hspace=4><b>Microsoft, Google and AWS cite major gains in reliability and error correction.</b><br>Rapid advances in quantum hardware, AI-assisted error correction and fault-tolerant architectures from Microsoft, Google and Amazon

Bank Info Security
MEDIUMVulnerability

US FTC Eyes AI Model Behavior in New Policy Push

<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/us-ftc-eyes-ai-model-behavior-in-new-policy-push-image_small-1-a-32135.jpg" align=right hspace=4><b>Agency Seeks Comments on Objectivity, Accuracy and AI Governance</b><br>The FTC has opened a public comment period on whether AI companies improperly shape model behavior. The proposal could redefine how federal regulators oversee A

Bank Info Security
MEDIUMVulnerability

The Shadow AI Problem Starts in the C-Suite

<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/shadow-ai-problem-starts-in-c-suite-image_small-9-a-32133.jpg" align=right hspace=4><b>Executives Are More Likely to Use Unapproved AI Tools Than Their Teams</b><br>Shadow AI may look like a rank-and-file problem, but new data suggests the biggest users of unauthorized tools are senior leaders and C-suite executives. The findings

Bank Info Security
HIGHData Breach

Aflac Japan: Hack Detected Last Week Affects Nearly 4.4M

<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/aflac-japan-hack-detected-last-week-affects-nearly-44m-image_small-8-a-32131.jpg" align=right hspace=4><b>Incident Is Insurance Giant's Second Major Data Breach Since June 2025</b><br>Aflac is notifying regulators and nearly 4.4 million Aflac Life Insurance Japan customers of a hacking incident detected last week potentially affec

Bank Info Security
MEDIUMMalware

MeetingTV Sues Palo Alto Networks Over Koi Threat Report

<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/meetingtv-sues-palo-alto-networks-over-koi-threat-report-image_small-5-a-32136.jpg" align=right hspace=4><b>MeetingTV Says Koi's AI Analysis Tool Wrongly Tied it to Malware Infrastructure</b><br>MeetingTV alleges an AI-assisted threat intelligence report published by Koi Security falsely linked its infrastructure to a Chinese cybe

Bank Info Security
MEDIUMVulnerability

Workers Withdraw Claims in Stryker Wiper Attack Lawsuit

<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/court-dismisses-stryker-hack-lawsuit-filed-by-workers-image_small-10-a-32129.jpg" align=right hspace=4><b>Action Comes After Stryker Contends Employees' Personal Data Wasn't Compromised</b><br>Eight current and former Stryker employees of medical tech company voluntarily withdrew their lawsuits against the medical technology compa

Bank Info Security
HIGHRansomware

FortiBleed credential-theft campaign linked to Lynx ransomware

The massive FortiBleed credential theft campaign has been linked to the INC and Lynx ransomware operations, suggesting the stolen Fortinet credentials were intended to fuel future network intrusions. [...]

BleepingComputer
MEDIUMVulnerability

Kubota says hackers had month-long access to network systems

Kubota North America Corporation disclosed that hackers had access to some of its network systems for more than a month earlier this year. [...]

BleepingComputer
MEDIUMVulnerability

Robinhood unveils UK crypto launch plans and global DeFi expansion

Today, live from the historic Old Royal Naval College in London, Robinhood hosted Robinhood Presents: The World is Flat, a landmark keynote revealing our most ambitious global expansion and product vision to date.

Finextra
MEDIUMApt

Crafty Phishing Campaigns Auto-Adapt to Victim's Device, OS

Attackers fingerprint victims through user-agent data to deliver OS-specific payloads, increasing compromise rates and campaign profitability.

Dark Reading
CRITICALVulnerability

NVD CRITICAL: CVE-2026-58457 — Shenzhen Aitemi M300 Wi-Fi Repeater (hardware model MT02) contains an unauthenti...

Shenzhen Aitemi M300 Wi-Fi Repeater (hardware model MT02) contains an unauthenticated OS command injection vulnerability that allows network-adjacent attackers to execute arbitrary shell commands by injecting unsanitized input through the smacfilter_conf handler in the commuos web backend. Attackers can append semicolon-delimited payloads to the name, enable, or mac GET parameters, which are passe

CVE-2026-58457
NIST NVD
MEDIUMVulnerability

Teen suspect in Scattered Spider hacks is extradited to US

A complaint unsealed this week accuses a 19-year-old of participating in incidents including a breach of a "luxury-jewelry retailer" in 2025.

The Record
MEDIUMMalwarePOC

ChocoPoc malware delivered via trojanized exploits on GitHub

Multiple weaponized proof-of-concept (PoC) exploits on GitHub delivered a Python-based remote access trojan (RAT) called ChocoPoC that can execute commands and steal sensitive data. [...]

BleepingComputer
MEDIUMMalwarePOC

New ChocoPoC malware targets researchers via trojanized PoC exploits

Multiple weaponized proof-of-concept (PoC) exploits on GitHub were found delivering a Python-based remote access trojan (RAT) named ChocoPoC that can execute commands and steal sensitive data in a campaign believed to target cybersecurity researchers. [...]

BleepingComputer
LOWVulnerability

Langflow Flaws Exposed AI Servers to Takeover

<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/langflow-flaws-exposed-ai-servers-to-takeover-image_small-7-a-32125.jpg" align=right hspace=4><b>Rubrik Decries Lack of Fundamental Cybersecurity in AI Platforms</b><br>Rubrik Zero Labs found four vulnerabilities in Langflow, including flaws that allowed unauthenticated attackers to execute code, read sensitive files and steal cre

Bank Info Security
MEDIUMVulnerability

Unpatched Argo CD Repo-Server Flaw Could Let Attackers Take Over Kubernetes Clusters

Argo CD, a widely used tool for deploying software to Kubernetes, has an unpatched flaw in its repo-server component that lets an unauthenticated attacker run code, provided they can reach the component's internal network port. Synacktiv, which found the bug, says it can lead to a full cluster takeover. There is no fix and no CVE. The firm says it reported the flaw to Argo CD's maintainers in

The Hacker News
MEDIUMVulnerability

19-Year-Old Scattered Spider Suspect Extradited to Face U.S. Hacking Charges

A teenager accused of belonging to the hacking group Scattered Spider has been extradited from Finland to face U.S. charges of conspiracy, computer intrusion, and fraud, the U.S. Department of Justice announced on July 1. Peter Stokes, 19, a dual U.S. and Estonian citizen, appeared in a Chicago federal court on June 30, where a judge ordered him held in custody. Finnish police

The Hacker News
CRITICALVulnerability

Researchers spot exploitation of another critical Oracle defect

The defect impacts a popular collection of business applications that attackers have hit before in widespread attack sprees. The post Researchers spot exploitation of another critical Oracle defect appeared first on CyberScoop .

CyberScoop
CRITICALVulnerability

NVD CRITICAL: CVE-2026-53492 — containerd is an open-source container runtime. In Versions prior to 2.3.2, 2.2....

containerd is an open-source container runtime. In Versions prior to 2.3.2, 2.2.5 and 2.1.9, the CRI implementation improperly trusts Container Device Interface (CDI) annotations found within untrusted checkpoint image metadata during container restoration. When restoring a container from a checkpoint, containerd preserves CDI-related annotations from the checkpoint archive rather than relying sol

CVE-2026-53492
NIST NVD
CRITICALVulnerability

NVD CRITICAL: CVE-2026-50195 — containerd is an open-source container runtime. Versions prior to 2.3.2, 2.2.5 a...

containerd is an open-source container runtime. Versions prior to 2.3.2, 2.2.5 and 2.1.9 contain a vulnerability in the CRI checkpoint import process where it fails to validate the image references specified within a checkpoint image's configuration. An attacker with permissions to create pods can use a crafted checkpoint image to force containerd to pull a malicious image and assign it an arbitra

CVE-2026-50195
NIST NVD
LOWVulnerability

Azure Password-Spraying Attack Bypasses MFA Defenses

<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/azure-password-spraying-attack-bypasses-some-mfa-defenses-image_small-4-a-32128.jpg" align=right hspace=4><b>Threat Actor Uses Deprecated OAuth 2.0 Authentication Flow</b><br>Attackers behind a password-spraying campaign targeting Microsoft Office 365 accounts have amassed dozens of victims by abusing a deprecated feature in OAuth

Bank Info Security
MEDIUMAi

Prohibiting AI Use Increases Enterprise Data Risk

<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/prohibiting-ai-use-increases-enterprise-data-risk-image_small-9-a-32124.jpg" align=right hspace=4><b>Fortra's Tony Kelly on Securing AI Adoption With Governance, Data Protection</b><br>Organizations that block generative AI use often create greater security risks by driving employees toward unauthorized tools, said Tony Kelly, reg

Bank Info Security
LOWVulnerability

CVE-2026-13769 – Insecure file permissions in AWS CLI

<p><b>Bulletin ID:</b> 2026-049-AWS<br> <b>Scope:</b> AWS<br> <b>Content Type:</b> Important (requires attention)<br> <b>Publication Date:</b> 07/01/2026 11:45 AM PDT</p> <p><b>Description:</b></p> <p>The AWS Command Line Interface (AWS CLI) is a unified tool for managing AWS services from the command line. We identified CVE-2026-13769 in AWS CLI on Unix-like systems where the umask has not been c

CVE-2026-13769
AWS Security Bulletins
HIGHVulnerability

NVD HIGH: CVE-2026-46680 — containerd is an open-source container runtime. In versions prior to 1.7.32, 2.0...

containerd is an open-source container runtime. In versions prior to 1.7.32, 2.0.9, 2.2.4 and 2.3.1, containers launched with a numeric User directive that cannot be parsed as a 32-bit integer are incorrectly treated as a username, leading to runAsNonRoot evasion. If a crafted image provides an /etc/passwd file mapping this large numeric string to root, the container ultimately runs as root (UID 0

CVE-2026-46680
NIST NVD
MEDIUMVulnerability

Microsoft Adds New Teams Controls to Block Unauthorized AI Bots From Meetings

Microsoft's new Teams admin policy requires organizer approval for external AI bots, giving organizations greater visibility and control over automated participants in sensitive meetings. The post Microsoft Adds New Teams Controls to Block Unauthorized AI Bots From Meetings appeared first on SecurityWeek .

SecurityWeek
CRITICALVulnerability

Pico and LDA Technologies partner on high-fidelity data for real-time AI and trading workflows

Pico, a leading global provider of mission-critical technology services, software, data and analytics for the financial markets community, and LDA Technologies, a leader in ultra-low latency networking and FPGA applications, today announced that Pico’s Corvil Analytics platform will support LDA Technologies’ NeoTap X aggregation technology in the upcoming Corvil Analytics 10.2 release.

Finextra
MEDIUMVulnerability

SEO-Poisoned Software Sites Abuse ScreenConnect to Deploy AsyncRAT

Unknown threat actors are leveraging the ScreenConnect remote access tool as a way to deploy and execute AsyncRAT. Kaspersky said the activity is part of a "massive, multi-domain, multi-language" campaign that distributes malicious installer archives hosted on spoofed websites. These installers masquerade as popular software like OBS Studio, DNS Jumper, DS4Windows, and Bandicam, among others.

The Hacker News
MEDIUMVulnerability

DHS confirms hackers breached HSIN info-sharing platform

The Department of Homeland Security is investigating a cyberattack that compromised the Homeland Security Information Network (HSIN), a sensitive information-sharing platform used by federal, state, local, and private-sector partners. [...]

BleepingComputer
MEDIUMMalware

VEIL#DROP Malware Chain Uses Blogger Platform to Deliver PureLogs Stealer

Cybersecurity researchers have flagged a new multi-stage malware delivery attack chain that uses social engineering and Blogger pages to deliver an information stealer called PureLogs. The activity has been codenamed VEIL#DROP by Securonix. It's suspected that the initial payloads are distributed either via spear-phishing or a drive-by compromise, which occurs when an unsuspecting user lands on

The Hacker News
CRITICALVulnerability

NVD CRITICAL: CVE-2026-58453 — JAIOTlink C492A-W6 Wi-Fi IP cameras running firmware 4.8.30.57701411 contain a h...

JAIOTlink C492A-W6 Wi-Fi IP cameras running firmware 4.8.30.57701411 contain a hard-coded credentials vulnerability that allows network-adjacent attackers to gain unauthorized access by using the default admin username with an empty password accepted by the anyka_ipc HTTP service on port 80. Attackers can authenticate with these hardcoded credentials to access camera snapshots, video streams, netw

CVE-2026-58453
NIST NVD
CRITICALVulnerability

NVD CRITICAL: CVE-2026-34114 — Guardian language-system passes the id GET parameter directly into a PHP exec() ...

Guardian language-system passes the id GET parameter directly into a PHP exec() call in translate_text.php (line 18) without sanitization: exec(\"php jobs/translate_text.php \".$login_session.\" \".$_GET['id'].\" ...\"). No authentication is required. An unauthenticated remote attacker can append shell metacharacters to execute arbitrary OS commands on the server.

CVE-2026-34114
NIST NVD
CRITICALVulnerability

NVD CRITICAL: CVE-2026-34113 — Guardian language-system passes the id GET parameter directly into a PHP exec() ...

Guardian language-system passes the id GET parameter directly into a PHP exec() call in speech_text.php (line 18) without sanitization: exec(\"php jobs/speech_audio_text.php \".$login_session.\" \".$_GET['id'].\" ...\"). No authentication is required. An unauthenticated remote attacker can append shell metacharacters to execute arbitrary OS commands on the server.

CVE-2026-34113
NIST NVD
CRITICALVulnerability

NVD CRITICAL: CVE-2026-34111 — Guardian language-system passes the id GET parameter directly into a PHP exec() ...

Guardian language-system passes the id GET parameter directly into a PHP exec() call in speechmac_text.php (line 18) without sanitization: exec(\"php jobs/speech_audio_mac_text.php \".$login_session.\" \".$_GET['id'].\" ...\"). No authentication is required. An unauthenticated remote attacker can append shell metacharacters to execute arbitrary OS commands on the server.

CVE-2026-34111
NIST NVD
CRITICALVulnerability

NVD CRITICAL: CVE-2026-34110 — Guardian language-system passes the id GET parameter directly into a PHP exec() ...

Guardian language-system passes the id GET parameter directly into a PHP exec() call in complex_start.php (line 14) without sanitization: exec(\"php jobs/complex.php \".$login_session.\" \".$_GET['id'].\" ...\"). No authentication is required. An unauthenticated remote attacker can append shell metacharacters to execute arbitrary OS commands on the server.

CVE-2026-34110
NIST NVD
CRITICALVulnerability

NVD CRITICAL: CVE-2026-34109 — Guardian language-system passes the id GET parameter directly into a PHP exec() ...

Guardian language-system passes the id GET parameter directly into a PHP exec() call in speech.php (line 18) without sanitization: exec(\"php jobs/speech_audio.php \".$login_session.\" \".$_GET['id'].\" ...\"). No authentication is required. An unauthenticated remote attacker can append shell metacharacters to execute arbitrary OS commands on the server.

CVE-2026-34109
NIST NVD
CRITICALVulnerability

NVD CRITICAL: CVE-2026-34108 — Guardian language-system passes the id GET parameter directly into a PHP exec() ...

Guardian language-system passes the id GET parameter directly into a PHP exec() call in text.php (line 15) without sanitization: exec(\"php jobs/text.php \".$login_session.\" \".$_GET['id'].\" ...\"). No authentication is required. An unauthenticated remote attacker can append shell metacharacters to execute arbitrary OS commands on the server.

CVE-2026-34108
NIST NVD
CRITICALVulnerability

NVD CRITICAL: CVE-2026-34107 — Guardian language-system passes the id GET parameter directly into a PHP exec() ...

Guardian language-system passes the id GET parameter directly into a PHP exec() call in translate.php (line 14) without sanitization: exec(\"php jobs/translate.php \".$login_session.\" \".$_GET['id'].\" ...\"). No authentication is required. An unauthenticated remote attacker can append shell metacharacters to execute arbitrary OS commands on the server.

CVE-2026-34107
NIST NVD
CRITICALVulnerability

NVD CRITICAL: CVE-2026-34106 — Guardian language-system passes the id GET parameter directly into a PHP exec() ...

Guardian language-system passes the id GET parameter directly into a PHP exec() call in subtitles.php (line 19) without sanitization: exec(\"php jobs/subtitle_rendering.php \".$login_session.\" \".$_GET['id'].\" ...\"). No authentication is required. An unauthenticated remote attacker can append shell metacharacters to the id parameter to execute arbitrary OS commands on the server.

CVE-2026-34106
NIST NVD
CRITICALVulnerability

NVD CRITICAL: CVE-2026-34105 — Guardian language-system passes the id GET parameter directly into an unsanitize...

Guardian language-system passes the id GET parameter directly into an unsanitized SQL query in translate_text.php (line 15): SELECT id, filename, extension, type FROM files where id = '\".$_GET['id'].\"'. An authenticated attacker can perform error-based SQL injection to extract database contents.

CVE-2026-34105
NIST NVD
CRITICALVulnerability

NVD CRITICAL: CVE-2026-34104 — Guardian language-system passes the name GET parameter directly into an unsaniti...

Guardian language-system passes the name GET parameter directly into an unsanitized SQL query in designer.php (line 124): SELECT * FROM complex WHERE name='\".$_GET['name'].\"'. An authenticated attacker can perform error-based SQL injection to extract database contents.

CVE-2026-34104
NIST NVD
CRITICALVulnerability

NVD CRITICAL: CVE-2026-34103 — Guardian language-system passes the id GET parameter directly into an unsanitize...

Guardian language-system passes the id GET parameter directly into an unsanitized SQL query in subtitles.php (line 16): SELECT id, filename, extension, type FROM files where id = '\".$_GET['id'].\"'. An authenticated attacker can perform error-based SQL injection to extract database contents.

CVE-2026-34103
NIST NVD
CRITICALVulnerability

NVD CRITICAL: CVE-2026-34102 — Guardian language-system passes the id GET parameter directly into an unsanitize...

Guardian language-system passes the id GET parameter directly into an unsanitized SQL query in job_info_get.php (line 16): SELECT * FROM jobs where input1 = '\".$_GET['id'].\"'. An authenticated attacker can perform error-based SQL injection to extract database contents.

CVE-2026-34102
NIST NVD
CRITICALVulnerability

NVD CRITICAL: CVE-2026-34101 — Guardian language-system passes the id GET parameter directly into an unsanitize...

Guardian language-system passes the id GET parameter directly into an unsanitized SQL query in text_file.php (line 17): SELECT id, filename, extension, type, duration, owner, private FROM files where id = '\".$_GET['id'].\"'. An authenticated attacker can perform error-based SQL injection to extract database contents.

CVE-2026-34101
NIST NVD
CRITICALVulnerability

NVD CRITICAL: CVE-2026-34100 — Guardian language-system passes the id GET parameter directly into an unsanitize...

Guardian language-system passes the id GET parameter directly into an unsanitized SQL query in media.php (line 17): SELECT id, filename, extension, type, duration, owner, private FROM files where id = '\".$_GET['id'].\"'. An authenticated attacker can perform error-based SQL injection to extract database contents.

CVE-2026-34100
NIST NVD
CRITICALVulnerability

NVD CRITICAL: CVE-2026-34099 — Guardian language-system passes the id GET parameter directly into an unsanitize...

Guardian language-system passes the id GET parameter directly into an unsanitized SQL query in job_info.php (line 16): SELECT * FROM jobs where id = '\".$_GET['id'].\"'. No authentication is required. An unauthenticated attacker can perform error-based SQL injection to extract the database version, current user, schema names, and table contents.

CVE-2026-34099
NIST NVD
MEDIUMVulnerability

Hackers target Microsoft 365 accounts with 81 million login attempts

An aggressive password-spraying campaign targeting Microsoft 365 environments generated more than 81 million login attempts over a two-week period. [...]

BleepingComputer
CRITICALVulnerability

NVD CRITICAL: CVE-2026-58127 — PACSgear MediaWriter 5.2.1 exposes a .NET Remoting TCP service on port 9000 via ...

PACSgear MediaWriter 5.2.1 exposes a .NET Remoting TCP service on port 9000 via PacsgearMediaServerEngine.dll, registered with ObjectURIs RemoteObj and UIRemoteObj, without any authentication requirement. By exploiting the MarshalByRefObject object unmarshalling technique and implementing .NET WebClient class methods, an unauthenticated remote attacker can read and write arbitrary files on the hos

CVE-2026-58127
NIST NVD
CRITICALVulnerability

NVD CRITICAL: CVE-2026-58126 — PACSgear PACS Scan 5.2.1 contains an unauthenticated remote code execution vulne...

PACSgear PACS Scan 5.2.1 contains an unauthenticated remote code execution vulnerability that allows remote attackers to read and write arbitrary files by exploiting an exposed .NET Remoting TCP service on port 22222 via PGImageExchQueue.exe without any authentication requirement. Attackers can chain the arbitrary file write primitive with DLL hijacking in PGImageExchangeQueueSvc.exe, which loads

CVE-2026-58126
NIST NVD
CRITICALVulnerability

NVD CRITICAL: CVE-2026-57517 — Control Web Panel before 0.9.8.1225 contains a blind SQL injection vulnerability...

Control Web Panel before 0.9.8.1225 contains a blind SQL injection vulnerability that allows unauthenticated remote attackers to execute arbitrary SQL queries by submitting unsanitized input through the userRes POST parameter at the user endpoint. Attackers can exploit MySQL root privileges obtained via the injection to write arbitrary files using INTO DUMPFILE, enabling deployment of a PHP webshe

CVE-2026-57517
NIST NVD
MEDIUMVulnerability

Verizon Releases Inaugural Breach Impact Study

Verizon Business has released the findings from its inaugural Breach Impact Study, which focuses on the financial impact of data [&#8230;] The post Verizon Releases Inaugural Breach Impact Study appeared first on The HIPAA Journal .

HIPAA Journal
MEDIUMVulnerability

When Too Much Security Data Became the Risk

Rapid growth turned routine firewall logs into a security and budget liability. One CISO used artificial intelligence to filter what data truly belongs in the SIEM.

Dark Reading
MEDIUMVulnerability

Objectway buys FNZ&#39;s Swiss private banking tech business

Objectway, a global wealthtech partner for banking, wealth and asset management firms, today announced the acquisition from FNZ of their Swiss private banking technology business FNZ Switzerland SA (formerly operating as New Access).

Finextra
MEDIUMVulnerability

Peru&#39;s BanBif picks Finastra tech for trade finance overhaul

Peru-based Banco Interamericano de Finanzas (BanBif), today announced its selection of Finastra Trade Innovation and Corporate Channels as part of its trade finance modernization project.

Finextra
MEDIUMVulnerability

Nebeus receives MiCA CASP authorisation

Nebeus has been authorised by Spain's CNMV as a Crypto-Asset Service Provider (CASP) under the EU's Markets in Crypto-Assets (MiCA) regulation, placing the Barcelona-based fintech among the first regulated firms able to passport digital asset services across the European Economic Area.

Finextra
MEDIUMMalware

Ousaban Banking Trojan Targets Iberian Bank Users with Fake PDF Lures

A Brazilian banking trojan called Ousaban is going after Windows users who bank in Spain and Portugal. Fortinet's FortiGuard Labs identified the campaign in May 2026. It opens with a phishing PDF disguised as a corrupted file, checks that the visitor is really in Spain or Portugal, and hides its real payload inside an image. The goal is the usual one: steal banking logins and take

The Hacker News
LOWVulnerability

5 Myths About AI in the SOC Security Teams Need to Rethink

AI is now part of almost every conversation in security operations. Most teams are already investing in it, experimenting with it, or trying to understand where it fits. The challenge is not whether to adopt AI, but how to apply it in a way that actually improves outcomes. At the Rapid7 Global Cybersecurity Summit, the session The AI Dilemma: Automating Defense Without Surrendering Judgment explor

Rapid7
CRITICALVulnerability

Adobe Patches 7 CVSS 10.0 Flaws in ColdFusion and Campaign Classic

Adobe has released patches for multiple maximum-severity security flaws impacting Adobe ColdFusion and Adobe Campaign Classic. The ColdFusion updates "resolves critical and important vulnerabilities that could lead to arbitrary code execution, privilege escalation, arbitrary file system read, and security feature bypass," Adobe said in an alert released Tuesday. The vulnerabilities are listed

The Hacker News
MEDIUMSupply Chain

'Phantom Squatting': An Emerging AI-Driven Supply Chain Threat

LLMs consistently hallucinate Web domains for legitimate brands that attackers can register for malicious activity in a difficult-to-detect attack vector.

Dark Reading
CRITICALVulnerability

NVD CRITICAL: CVE-2026-23537 — A vulnerability has been identified in the Feast Feature Server’s `/save-documen...

A vulnerability has been identified in the Feast Feature Server’s `/save-document` endpoint that allows an unauthenticated remote attacker to write arbitrary JSON files to the server's filesystem. Although the system attempts to restrict file locations, these protections can be bypassed, enabling an attacker to overwrite vital application configurations or startup scripts. Because this flaw requir

CVE-2026-23537
NIST NVD
MEDIUMVulnerability

JP Morgan Payments and NPCI team up to power real-time FX for cross-border UPI

National Payments Corporation of India is working with JP Morgan Payments to enable real-time currency conversion and settlement of cross-border transactions over the Unified Payments Interface.

Finextra
CRITICALAi

Critical Cursor Flaws Could Let Prompt Injection Escape Sandbox and Run Commands

Two flaws in Cursor, an AI code editor, could let a single, ordinary-looking prompt break out of the editor's safety sandbox and run any command on a developer's computer. There is no click to fall for and no approval box to ignore. Cato AI Labs found the pair and named them DuneSlide. They are tracked as CVE-2026-50548 and CVE-2026-50549, both rated 9.8 out of 10 (or 9.3

CVE-2026-50548CVE-2026-50549
The Hacker News
MEDIUMMalware

Fileless Malware Abuses Google Blogspot to Deploy Infostealer in Memory

Securonix said the Veil#Drop campaign abuses Google Blogspot to deliver PureLog Stealer in memory

Infosecurity Magazine
MEDIUMVulnerability

Swedish court orders Google to pay Klarna $1.97bn

Google has been ordered by a Swedish court to pay $1.97 billion in damages to PriceRunner, a price comparison service owned by Klarna.

Finextra
MEDIUMAi

Stripe rolls out tools to help German businesses sell globally

Stripe today shared new tools to help businesses in Germany sell to and via AI agents, and reach more markets around the world.

Finextra
MEDIUMVulnerability

Nuvei makes C-suite changes

Nuvei, the global fintech building the infrastructure for every payment, everywhere, today announced three appointments to its executive leadership team as the company continues its next phase of global growth.

Finextra
MEDIUMVulnerability

Privilege escalation to root in Lima QEMU guests via a world-writable agent socket (CVE-2026-53657)

[object Object]

CVE-2026-53657
r/cybersecurity
MEDIUMPhishing

Turning Indicators into Intelligence in OpenCTI with Criminal IP

Threat intelligence is only as useful as the context behind it. Criminal IP explains how its integration enriches threat indicators in OpenCTI with risk scoring, infrastructure intelligence, and phishing analysis. [...]

BleepingComputer
MEDIUMSupply Chain

Vulnerability Prioritization Is Missing the AI-Era Point

<div class="hs-featured-image-wrapper"> <a href="https://www.sonatype.com/blog/focusing-on-vulnerability-prioritization-is-missing-the-ai-era-point" title="" class="hs-featured-image-link"> <img src="https://www.sonatype.com/hubfs/blog_prioritize_vulnerabilities.jpg" alt="Image with a hexagon shape at center containing a computer monitor with an icon of an arrow and bullseye." class="hs-featured-i

Sonatype (Maven/npm)
MEDIUMVulnerability

HHS Provides Update on its Artificial Intelligence RFI

The Department of Health and Human Services (HHS) has provided an update on how it plans to accelerate the adoption [&#8230;] The post HHS Provides Update on its Artificial Intelligence RFI appeared first on The HIPAA Journal .

HIPAA Journal
CRITICALVulnerability

Progress Kemp LoadMaster Pre-Auth RCE Flaw Faces Active Exploitation Attempts

A recently disclosed critical security flaw impacting Progress Kemp LoadMaster is seeing active exploitation attempts, according to an advisory from eSentire's Threat Response Unit (TRU). The Canadian cybersecurity company said it identified exploitation attempts targeting CVE-2026-8037 (CVSS score: 9.6), an operating system (OS) command injection flaw that could be exploited to achieve

CVE-2026-8037
The Hacker News
MEDIUMMalware

Brazilian Banking Trojan Ousaban Targets Spain and Portugal

FortiGuard says the Brazilian banking trojan Ousaban is targeting Spain and Portugal via phishing

Infosecurity Magazine
MEDIUMVulnerability

Take the Guesswork out of HIPAA Compliance for Small Practices

Removing guesswork from HIPAA compliance means replacing assumptions about what a practice has covered with a documented process that maps [&#8230;] The post Take the Guesswork out of HIPAA Compliance for Small Practices appeared first on The HIPAA Journal .

HIPAA Journal
MEDIUMVulnerability

Security Researcher Identifies Quintet of Bugs in Toolkit Used in DICOM Medical Imaging Software

A quintet of vulnerabilities has been identified in a DICOM toolkit – OFFIS DCMTK – that is extensively used in [&#8230;] The post Security Researcher Identifies Quintet of Bugs in Toolkit Used in DICOM Medical Imaging Software appeared first on The HIPAA Journal .

HIPAA Journal
MEDIUMAi

U.S. lifting export control restrictions on Anthropic’s Mythos, Fable

The company and the Commerce Department say they have reached an agreement that will see the AI models released publicly with new guardrails and classifiers. The post U.S. lifting export control restrictions on Anthropic’s Mythos, Fable appeared first on CyberScoop .

CyberScoop
MEDIUMAi

US lifting export control restrictions on Anthropic’s Mythos, Fable

The company and the Commerce Department say they have reached an agreement that will see the AI models released publicly with new guardrails and classifiers. The post US lifting export control restrictions on Anthropic’s Mythos, Fable appeared first on CyberScoop .

CyberScoop
MEDIUMVulnerability

HIPAA Compliance Made Easy for Small Practices

HIPAA compliance for a small practice means meeting the requirements of the HIPAA Privacy Rule, the HIPAA Security Rule, and [&#8230;] The post HIPAA Compliance Made Easy for Small Practices appeared first on The HIPAA Journal .

HIPAA Journal
MEDIUMVulnerability

SumUp launches consumer personal accounts

SumUp, the global financial technology company serving more than four million merchants worldwide, has today announced the launch of consumer personal accounts, marking the most significant expansion of its consumer offering to date.

Finextra
LOWVulnerability

Finova acquires Cubit Labs to accelerate its future of lending strategy

Finova, the UK's leading cloud-based mortgage, savings and lending software provider, today announces the acquisition of Cubit Labs, an AI technology company focused on transforming intermediary workflows and compliance.

Finextra
MEDIUMVulnerability

RTGS.global and Bamboo partner on cross-border payments across Latin America

RTGS.global and Bamboo have today announced a strategic partnership to enhance cross-border payment capabilities for financial institutions, payment providers and businesses operating across Latin America, including those supporting regulated iGaming activities enabling faster, more efficient movement of funds across one of the industry's fastest-growing regions.

Finextra
MEDIUMAi

US lifts export controls on Anthropic’s frontier cybersecurity AI models

Anthropic said export controls on certain models had been lifted after the company came to a series of agreements with the government.

The Record
HIGHData Breach

Japanese insurer, brewer, manufacturer and telecom disclose cyber breaches

Aflac's Tokyo arm and brewer Sapporo are among the major Japanese companies to recently notify the public about data breaches.

The Record
MEDIUMVulnerability

Safe Events Start With Threat Intel &amp; Digital Security

Planning ahead to defend against cyber threats is the work that keeps events uneventful.

Dark Reading
MEDIUMVulnerability

Safe Events Start With Threat Intel and Digital Security

Planning ahead to defend against cyber threats is the work that keeps events uneventful.

Dark Reading
HIGHRansomware

AI-Generated Browser Ransomware Abuses Chromium API on Windows and Android

Cybersecurity researchers have flagged a new malware artifact generated using DeepSeek that constructed a novel attack path combining "unrealistic browser-malware concepts with a real browser capability" to turn it into a working ransomware technique that runs entirely inside the browser on both Windows and Android devices. "This is the first documented case where a frontier AI model

The Hacker News
HIGHRansomware

AI-Generated Browser Ransomware Abuses Chromium API on Windows, Linux, macOS, Android

Cybersecurity researchers have flagged a new malware artifact generated using DeepSeek that constructed a novel attack path combining "unrealistic browser-malware concepts with a real browser capability" to turn it into a working ransomware technique that runs entirely inside the browser on both Windows and Android devices. "This is the first documented case where a frontier AI model

The Hacker News
CRITICALVulnerability

Over 900 Oracle E-Business instances exposed to ongoing attacks

Over 900 Oracle E-Business Suite (EBS) instances have been found exposed online amid ongoing attacks exploiting a critical security flaw. [...]

BleepingComputer
MEDIUMAi

BoE calls for bespoke AI regulation

A senior official at the Bank of England has called for an updated regulatory framework to cater for the inexorable rise of agentic AI

Finextra
MEDIUMVulnerability

Medtronic Starts Notifying Individuals Affected by April 2026 Cyberattack

Medtronic has started issuing notifications to individuals affected by an April 2026 cyberattack. The ShinyHunters threat group claimed responsibility for [&#8230;] The post Medtronic Starts Notifying Individuals Affected by April 2026 Cyberattack appeared first on The HIPAA Journal .

HIPAA Journal
MEDIUMVulnerability

Eurobank announces €1bn tech investment plan

Greece-based Eurobank is planning to invest as much as €1bn in technology as part of a digital transformation programme.

Finextra
MEDIUMVulnerability

2026 Cybersecurity Assessment: The Gap Between Awareness and Resilience

Organizations have never had greater awareness of cyber risk. Yet turning that awareness into operational resilience has never been more challenging. The 2026 Bitdefender Cybersecurity Assessment confirms this is the case, as this year's findings reveal a series of surprising contradictions. Here are a few examples, based on the independent survey of 1,200 IT and cybersecurity professionals

The Hacker News
CRITICALVulnerability

Adobe Patches Critical ColdFusion, Campaign Classic Vulnerabilities

Seven of the security defects have a maximum severity rating of 10/10 and could lead to arbitrary code execution. The post Adobe Patches Critical ColdFusion, Campaign Classic Vulnerabilities appeared first on SecurityWeek .

CVE-2026-48286
SecurityWeek
MEDIUMVulnerability

Citrix Patches NetScaler Vulnerabilities, Including New ‘HTTP/2 Bomb’ Attack

Citrix urges customers to patch NetScaler after fixing six vulnerabilities, including the HTTP/2 Bomb flaw and a high-severity CitrixBleed-style information disclosure bug. The post Citrix Patches NetScaler Vulnerabilities, Including New ‘HTTP/2 Bomb’ Attack appeared first on SecurityWeek .

SecurityWeek
MEDIUMVulnerability

EC Markets installs Acuity Trading&#39;s AI-driven trading tools

EC Markets traders will gain access to Acuity Trading’s full suite of AI-driven market, event and trade intelligence tools through EC Insights, bringing together sentiment analysis, economic data, macroeconomic context and AI-supported market commentary within the EC Markets trading environment.

Finextra
MEDIUMVulnerability

FIX publishes new outage communicaiton standards

The FIX Trading Community, the industry association that manages the world’s trading language, the FIX Protocol, has released a new methodology for exchanges and market participants to automatically communicate outages electronically.

Finextra
MEDIUMAi

Anthropic's Fable 5 and Mythos 5 Are Back with New Security Guardrails

The new classifier in Fable 5 blocks the jailbreak technique that prompted the US export controls “in over 99% of cases”

Infosecurity Magazine
MEDIUMVulnerability

Singapore&#39;s UOB and CQT collaborate on quantum computing

UOB today announced a collaboration with Singapore’s Centre for Quantum Technologies (CQT) to pioneer the application of quantum computing techniques to the valuation of complex financial derivatives.

Finextra
LOWVulnerability

Papa Johns Surveillance-Based Advertising

Papa Johns is spying on people&#8217;s buying activities to predict when they are low on food: The pizza chain recently tapped NBCUniversal, Instacart and the dentsu-owned media agency Carat for help reaching consumers when they&#8217;re low on groceries&#8212;and thus more likely to be swayed by a mouth-watering ad. The idea is to reach hungry consumers by &#8220;knowing what is in their fridge w

Schneier on Security
MEDIUMVulnerability

Microsoft fixes GIF functionality in the Windows Emoji Panel

Microsoft has fixed the GIF functionality in the Emoji Panel for Windows 11 and Windows Server users after the provider shut down its service. [...]

BleepingComputer
MEDIUMVulnerability

US Faster Payments Council unveils 2026 directors

The US Faster Payments Council (FPC), a membership organization devoted to advancing safe, easy-to-use faster payments in the United States, today announced the results of its 2026 Board of Directors election.

Finextra
MEDIUMVulnerability

Microsoft Accelerates Post-Quantum Cryptography Shift to 2029

Microsoft on Tuesday said it's accelerating its quantum safe security roadmap, stating technology advances in quantum computing are making it essential to replace existing encryption standards sooner than previously expected. "Advances in quantum research and development have shifted the risk horizon," Mark Russinovich, chief technology officer of Microsoft Azure, said. "We believe

The Hacker News
MEDIUMVulnerability

Martin Lee: Running through the Arctic (and the threat landscape)

Ever wonder how someone goes from studying human viruses to leading cybersecurity teams? In this Humans of Talos, we’re joined by Martin Lee, EMEA Lead, to talk about his journey into the industry.

Cisco Talos
MEDIUMMalware

The SOC Files: ScreenConnect masked as freeware. An inside look at a large-scale campaign

Kaspersky experts have uncovered a malicious network infrastructure for delivering AsyncRAT. The Trojan is dropped via compromised ScreenConnect software. In this post, we break down the infection chain and analyze the C2 infrastructure.

Securelist (Kaspersky)
LOWPhishing

ARToken: Inside an EvilTokens affiliate panel targeting Microsoft 365

Talos has identified "ARToken," a phishing-as-a-service platform that targets Microsoft 365. The ARToken panel exposes 80+ API endpoints for device code phishing, Primary Refresh Token persistence, email access, BEC operations, and SharePoint exfiltration.

Cisco Talos
MEDIUMVulnerability

Frontier AI: Six Questions Every Enterprise Should Ask Security Vendors

From model selection and automation to validation and measurable results, the right questions can help enterprises separate genuine AI capabilities from marketing hype. The post Frontier AI: Six Questions Every Enterprise Should Ask Security Vendors appeared first on SecurityWeek .

SecurityWeek
MEDIUMVulnerability

Microsoft Accelerates Quantum-Safe Push with New Timeline

Microsoft has brought forward its timelines for transitioning to post-quantum cryptography (PQC)

Infosecurity Magazine
MEDIUMPhishing

This phishing kit looks more like BEC-as-a-service

Cisco Talos’ research on ARToken builds on what’s known about the related EvilTokens phishing-as-a-service. The post This phishing kit looks more like BEC-as-a-service appeared first on CyberScoop .

CyberScoop
MEDIUMVulnerability

Amazon fined $2.25M for withholding evidence from fraud victims

The U.S. Federal Trade Commission (FTC) says Amazon will pay a $2.25 million civil penalty to settle charges that it blocked identity theft victims' access to transaction records. [...]

BleepingComputer
MEDIUMVulnerability

AI not eliminating need for bankers - survey

The notion that artificial intelligence (AI) will replace financial services workers is "no longer true", suggests a recently published report.

Finextra
MEDIUMVulnerability

Apple Patches Dozens of Vulnerabilities Across iOS, macOS, and Safari

The updates fix vulnerabilities in WebKit, the kernel, WebRTC, Web Extensions, and other components affecting iPhone, iPad, Mac, and Safari users. The post Apple Patches Dozens of Vulnerabilities Across iOS, macOS, and Safari appeared first on SecurityWeek .

SecurityWeek
HIGHData Breach

Insurance Giant Aflac Discloses Data Breach Impacting Millions

Aflac Japan has notified regulators that policy details and personal and banking information have been compromised

Infosecurity Magazine
MEDIUMVulnerability

Dawnguard Raises $6.3 Million for Security Architecture Automation Platform

The company has publicly launched its solution to help organizations design, build, and operate secure cloud systems. The post Dawnguard Raises $6.3 Million for Security Architecture Automation Platform appeared first on SecurityWeek .

SecurityWeek
MEDIUMVulnerability

Credit Agricole launches euro stablecoin

French bank Credit Agricole has launched a euro-denominated stablecoin and subscribed to a tokenised Amundi money market fund (MMF), in what the bank has described as a European first.

Finextra
MEDIUMVulnerability

Pay.UK launches liquidity model for faster payments

Pay.UK, the recognised operator and standards body for the UK’s interbank retail payment systems, has gone live with a flexible model for liquidity requirements for Faster Payments Net Sender Caps (NSC), further facilitating access for a wider range of participants.

Finextra
CRITICALVulnerability

NVD CRITICAL: CVE-2026-11387 — The SMS Alert – SMS & OTP for WooCommerce, Order Notifications & Abandoned Cart ...

The SMS Alert – SMS & OTP for WooCommerce, Order Notifications & Abandoned Cart Recovery plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.9.5. This is due to the plugin not properly validating a user's identity prior to updating their details like reset the password of any user account, including administrators, and gain full a

CVE-2026-11387
NIST NVD
MEDIUMVulnerability

Unzer appoints chief product and AI officer

Unzer, a leading European provider of payment and software solutions, has appointed Isabelle B&#233;nard as Chief Product & AI Officer (CPAIO).

Finextra
MEDIUMVulnerability

Standard Chartered and LMAX execute first digital asset prime broker trade

Standard Chartered has executed the first digital asset prime brokerage trades with LMAX Group, marking a significant milestone in the development of institutional digital asset market infrastructure.

Finextra
MEDIUMVulnerability

Massive Password Spray Campaign Targeting Azure CLI

Hackers were seen making over 81 million login attempts originating from systems associated with hosting provider LSHIY. The post Massive Password Spray Campaign Targeting Azure CLI appeared first on SecurityWeek .

SecurityWeek
MEDIUMVulnerability

Adobe patches seven max severity ColdFusion, Campaign flaws

Adobe has released security patches for seven maximum-severity vulnerabilities in the ColdFusion web app development platform and the Campaign Classic marketing automation platform. [...]

BleepingComputer
HIGHAi

Phantom Squatting Uses AI-Hallucinated Domains for Phishing and Malware

Large language models keep inventing web addresses that do not exist. Attackers have started buying those made-up domains before anyone else can, then hosting phishing pages on them to catch traffic that AI tools point their way. Palo Alto Networks' Unit 42 calls the trick phantom squatting, and its new research shows it is already happening in the wild. The reason it matters is

The Hacker News
MEDIUMVulnerability

The Payments Association names Renuka Rawlins director of policy and government affairs

The Payments Association, a trade body for the payments sector, has appointed Renuka Rawlins as its new Director of Policy & Government Affairs.

Finextra
CRITICALRansomware

Detection engineering: A programmatic approach to identifying cyber threats

Detection engineering, which was once a niche practice among mostly large companies, appears to have evolved into a capability that organizations across industries now consider essential to their security operations. What is detection engineering? Detection engineering is about creating and implementing systems to identify potential security threats within an organization’s specific technology env

CSO Online
MEDIUMAi

Anthropic Restores Claude Fable 5 After U.S. Lifts Jailbreak-Linked Export Controls

Anthropic is putting Claude Fable 5 back online worldwide. On June 30, the U.S. Commerce Department lifted the export controls it had imposed on Fable and its more tightly controlled sibling Mythos 5 about two and a half weeks earlier. Fable 5 returns to users on Wednesday, July 1, across Claude.ai, the Claude Platform, Claude Code, and Claude Cowork. Export controls restrict who can

The Hacker News
MEDIUMSupply Chain

OpenClaw: risks for agent users and how to mitigate them

Researching OpenClaw vulnerabilities, malicious skills and other security issues with the popular agent, and providing tips on how to mitigate them.

Securelist (Kaspersky)
MEDIUMSupply Chain

OpenClaw: risks for the users and how to mitigate them

Researching OpenClaw vulnerabilities, malicious skills, and other security issues with the popular agent, and providing tips on how to mitigate them.

Securelist (Kaspersky)
CRITICALVulnerability

Google Patches 382 Chrome Vulnerabilities

Fifteen of the newly patched flaws have been rated ‘critical’ and 67 have been rated ‘high severity’. The post Google Patches 382 Chrome Vulnerabilities appeared first on SecurityWeek .

SecurityWeek
MEDIUMAi

US Lifts Export Curbs on Anthropic AI Models

<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/us-lifts-export-curbs-on-anthropic-ai-models-image_small-7-a-32123.jpg" align=right hspace=4><b>Commerce Ends 18-Day Ban to Restore Global Access to Fable 5, Mythos 5</b><br>The U.S. Department of Commerce lifted export controls on Anthropic's Fable 5 and Mythos 5, ending an 18-day restriction imposed over national security concer

Bank Info Security
MEDIUMVulnerability

Azure CLI Password Spray Hits at Least 78 Microsoft Accounts in 81M+ Attempts

Cybersecurity researchers have warned of a "massive, ongoing, automated password spray attack" aimed at Microsoft's Azure command-line interface (CLI), compromising dozens of accounts in the process. The activity, per Huntress, originates from an IPv6 address range (2a0a:d683::/32) controlled by internet infrastructure provider LSHIY LLC (AS32167). "Between June 12 and June 26, the threat

The Hacker News
MEDIUMMalware

Researcher Analyzes 3,000 Live ClickFix Payloads, Exposing API-Driven Malware Delivery

ClickFix, the trick that fools people into running malware by hand, has quietly grown a back office. New research shows the malicious commands behind its fake "prove you're human" pages are now handed out by API-driven servers that give each visitor the same malware in a different disguise. The same research also turned up a new delivery method built to slip past Windows' script scanning.

The Hacker News
CRITICALVulnerability

NVD CRITICAL: CVE-2026-6070 — The WP-BusinessDirectory plugin for WordPress is vulnerable to Unauthenticated A...

The WP-BusinessDirectory plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Deletion in versions up to and including 4.0.1. This is due to insufficient path validation in the remove() method of the JBusinessDirectoryControllerUpload class. The task=upload.remove endpoint is accessible without authentication via the plugin's frontend routing system. The _filename parameter is acce

CVE-2026-6070
NIST NVD
MEDIUMPhishing

Why Ask Credentials If There Are Secret Codes&#x3f;, (Wed, Jul 1st)

This morning, an interesting phishing email hit my mailbox. It targets Metamask&#x5b;1&#x5d;, a cryptocurrency wallet, available as a browser extension and a mobile app, that lets users store, send, and receive crypto money. It&#x27s pretty popular, so a juicy target for criminals. In February, I already mentioned a campaign against them&#x5b;2&#x5d;.&#xd;

SANS ISC
LOWVulnerability

Citrix Patches Six NetScaler Flaws Allowing File Read and Denial-of-Service

Citrix on Tuesday released security updates to address multiple flaws in NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway) that could be exploited by an attacker to facilitate arbitrary file reads or trigger a denial-of-service (DoS) condition. The vulnerabilities are listed below - CVE-2026-8451 (CVSS score: 8.8) - An insufficient input validation

CVE-2026-8451
The Hacker News
HIGHVulnerability

NVD HIGH: CVE-2026-53488 — containerd is an open-source container runtime. In versions prior to 1.7.33, 2.3...

containerd is an open-source container runtime. In versions prior to 1.7.33, 2.3.2, 2.2.5, 2.1.9, and 2.0.10 the CRI plugin propagates labels from an image config (LABEL instruction in Dockerfile) to a container without validation. This may result in executing an arbitrary command on the host, via a plugin that consumes container labels for some operations. This issue has been fixed in versions 1.

CVE-2026-53488
NIST NVD
MEDIUMSupply Chain

Phantom Squatting: AI-Hallucinated Domains as a Software Supply Chain Vector

Attackers can exploit LLM domain hallucinations through phantom squatting to target supply chains. Read the analysis to learn more. The post Phantom Squatting: AI-Hallucinated Domains as a Software Supply Chain Vector appeared first on Unit 42 .

Unit 42 (Palo Alto)
CRITICALVulnerability

China-Linked Group Targets Southeast Asia Critical Systems

The group compromised at least 10 regional organizations, including two state-owned entities, and deployed a new backdoor.

Dark Reading
MEDIUMAi

CVE-2026-55407: 22x memory amplification bug in Anthropic's buffa protobuf decoder

[object Object]

CVE-2026-55407
r/cybersecurity
MEDIUMAi

Anthropic to restore Claude Fable access on Wednesday

Anthropic has confirmed that the Department of Commerce has lifted export controls on Claude's two most powerful models, Fable 5 and Mythos 5. [...]

BleepingComputer
MEDIUMVulnerability

UK investors sue Binance

Nearly 1700 UK investors have filed a group action legal claim seeking at least &#163;150 million from crypto platform Binance and its founder Changpeng Zhao.

Finextra
MEDIUMVulnerability

Danske Bank extends AWS partnership for AI push

Denmark’s Danske Bank is expanding its collaboration with Amazon Web Services as it bids to accelerate the rollout of AI-enabled products and services.

Finextra
MEDIUMVulnerability

Instant business payments platform Root emerges from stealth

Root, an instant payments platform that powers receivables, payables, and money transmissions, has emerged from stealth with a mission to modernise money movement in the US.

Finextra
MEDIUMAi

How Agentic AI Is Reshaping the Modern SOC

Agentic AI is redefining security operations by embedding intelligence across detection, investigation and response. Optiv's Ben Spencer and Google Cloud's Wayne Kearns explain how AI-powered SOCs strengthen defense, why human expertise is essential and how MSSPs can accelerate enterprise adoption.

Bank Info Security
MEDIUMVulnerability

Russian Water System Hack Attempted to Turn Canada Dry

<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/russian-water-system-hack-attempted-to-turn-canada-dry-image_small-8-a-32122.jpg" align=right hspace=4><b>Hackers Said They Gained Access to Pumps, Chlorine Dosing and Pressure Settings</b><br>Canada's Communications Security Establishment, the Maple Leaf version of the U.S. National Security Agency, refreshed a warning to the cou

Bank Info Security
HIGHVulnerability

CISA KEV: Microsoft SharePoint Server — Microsoft SharePoint Server Deserialization of Untrusted Data Vulnerability

Microsoft SharePoint Server contains a deserialization of untrusted data vulnerability which allows an authorized attacker to execute code over a network.

CVE-2026-45659Microsoft SharePoint Server
CISA KEV
CRITICALVulnerability

NVD CRITICAL: CVE-2026-56700 — Grav CMS before 2.0.0-beta.2 contains multiple code-execution vulnerabilities. T...

Grav CMS before 2.0.0-beta.2 contains multiple code-execution vulnerabilities. Three unsafe unserialize() calls - in Scheduler\JobQueue, Framework\Cache\Adapter\FileCache, and Session - deserialize untrusted data without restricting allowed classes, enabling PHP object injection and, via a gadget chain, arbitrary code execution where an attacker controls the serialized input. Additionally, Install

CVE-2026-56700
NIST NVD
HIGHVulnerability

NVD HIGH: CVE-2026-56361 — ImageMagick before 7.1.2-19 contains an off-by-one error in morphology validatio...

ImageMagick before 7.1.2-19 contains an off-by-one error in morphology validation allowing out-of-bounds heap buffer reads. Attackers can trigger heap buffer overflow by providing incorrect morphology parameters causing single pixel memory access violations.

CVE-2026-56361
NIST NVD
HIGHVulnerability

NVD HIGH: CVE-2026-56350 — n8n before 2.8.0 contains an authentication bypass vulnerability allowing authen...

n8n before 2.8.0 contains an authentication bypass vulnerability allowing authenticated SSO users to disable SSO enforcement through the API. Attackers can create local password credentials to authenticate directly, bypassing organizational SSO policies and identity-provider-enforced multi-factor authentication.

CVE-2026-56350
NIST NVD
CRITICALVulnerability

NVD CRITICAL: CVE-2026-56278 — Flowise before 3.1.0 (affected versions 3.0.13 and earlier) uses a weak hardcode...

Flowise before 3.1.0 (affected versions 3.0.13 and earlier) uses a weak hardcoded default secret ('flowise') for the express-session middleware when the EXPRESS_SESSION_SECRET environment variable is not set (packages/server/src/enterprise/middleware/passport/index.ts). Because this default secret is publicly visible in the source code, an attacker can forge valid signed session cookies to imperso

CVE-2026-56278
NIST NVD
CRITICALVulnerability

NVD CRITICAL: CVE-2026-14120 — Inappropriate implementation in DevTools in Google Chrome prior to 150.0.7871.47...

Inappropriate implementation in DevTools in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Low)

CVE-2026-14120
NIST NVD
CRITICALVulnerability

NVD CRITICAL: CVE-2026-14109 — Insufficient policy enforcement in Mojo in Google Chrome prior to 150.0.7871.47 ...

Insufficient policy enforcement in Mojo in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Low)

CVE-2026-14109
NIST NVD
CRITICALVulnerability

NVD CRITICAL: CVE-2026-14106 — Insufficient validation of untrusted input in Text in Google Chrome on Android p...

Insufficient validation of untrusted input in Text in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Low)

CVE-2026-14106
NIST NVD
CRITICALVulnerability

NVD CRITICAL: CVE-2026-14104 — Insufficient validation of untrusted input in WebAppInstalls in Google Chrome pr...

Insufficient validation of untrusted input in WebAppInstalls in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Low)

CVE-2026-14104
NIST NVD
HIGHVulnerability

NVD HIGH: CVE-2026-14102 — Use after free in Passwords in Google Chrome prior to 150.0.7871.47 allowed a re...

Use after free in Passwords in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low)

CVE-2026-14102
NIST NVD
CRITICALVulnerability

NVD CRITICAL: CVE-2026-14101 — Insufficient policy enforcement in Sandbox in Google Chrome on Mac prior to 150....

Insufficient policy enforcement in Sandbox in Google Chrome on Mac prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Low)

CVE-2026-14101
NIST NVD
HIGHVulnerability

NVD HIGH: CVE-2026-14090 — Insufficient validation of untrusted input in CameraCapture in Google Chrome on ...

Insufficient validation of untrusted input in CameraCapture in Google Chrome on ChromeOS prior to 150.0.7871.47 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Low)

CVE-2026-14090
NIST NVD
CRITICALVulnerability

NVD CRITICAL: CVE-2026-13785 — Use after free in Bluetooth in Google Chrome on Mac prior to 150.0.7871.47 allow...

Use after free in Bluetooth in Google Chrome on Mac prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

CVE-2026-13785
NIST NVD
HIGHVulnerability

NVD HIGH: CVE-2026-13784 — Use after free in Views in Google Chrome prior to 150.0.7871.47 allowed a remote...

Use after free in Views in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)

CVE-2026-13784
NIST NVD
CRITICALVulnerability

NVD CRITICAL: CVE-2026-13783 — Use after free in Views in Google Chrome prior to 150.0.7871.47 allowed a remote...

Use after free in Views in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)

CVE-2026-13783
NIST NVD
CRITICALVulnerability

NVD CRITICAL: CVE-2026-13782 — Use after free in Browser in Google Chrome prior to 150.0.7871.47 allowed a remo...

Use after free in Browser in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

CVE-2026-13782
NIST NVD
CRITICALVulnerability

NVD CRITICAL: CVE-2026-13781 — Insufficient validation of untrusted input in Skia in Google Chrome prior to 150...

Insufficient validation of untrusted input in Skia in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

CVE-2026-13781
NIST NVD
CRITICALVulnerability

NVD CRITICAL: CVE-2026-13780 — Insufficient validation of untrusted input in ANGLE in Google Chrome prior to 15...

Insufficient validation of untrusted input in ANGLE in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

CVE-2026-13780
NIST NVD
HIGHVulnerability

NVD HIGH: CVE-2026-13777 — Insufficient validation of untrusted input in iOSWeb in Google Chrome on iOS pri...

Insufficient validation of untrusted input in iOSWeb in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)

CVE-2026-13777
NIST NVD
CRITICALVulnerability

NVD CRITICAL: CVE-2026-13776 — Type Confusion in Dawn in Google Chrome prior to 150.0.7871.47 allowed a remote ...

Type Confusion in Dawn in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

CVE-2026-13776
NIST NVD
CRITICALVulnerability

NVD CRITICAL: CVE-2026-13775 — Use after free in GPU in Google Chrome prior to 150.0.7871.47 allowed a remote a...

Use after free in GPU in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

CVE-2026-13775
NIST NVD
HIGHVulnerability

NVD HIGH: CVE-2026-13774 — Use after free in Extensions in Google Chrome prior to 150.0.7871.47 allowed an ...

Use after free in Extensions in Google Chrome prior to 150.0.7871.47 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. (Chromium security severity: Critical)

CVE-2026-13774
NIST NVD
LOWAi

Anthropic rolls out Sonnet 5 with near-Opus 4.8 performance at a lower price

Anthropic is now rolling out Sonnet 5, and it's almost as good as the Opus range, but it is designed to be cheaper than the company's flagship model. [...]

BleepingComputer
MEDIUMVulnerability

Google: Kremlin Expands AI-Backed Campaigns Across Europe, US

<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/google-kremlin-expands-ai-backed-campaigns-across-europe-us-image_small-4-a-32120.jpg" align=right hspace=4><b>GenAI Is Accelerating Propaganda, Planning and Content Creation</b><br>Google Threat Intelligence Group says Russia is expanding AI-enabled influence operations beyond Ukraine to target the European Union and NATO, relyin

Bank Info Security
LOWAi

Sonnet 5 Delivers AI Gains Without Frontier Model Scrutiny

<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/sonnet-5-delivers-ai-gains-without-frontier-model-scrutiny-image_small-6-a-32121.jpg" align=right hspace=4><b>Anthropic's Smaller Claude Model Improves Agents, Reduces Regulatory Risk</b><br>Anthropic's new Sonnet 5 boosts agentic performance and lowers costs while avoiding one challenge confronting the largest AI models: heighten

Bank Info Security
CRITICALVulnerability

NVD CRITICAL: CVE-2026-58449 — txtai through 9.10.0, fixed in commit 11b32da, exposes an API /reindex endpoint ...

txtai through 9.10.0, fixed in commit 11b32da, exposes an API /reindex endpoint whose function body parameter is resolved through txtai.util.Resolver, which performs __import__ and getattr on the caller-supplied dotted path with no allowlist. When the API is exposed with no TOKEN configured (authentication is opt-in, so all endpoints are unauthenticated) and the index is configured writable, a rem

CVE-2026-58449
NIST NVD
CRITICALVulnerability

NVD CRITICAL: CVE-2026-11541 — IBM WebSphere Application Server 9.0, and 8.5 and IBM WebSphere Application Serv...

IBM WebSphere Application Server 9.0, and 8.5 and IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 are affected by an HTTP request smuggling vulnerability.

CVE-2026-11541
NIST NVD
MEDIUMVulnerability

DICOM Toolkit Bugs Raise Medical Imaging Security Risks

<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/under-embargo-till-3pm-et-630-dicom-toolkit-bugs-raise-medical-imaging-security-risks-image_small-1-a-32114.jpg" align=right hspace=4><b>Common AI Tools Helped Researcher Discover Hidden Flaws</b><br>Several newly identified vulnerabilities in a DICOM toolkit used in medical-imaging software could expose patient information, crash

Bank Info Security
MEDIUMSupply Chain

Aikido Buys Root for $70M to Automate Open-Source Patching

<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/aikido-buys-root-for-70m-to-automate-open-source-patching-image_small-9-a-32118.jpg" align=right hspace=4><b>Deal Adds Hardened Packages, Automated CVE Fixes to Application Security Platform</b><br>Belgian software vendor Aikido Security acquired Boston-based Root for $70 million to embed automated vulnerability remediation into i

Bank Info Security
HIGHRansomware

Why Cyber Resilience Must Outpace AI-Driven Threats

<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/cyber-resilience-must-outpace-ai-driven-threats-image_small-9-a-32119.jpg" align=right hspace=4><b>Former National Cyber Director Chris Inglis Calls for Coalition Defense Strategy</b><br>Cybersecurity leaders must shift from information sharing to true collaboration as AI accelerates ransomware and nation-state threats. Halcyon's

Bank Info Security
MEDIUMAi

New BioShocking attack manipulates AI browser into data theft

A new prompt injection attack dubbed "BioShocking" could trick AI-powered browsers into treating real-world risky actions as part of a fictional scenario, causing them to ignore any safety guardrails. [...]

BleepingComputer
CRITICALVulnerability

Citrix patches a new NetScaler flaw with echoes of CitrixBleed

The bulletin includes six NetScaler issues, but attention is centered on a high-severity flaw with similarities to earlier actively exploited bugs. The post Citrix patches a new NetScaler flaw with echoes of CitrixBleed appeared first on CyberScoop .

CyberScoop
MEDIUMAi

Fake Bug Report Hijacks AI Coding Agents at Scale

"Agentjacking" is the latest demonstration of how easily attackers can exploit an AI agent's inability to differentiate between content and instructions.

Dark Reading
MEDIUMVulnerability

UK journalists and NGOs risk terrorism prosecutions under new security bill

MEE reports: New national security legislation being rushed through the UK&#8217;s parliament could criminalise British foreign correspondents and NGO workers engaging with designated state-backed groups, experts warn. The National Security (State Threats) Bill, which is moving through its final stages in parliament this week, hands the UK Home Secretary Shabana Mahmood sweeping powers to designat

DataBreaches.net
MEDIUMVulnerability

Microsoft accelerates quantum-safe roadmap as risks grow

Microsoft announced today that it is accelerating its quantum-safe security roadmap, saying advances in quantum computing are bringing the need to replace today's encryption standards sooner than previously expected. [...]

BleepingComputer
MEDIUMVulnerability

Scammers race to cash in on Venezuelan earthquake disaster

Scammers wasted no time exploiting Venezuela's devastating earthquake, with researchers uncovering 212 newly-registered relief-themed domains in just five days. Read more in my article on the Hot for Security blog.

Graham Cluley
LOWSupply Chain

Malicious PyPI packages give hackers control of Telegram bot servers

A campaign active since last November has been targeting Python developers building Telegram bots with trojanized Pyrogram forks that allow attackers to read arbitrary files on compromised servers. [...]

BleepingComputer
MEDIUMVulnerability

Attackers Hijack Exposed AI Endpoints to Power Offensive Ops

Attackers don't need any special authentication to reach a target endpoint — they just need to know where it is.

Dark Reading
MEDIUMVulnerability

Attackers Seize Exposed AI Endpoints to Power Offensive Ops

Threat actors don't need any special authentication to reach a target endpoint — they just need to know where it is.

Dark Reading
MEDIUMVulnerability

Trump budget boss Russell Vought open to re-staffing CISA

DHS Secretary Markwayne Mullin has been floating the idea of adding back 600 CISA personnel after deep Trump administration cuts. The post Trump budget boss Russell Vought open to re-staffing CISA appeared first on CyberScoop .

CyberScoop
HIGHVulnerability

NVD HIGH: CVE-2026-9836 — IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is affected by an in...

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is affected by an information disclosure vulnerability.

CVE-2026-9836
NIST NVD
CRITICALVulnerability

NVD CRITICAL: CVE-2026-7874 — IBM Langflow OSS 1.0.0 through 1.10.0 Langflow could allow disclosure of all sto...

IBM Langflow OSS 1.0.0 through 1.10.0 Langflow could allow disclosure of all stored credentials due to the use of a weak and reversible key derivation mechanism for encryption at rest.

CVE-2026-7874
NIST NVD
CRITICALVulnerability

NVD CRITICAL: CVE-2026-7873 — IBM Langflow OSS 1.0.0 through 1.10.0 allows authenticated attackers to execute ...

IBM Langflow OSS 1.0.0 through 1.10.0 allows authenticated attackers to execute arbitrary OS commands and read sensitive files including credentials, enabling complete system compromise and lateral movement.

CVE-2026-7873
NIST NVD
CRITICALVulnerability

NVD CRITICAL: CVE-2026-7871 — IBM Langflow OSS 1.0.0 through 1.10.0 allows users with Redis access to execute ...

IBM Langflow OSS 1.0.0 through 1.10.0 allows users with Redis access to execute arbitrary code with full application privileges, compromising all secrets, data, and system integrity.

CVE-2026-7871
NIST NVD
CRITICALVulnerability

NVD CRITICAL: CVE-2026-7803 — IBM Langflow OSS 1.0.0 through 1.10.0 could allow arbitrary code execution due t...

IBM Langflow OSS 1.0.0 through 1.10.0 could allow arbitrary code execution due to improper validation of flow nodes with missing or empty component type fields.

CVE-2026-7803
NIST NVD
CRITICALVulnerability

NVD CRITICAL: CVE-2026-7663 — IBM Langflow OSS 1.0.0 through 1.9.6 could allow unauthenticated attackers to ac...

IBM Langflow OSS 1.0.0 through 1.9.6 could allow unauthenticated attackers to access protected MCP project resources and execute MCP operations due to improper authorization enforcement in the Streamable MCP transport endpoint.

CVE-2026-7663
NIST NVD
CRITICALVulnerability

NVD CRITICAL: CVE-2026-13773 — IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 Approximately 50 generated C...

IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 Approximately 50 generated CORBA stub classes in WebSphere eXtreme Scale's ogclient.jar call ORB.string_to_object() on an attacker-controlled IOR string during Java deserialization, turning any unfiltered ObjectInputStream sink in WAS into outbound IIOP SSRF to an attacker-chosen host; when chained with the IBM ORB's getUserException class-instan

CVE-2026-13773
NIST NVD
CRITICALVulnerability

NVD CRITICAL: CVE-2026-13772 — IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 's Object Query Language eng...

IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 's Object Query Language engine resolves attacker-supplied class names via Class.forName() and invokes their constructors with no allow-list at three distinct sinks (SELECT NEW, enum literals, and reflection-based comparators); an authenticated remote attacker who can influence an application-built OQL query string can execute arbitrary construct

CVE-2026-13772
NIST NVD
HIGHVulnerability

NVD HIGH: CVE-2026-13759 — IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 ships three ObjectInputStrea...

IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 ships three ObjectInputStream subclasses (WsObjectInputStream, ObjectStreamPool$ReusableInputStream, ObjectInputStreamResolver) that install no JEP-290 class filter; when Coherence is on the classpath, multiple RCE gadget chains including RemoteConstructor.readResolve and PriorityQueue/ExtractorComparator are confirmed working, allowing a post-lo

CVE-2026-13759
NIST NVD
CRITICALVulnerability

NVD CRITICAL: CVE-2026-13449 — IBM Business Automation Manager Open Editions 9.0.0 through 9.4.2 is vulnerable ...

IBM Business Automation Manager Open Editions 9.0.0 through 9.4.2 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.

CVE-2026-13449
NIST NVD
HIGHVulnerability

NVD HIGH: CVE-2026-12084 — IBM UCD - IBM DevOps Deploy 8.1 through 8.1.2.6, and 8.2 through 8.2.1.0 uses Cr...

IBM UCD - IBM DevOps Deploy 8.1 through 8.1.2.6, and 8.2 through 8.2.1.0 uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain name is not being limited to only trusted domains.

CVE-2026-12084
NIST NVD
HIGHVulnerability

NVD HIGH: CVE-2026-11806 — IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 is affected...

IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 is affected by an arbitrary file read vulnerability with the restConnector-2.0 feature enabled.

CVE-2026-11806
NIST NVD
CRITICALVulnerability

NVD CRITICAL: CVE-2026-11714 — IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.7 is affected...

IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.7 is affected by a server-side request forgery vulnerability with the apiDiscovery-1.0 feature enabled.

CVE-2026-11714
NIST NVD
CRITICALVulnerability

NVD CRITICAL: CVE-2026-11712 — IBM WebSphere Application Server 9.0, and 8.5 is affected by a cross-site script...

IBM WebSphere Application Server 9.0, and 8.5 is affected by a cross-site scripting vulnerability in the administrative console help system.

CVE-2026-11712
NIST NVD
CRITICALVulnerability

NVD CRITICAL: CVE-2026-11708 — IBM WebSphere Application Server 9.0, and 8.5 is affected by a cross-site script...

IBM WebSphere Application Server 9.0, and 8.5 is affected by a cross-site scripting vulnerability in the administrative console's integrated help system.

CVE-2026-11708
NIST NVD
HIGHVulnerability

NVD HIGH: CVE-2026-11595 — IBM WebSphere Application Server 9.0, and 8.5 could allow a remote attacker to o...

IBM WebSphere Application Server 9.0, and 8.5 could allow a remote attacker to obtain sensitive information from the administrative console's integrated help system.

CVE-2026-11595
NIST NVD
CRITICALVulnerability

NVD CRITICAL: CVE-2026-11546 — IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.7 is affected...

IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.7 is affected by a server-side request forgery vulnerability with the adminCenter-1.0 feature enabled.

CVE-2026-11546
NIST NVD
CRITICALVulnerability

NVD CRITICAL: CVE-2026-10560 — IBM Langflow OSS 1.0.0 through 1.9.6 contains a missing authentication vulnerabi...

IBM Langflow OSS 1.0.0 through 1.9.6 contains a missing authentication vulnerability in /api/v1/build_public_tmp/ endpoints that allows an unauthenticated attacker to read build event data or cancel jobs using a valid job identifier, resulting in information disclosure and denial of service.

CVE-2026-10560
NIST NVD
CRITICALVulnerability

NVD CRITICAL: CVE-2026-10140 — IBM Langflow OSS 1.0.0 through 1.10.0 voice mode contains improper shared-state ...

IBM Langflow OSS 1.0.0 through 1.10.0 voice mode contains improper shared-state handling that allows reuse of API clients across tenant boundaries. An authenticated attacker can manipulate cache state to cause requests from other users to be processed using incorrect upstream API credentials, leading to cross-tenant billing and accountability misattribution.

CVE-2026-10140
NIST NVD
CRITICALVulnerability

NVD CRITICAL: CVE-2026-10134 — IBM Langflow OSS 1.0.0 through 1.9.3 allows an attacker to read every secret ava...

IBM Langflow OSS 1.0.0 through 1.9.3 allows an attacker to read every secret available to the Langflow process, read and modify every flow, conversation, message, file upload, and saved component in the Langflow database, can connect to internal services, abuse cloud metadata endpoints, laterally move to other tenants on the same Langflow instance, and Establish persistence by modifying the public

CVE-2026-10134
NIST NVD
CRITICALVulnerability

NVD CRITICAL: CVE-2026-10109 — IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to remote...

IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to remote code execution due to improper pre-auth DRDA handshake handling.

CVE-2026-10109
NIST NVD
MEDIUMVulnerability

CitrixBleed To Infinity And Beyond (Citrix NetScaler Pre-Auth Memory Overread CVE-2026-8451) - watchTowr Labs

[object Object]

CVE-2026-8451
r/cybersecurity
CRITICALVulnerability

NVD CRITICAL: CVE-2026-58138 — Orkes Conductor 3.21.21 before 3.30.2 contains an unauthenticated remote code ex...

Orkes Conductor 3.21.21 before 3.30.2 contains an unauthenticated remote code execution vulnerability that allows remote attackers to execute arbitrary OS commands by submitting inline workflow definitions containing malicious JavaScript or Python expressions to the workflow API endpoint prior to authentication. Attackers can exploit unsandboxed GraalVM evaluators configured with HostAccess.ALL or

CVE-2026-58138
NIST NVD
MEDIUMVulnerability

CIA chief highlights major shifts in agency’s tech approach

CIA Director John Ratcliffe said artificial intelligence capabilities are "akin to digital nuclear weapons.”

The Record
CRITICALZero Day

Nissan Traces Data Breach to PeopleSoft Zero-Day Exploit

<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/nissan-traces-data-breach-to-peoplesoft-zero-day-exploit-image_small-10-a-32113.jpg" align=right hspace=4><b>Extortionists Add National Association of Insurance Commissioners to Breach List</b><br>Japanese automotive giant Nissan and the U.S. National Association of Insurance Commissioners are the latest organizations to confirm t

Bank Info Security
LOWVulnerability

AI Models Trust Writing Style Over Security Labels

<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/ai-models-trust-writing-style-over-security-labels-image_small-10-a-32112.jpg" align=right hspace=4><b>Researchers Show Style-Based Prompts Bypass AI Safety Controls</b><br>Artificial intelligence chatbots decide which instructions to obey based on whether the text seems like it comes from a user, not the security labels meant to

Bank Info Security
MEDIUMMalware

Phishers Gain Persistence at EU, Asia Hospitality Orgs

Separate but similar campaigns described by Microsoft and Trend Micro use malicious zip files to spread malware via social engineering and obsfucation, including blockchain abuse.

Dark Reading
MEDIUMVulnerability

Digital Prime Technologies expands Tokenet to BitGo Bank &amp; Trust

Digital Prime Technologies, a provider of digital asset technology solutions and developer of Tokenet, today announced the completion of Tokenet's integration with BitGo Bank & Trust, National Association ("BitGo Bank & Trust"), an OCC-regulated digital asset trust bank and subsidiary of BitGo Holdings, Inc. (NYSE: BTGO) ("BitGo"), the digital asset infrastructure company.

Finextra
MEDIUMAi

Microsoft Warns Poisoned MCP Tool Descriptions Can Make AI Agents Leak Data

New Microsoft research shows how attackers can hijack AI agents that act on a user's behalf, using nothing more than a poisoned tool description to make the agent quietly hand over company data to an outsider. The trick is that the agent never breaks a rule. Every step looks routine, so in a default setup no alarm may fire. The work comes from Microsoft Incident Response and its

The Hacker News
MEDIUMMalware

RustDuck Botnet Rebuilds in Rust to Hijack Routers and Servers for DDoS

A new two-stage malware family called RustDuck is hijacking home routers, IP cameras, Android boxes, and poorly secured servers, then stitching them into a network built to knock websites and online services offline. Researchers at QiAnXin's XLab have tracked it since February 2026, and say the real story is not how big it is today, but how fast it is changing. The end goal is a

The Hacker News
MEDIUMVulnerability

Big payment names back new stablecoin

Visa, Mastercard, US Bank, Google and Coinbase are among dozens of firms backing Open USD, a new stablecoin slated to launch later this year.

Finextra
CRITICALVulnerability

NVD CRITICAL: CVE-2026-58172 — Ocelot through 24.1.0, fixed in commit f156fd4, contains a security control bypa...

Ocelot through 24.1.0, fixed in commit f156fd4, contains a security control bypass vulnerability that allows denied clients to circumvent IP-based access restrictions by sending WebSocket upgrade requests. The WebSocket upgrade pipeline branch configured via MapWhen in OcelotPipelineExtensions.cs omits SecurityMiddleware, causing requests from blocked IP addresses to be proxied to downstream servi

CVE-2026-58172
NIST NVD
CRITICALVulnerability

NVD CRITICAL: CVE-2026-58166 — OpenBMB ChatDev through 2.2.0, fixed in commit 4fd4da6, contains a path traversa...

OpenBMB ChatDev through 2.2.0, fixed in commit 4fd4da6, contains a path traversal vulnerability that allows unauthenticated remote attackers to write or delete arbitrary files by supplying a malicious multipart filename in the file upload endpoint. Attackers can send a crafted filename containing path traversal sequences or an absolute path to the POST uploads session endpoint, which constructs th

CVE-2026-58166
NIST NVD
MEDIUMVulnerability

House passes kids’ online safety bill, but Senate approval unlikely

The Kids Internet and Digital Safety (KIDS) Act passed with bipartisan support by a 267-117 margin, winning the two-thirds majority needed to greenlight the legislation under a process that speeds up a bill’s path to a vote but requires more than a simple majority.

The Record
CRITICALVulnerability

NVD CRITICAL: CVE-2026-48315 — ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Inpu...

ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. An attacker could exploit this vulnerability to inject malicious scripts into a web page, potentially gaining elevated access or control over the victim's account or session. Exploitation of this issue requires

CVE-2026-48315
NIST NVD
CRITICALVulnerability

NVD CRITICAL: CVE-2026-48313 — ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Limi...

ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary file system read and limited write access. An attacker could exploit this vulnerability to access sensitive files and directories outside the intended access scope. Exploitation of this issue does not require us

CVE-2026-48313
NIST NVD
CRITICALVulnerability

NVD CRITICAL: CVE-2026-48286 — Adobe Campaign Classic (ACC) versions 7.4.3 build 9396 and earlier are affected ...

Adobe Campaign Classic (ACC) versions 7.4.3 build 9396 and earlier are affected by an Incorrect Authorization vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed.

CVE-2026-48286
NIST NVD
CRITICALVulnerability

NVD CRITICAL: CVE-2026-48283 — ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Unrestricted ...

ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed.

CVE-2026-48283
NIST NVD
CRITICALVulnerability

NVD CRITICAL: CVE-2026-48282 — ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Limi...

ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed.

CVE-2026-48282
NIST NVD
CRITICALVulnerability

NVD CRITICAL: CVE-2026-48281 — ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Inpu...

ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed.

CVE-2026-48281
NIST NVD
CRITICALVulnerability

NVD CRITICAL: CVE-2026-48277 — ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Inpu...

ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed.

CVE-2026-48277
NIST NVD
CRITICALVulnerability

NVD CRITICAL: CVE-2026-48276 — ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Unrestricted ...

ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed.

CVE-2026-48276
NIST NVD
MEDIUMVulnerability

Kaspersky Lab experts have discovered a new attack vector and toolkit for compromising corporate Gmail accounts

Kaspersky Labs writes: It is used by the ToddyCat group. Kaspersky Lab experts have discovered a new attack vector and toolkit for compromising corporate Gmail accounts. Using this toolkit, attackers can access user accounts via an API, read conversations, and harvest data from calendars and other Google services while remaining undetected for extended periods of... Source

DataBreaches.net
CRITICALZero Day

Nissan Discloses Employee Data Breach Linked to Oracle Zero-Day

Nissan says employees' data was stolen via the Oracle PeopleSoft zero-day campaign

Infosecurity Magazine
CRITICALVulnerability

Langflow RCE Exploited to Deploy Monero Miner on Exposed AI App Endpoints

Threat actors are continuing to exploit a critical Langflow vulnerability as part of fresh attacks designed to deliver a Monero cryptocurrency miner. The activity has been found to weaponize CVE-2026-33017 (CVSS score: 9.3), an unauthenticated remote code execution (RCE) vulnerability in Langflow, indicating threat actors are scanning and targeting exposed artificial intelligence (AI)

CVE-2026-33017
The Hacker News
MEDIUMVulnerability

Fake Perplexity extension on Chrome Web Store tracked searches

A malicious extension in the Chrome Web Store is masquerading as the Perplexity AI answer engine, intercepting search traffic and collecting browsing information. [...]

BleepingComputer
MEDIUMVulnerability

Weekly Update 510: Live From Mallorca with Scott Helme

How&apos;s the view?! Back to business, it&apos;s now 8 years ago that Scott and I thought it would be a cool idea to build Why no HTTPS? We used the site to shame companies for not implementing their transport later security property, and to make it

Troy Hunt
MEDIUMVulnerability

Silent Swap Crypto Clipper Uses Fake Google Notes Extension to Replace Wallet Addresses

Cybersecurity researchers have flagged an active browser extension campaign that is designed to steal cryptocurrency by stealthily replacing wallet addresses when unsuspecting users initiate a transaction. The cryptocurrency clipper activity has been codenamed Silent Swap by McAfee Labs. "The campaign is delivered through unsigned installers – observed in both .NET and Golang variants – that

The Hacker News
MEDIUMAi

FactSet agrees AI partnership with Google Cloud

FactSet, a leading global data and AI solutions provider to the financial markets, today announced a multi-faceted strategic partnership with Google Cloud to create a new generation of AI-powered solutions for the financial industry.

Finextra
MEDIUMVulnerability

Loanch expands into Southeast Asia

Loanch, a Croatia-based marketplace for alternative lending-based investments, announces the addition of AhaPay to its marketplace. Loanch clients can access investment opportunities, expanding their exposure to the growing fintech sector in Southeast Asia.

Finextra
CRITICALVulnerability

DHS to unveil replacement council for critical infrastructure cybersecurity

The Department of Homeland Security is bringing back a key cybersecurity information sharing effort with critical infrastructure, more than a year after the Trump administration shuttered an existing nerve center between government and private sector. The Alliance of National Councils for Homeland Operational Resilience – Critical Infrastructure program,&#160;first reported by CyberScoop in Januar

CyberScoop
MEDIUMVulnerability

DOJ’s Using Advanced Data Analytics and AI Tools to Combat Healthcare Fraud Before Payment

The U.S. government has announced record-breaking Medicaid fraud charges as part of its 2026 National Health Care Fraud Takedown, with [&#8230;] The post DOJ’s Using Advanced Data Analytics and AI Tools to Combat Healthcare Fraud Before Payment appeared first on The HIPAA Journal .

HIPAA Journal
MEDIUMVulnerability

Google leads $30m round for space fintech Nebex

Google Ventures has led a $30 million seed round for Nebex, a market infrastructure platform for the "global space economy".

Finextra
MEDIUMVulnerability

The Human Element: Building A Trusted Workforce in the Age of DPRK Employment Fraud

From Nisos: Earlier this year, our DPRK employment fraud investigation revealed how North Korean operatives infiltrate US companies at industrial scale. In June, we released Part 2 of our research, featured on Nicole Perlroth&#8217;s &#8220;To Catch a Thief&#8221; podcast, that takes you inside the actual operations of a DPRK cell. When a suspicious candidate applied to... Source

DataBreaches.net
MEDIUMVulnerability

This month in security with Tony Anscombe – June 2026 edition

Three-day patching deadlines, exposed fuel-tank systems, scams costing billions of dollars, and social media bans for children all gave Tony plenty to unpack in June 2026

WeLiveSecurity (ESET)
MEDIUMVulnerability

FlexTrade integrates with EDX Markets for institutional-grade crypto trading

FlexTrade Systems, a global leader in multi-asset execution and order management systems, and EDX Markets (EDX), a leading digital asset technology firm that combines an institutional-only trading venue with a central clearinghouse, today announced the integration of EDX into FlexTrade’s crypto and digital assets trading solution, FlexDigitalAssets.

Finextra
MEDIUMVulnerability

GuardFall Exposes Open-Source AI Coding Agents to Decades-Old Shell Injection Risks

The safety check that is supposed to stop an AI coding agent from running a dangerous command can be walked straight past using a shell trick that has been public for decades. New research from Adversa AI, which is named the bypass GuardFall, found it works against ten of the eleven popular open-source coding and computer-use agents the firm tested. Only one, "Continue," was built to

The Hacker News
CRITICALVulnerability

NVD CRITICAL: CVE-2026-14241 — Memory safety bugs present in Firefox 152.0.3. Some of these bugs showed evidenc...

Memory safety bugs present in Firefox 152.0.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 152.0.4.

CVE-2026-14241
NIST NVD
MEDIUMVulnerability

EY fires staffers accused of accessing Australian PMs bank account

A pair of EY employees on assignment at Commonwealth Bank of Australia have been fired, with one facing criminal charges after allegedly accessing the bank account details of Prime Minster Anthony Albanese.

Finextra
MEDIUMVulnerability

Lessons from the Underground: How to Combat Business Email Compromise

Business Email Compromise is more than an email scam. It's a coordinated operation involving compromised accounts, financial research, and cash-out networks. Flare explores how underground forums reveal how BEC attacks are planned and executed. [...]

BleepingComputer
LOWVulnerability

The Hidden National Security Threat Inside AI-Driven Software

<div class="hs-featured-image-wrapper"> <a href="https://www.sonatype.com/blog/the-hidden-national-security-threat-inside-ai-driven-software" title="" class="hs-featured-image-link"> <img src="https://www.sonatype.com/hubfs/blog_hidden_national_security_threat.jpg" alt="Visual representation of a software stack with square and rectangular shapes layered on top of each other with an AI labelled box

Sonatype (Maven/npm)
CRITICALRansomware

BlueHammer Vulnerability Exploited in Ransomware Attacks

The Microsoft Defender vulnerability CVE-2026-33825 was exploited in the wild as a zero-day before patches were released. The post BlueHammer Vulnerability Exploited in Ransomware Attacks appeared first on SecurityWeek .

CVE-2026-33825
SecurityWeek
MEDIUMVulnerability

Standard Chartered secures MiCA and EMI license

Standard Chartered today announced that it has been granted authorisation under the European Union’s Markets in Crypto-Assets (MiCA) Regulation as well as an Electronic Money Institution (EMI), marking a significant milestone in the next phase of its Financing & Securities Services digital asset custody strategy in Europe.

Finextra
LOWVulnerability

The Fall of XSS Forum: From DaMaGeLaB to the 2025 takedown

Ransomnews has published a history and analysis of XSS Forum from its inception to its seizure in 2025. There is so much that is interesting and informative in their report that it&#8217;s hard to know what to mention here, but here are just two portions below: As an overview: XSS.is, the most influential Russian-language cybercrime... Source

DataBreaches.net
LOWVulnerability

An intelligence budget 'super user' job is now in the hands of Russ Vought

Russell Vought, director of the White House Office of Management and Budget (OMB), assumed hands-on responsibility for overseeing the spending plans of intelligence agencies following the recent departure of Amaryllis Fox Kennedy, a senior intelligence official who simultaneously served in multiple roles, including one at OMB.

The Record
MEDIUMVulnerability

282 iOS AI Apps Leak API Keys and Open AI Proxy Access in Network Traffic Study

Researchers tested 444 AI chatbot apps for iPhone and found that 282 of them, nearly two-thirds, exposed paid AI access through their network traffic. In many cases, the path in was visible just by watching what the app sent: a plaintext API key, a reusable token, or a backend server that accepted requests with no key at all. Whoever grabs it can send model requests on the developer's account,

The Hacker News
MEDIUMVulnerability

Sports prediction market Norvig picks Eventus trade surveillance tech

Eventus, a leading provider of comprehensive, at-scale trade surveillance and financial risk solutions, announced today that Novig, a leading sports prediction market in America, has deployed the Eventus Validus platform as the trade surveillance solution for its exchange.

Finextra
MEDIUMVulnerability

NCR Atleos extends ATM relationship with Shell UK Oil Products

NCR Atleos Corporation (NYSE: NATL) (“Atleos”), a leader in expanding self-service financial access for financial institutions, retailers and consumers, today announced an extension of its long-standing relationship with Shell UK Oil Products Limited, to operate ATMs across Shell’s forecourt network in the United Kingdom

Finextra
MEDIUMVulnerability

Gresham appoints Spiros Giannaros CEO

Gresham, a global leader in enterprise data automation for the financial services industry, today announced the appointment of Spiros Giannaros as Chief Executive Officer as the company enters its next phase of growth. Giannaros will succeed Mark Hepsworth, who will transition to a board role.

Finextra
LOWAi

TransferMate and onPhase embed cross-border payments into AP workflows

onPhase, an AI-powered platform that unifies finance and operations, and TransferMate, the world's leading provider of embedded B2B payments infrastructure, today announced a strategic partnership that expands onPhase's cross-border payment capabilities to support vendors and suppliers across North America and internationally, directly within the onPhase platform.

Finextra
CRITICALVulnerability

NVD CRITICAL: CVE-2026-8655 — Multiple Memory overflow vulnerabilities in NetScaler ADC and NetScaler Gateway ...

Multiple Memory overflow vulnerabilities in NetScaler ADC and NetScaler Gateway leading to unpredictable or erroneous behavior and Denial of Service if NetScaler ADC is configured as an LB of type Oracle OR NetScaler ADC is configured as a DNS Proxy OR NetScaler ADC is configured as a DNS recursive resolver deployment

CVE-2026-8655
NIST NVD
CRITICALVulnerability

NVD CRITICAL: CVE-2026-8452 — Memory overflow vulnerability NetScaler ADC and NetScaler Gateway leading to unp...

Memory overflow vulnerability NetScaler ADC and NetScaler Gateway leading to unpredictable or erroneous behavior and Denial of Service if the appliance is configured as a Gateway (SSL VPN, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server

CVE-2026-8452
NIST NVD
HIGHVulnerability

NVD HIGH: CVE-2026-8451 — Insufficient input validation in NetScaler ADC and NetScaler Gateway leading to ...

Insufficient input validation in NetScaler ADC and NetScaler Gateway leading to memory overread if NetScaler ADC or NetScaler Gateway is configured as a SAML IDP

CVE-2026-8451
NIST NVD
HIGHVulnerability

NVD HIGH: CVE-2026-58374 — In hostapd before 2.12, a missing bounds check in AP-mode Wi-Fi 7 (IEEE 802.11be...

In hostapd before 2.12, a missing bounds check in AP-mode Wi-Fi 7 (IEEE 802.11be) Multi-Link Operation (MLO) association request processing allows an unauthenticated attacker within wireless range to send a crafted management frame containing a malformed Multi-Link Element or Per-STA Profile subelement. In hostapd_process_ml_assoc_req() in src/ap/ieee802_11_eht.c, the received link_id field can be

CVE-2026-58374
NIST NVD
CRITICALVulnerability

NVD CRITICAL: CVE-2026-58116 — LLaMA-Factory through 0.9.5 contains a remote code execution vulnerability that ...

LLaMA-Factory through 0.9.5 contains a remote code execution vulnerability that allows attackers with WebUI access to execute arbitrary Python code by supplying a malicious model path in the Chat or Training interfaces. The application passes user-supplied model path input unvalidated into AutoTokenizer.from_pretrained() and AutoModel.from_pretrained() with a hardcoded trust_remote_code=True param

CVE-2026-58116
NIST NVD
CRITICALVulnerability

NVD CRITICAL: CVE-2026-58016 — A flaw was found in GLib. A state confusion issue exists in g_dbus_node_info_new...

A flaw was found in GLib. A state confusion issue exists in g_dbus_node_info_new_for_xml() in the gio/gdbusintrospection.c file when processing malformed D-Bus introspection XML, specifically with a <node> element nested within other elements like <method>, <signal>, <property> or <arg>. This issue can cause an unsigned integer overflow and lead to an out-of-bounds read, resulting in a denial of s

CVE-2026-58016
NIST NVD
HIGHVulnerability

NVD HIGH: CVE-2026-58015 — A flaw was found in GLib. The D-Bus client-side implementation of the DBUS_COOKI...

A flaw was found in GLib. The D-Bus client-side implementation of the DBUS_COOKIE_SHA1 SASL authentication mechanism does not validate the cookie_context parameter received from the server. A malicious D-Bus server can supply a cookie_context containing path traversal sequences, causing the client to read an arbitrary file and exfiltrate sensitive data by verifying guessed file contents against a

CVE-2026-58015
NIST NVD
HIGHVulnerability

NVD HIGH: CVE-2026-58014 — A flaw was found in GLib. An off-by-one error can occur in the g_key_file_get_lo...

A flaw was found in GLib. An off-by-one error can occur in the g_key_file_get_locale_string_list function in the gkeyfile.c file when loading a key file with an empty value. This flaw can cause an out-of-bounds access of 1 byte or a denial of service when the out-of-bounds access crosses a page boundary.

CVE-2026-58014
NIST NVD
HIGHVulnerability

NVD HIGH: CVE-2026-58013 — A flaw was found in GLib. A buffer over-read can occur in g_io_channel_read_line...

A flaw was found in GLib. A buffer over-read can occur in g_io_channel_read_line_backend() in the giochannel.c file when a custom line terminator with a length greater than one is set, causing memcmp to read past the GString buffer. This vulnerability can cause a minor information disclosure of 7 bytes or a denial of service when the buffer over-read crosses a page boundary.

CVE-2026-58013
NIST NVD
HIGHVulnerability

NVD HIGH: CVE-2026-58012 — A flaw was found in GLib. A buffer over-read can occur in the g_regex_replace fu...

A flaw was found in GLib. A buffer over-read can occur in the g_regex_replace function when used with the `G_REGEX_RAW` compile flag and case-change replacement escapes because the string_append function processes matched substrings using UTF-8 functions that assume valid UTF-8 input, even when the string is treated as raw bytes. This vulnerability can cause a minor information disclosure of 1-5 b

CVE-2026-58012
NIST NVD
HIGHVulnerability

NVD HIGH: CVE-2026-58011 — A flaw was found in GLib. An out-of-bounds read of only 2 bytes can occur in the...

A flaw was found in GLib. An out-of-bounds read of only 2 bytes can occur in the g_date_time_get_ymd function in the glib/gdatetime.c file when an invalid GDateTime object produced by the g_date_time_add_full function is processed. This flaw can corrupt the date output and potentially cause logic errors that may lead to a denial of service.

CVE-2026-58011
NIST NVD
HIGHVulnerability

NVD HIGH: CVE-2026-58010 — A flaw was found in GLib. An off-by-one error can occur in the gvs_tuple_is_norm...

A flaw was found in GLib. An off-by-one error can occur in the gvs_tuple_is_normal function in the glib/gvariant-serialiser.c file when doing an alignment padding check because the bounds check uses > instead of >=, causing an out-of-bounds read of only 1 byte. This issue can cause a minor information disclosure of 1 byte and a denial of service when the out-of-bounds read crosses a page boundary.

CVE-2026-58010
NIST NVD
HIGHVulnerability

NVD HIGH: CVE-2026-53433 — fzf is vulnerable to a Denial of Service (DoS) due to inefficient HTTP body proc...

fzf is vulnerable to a Denial of Service (DoS) due to inefficient HTTP body processing in the --listen mode due to inefficient HTTP body processing using repeated string concatenation, resulting in quadratic time complexity (O(n²)). A crafted POST request with many small segments can trigger excessive CPU usage during request handling.This allows a single malicious request to monopolize the single

CVE-2026-53433
NIST NVD
HIGHVulnerability

NVD HIGH: CVE-2026-53432 — fzf is vulnerable to Integer Overflow leading to crash in FuzzyMatchV2 function....

fzf is vulnerable to Integer Overflow leading to crash in FuzzyMatchV2 function. When input line length is approximately 2,200,000 bytes and pattern length is 999 bytes, the product overflows. The Go runtime detects the invalid slice bounds and terminates the process immediately with a non-recoverable panic. This issue was fixed in version 0.73.1.

CVE-2026-53432
NIST NVD
HIGHVulnerability

NVD HIGH: CVE-2026-44946 — A SAML authentication replay vulnerability in Rancher's Assertion Consumer Serv...

A SAML authentication replay vulnerability in Rancher's Assertion Consumer Service (ACS) handler did not enforce one-time use of SAML assertion, potentially allowing person in the middle attacks against Rancher, affecting Rancher 2.14.0 before 2.14.3,

CVE-2026-44946
NIST NVD
HIGHVulnerability

NVD HIGH: CVE-2026-13474 — Denial of service via malformed HTTP/2 requests in NetScaler ADC and NetScaler G...

Denial of service via malformed HTTP/2 requests in NetScaler ADC and NetScaler Gateway if HTTP/2 is enabled in HTTP Profile and associated with the virtual server (of type LB, CS, VPN) or the service configured on NetScaler

CVE-2026-13474
NIST NVD
HIGHVulnerability

NVD HIGH: CVE-2026-10817 — Insufficient input validation leading to memory overread in NetScaler ADC and Ne...

Insufficient input validation leading to memory overread in NetScaler ADC and NetScaler Gateway if the TCP TimeStamp is enabled in TCP Profile and is associated with the virtual server (of type LB, CS, VPN) or the service configured on NetScaler

CVE-2026-10817
NIST NVD
HIGHVulnerability

NVD HIGH: CVE-2026-10816 — Arbitrary File Read (Unauthenticated) in NetScaler ADC and NetScaler Gateway if ...

Arbitrary File Read (Unauthenticated) in NetScaler ADC and NetScaler Gateway if the access to NSIP, Cluster Management IP or SNIP with management access is enabled

CVE-2026-10816
NIST NVD
MEDIUMSupply Chain

Decades-Old Bash Tricks Expose AI Coding Agents to Supply Chain Attacks

Decades-old Bash shell tricks can bypass safeguards in most open source AI coding agents, potentially turning malicious repositories into supply chain attack vectors. The post Decades-Old Bash Tricks Expose AI Coding Agents to Supply Chain Attacks appeared first on SecurityWeek .

SecurityWeek
LOWVulnerability

AI-Generated Workflows Are a Silent Security Disaster

Teams are dealing with a truly dangerous problem — automation that works, but that no one understands.

Dark Reading
HIGHData Breach

Aflac Japan Data Breach Impacts 4.38 Million

Hackers accessed the insurance giant’s policyholder portal multiple times between June 15 and June 25. The post Aflac Japan Data Breach Impacts 4.38 Million appeared first on SecurityWeek .

SecurityWeek
MEDIUMVulnerability

Friendly fraud on the rise say enterprise merchants

Friendly fraud is intensifying across the payments landscape, with more than 83% of enterprise merchants reporting an increase over the past three years, according to the newly released 2026 Chargeback Field Report from Chargebacks911.

Finextra
MEDIUMVulnerability

RedotPay selects OpenPayd for stabelcoin payments

RedotPay, a global stablecoin-based payment fintech, has selected OpenPayd, a leading financial infrastructure provider, to enhance its treasury operations, multi-currency payments, and cross-border remittances for customers worldwide.

Finextra
HIGHData Breach

Insurance giant Aflac discloses data breach at Japan subsidiary

Sergiu Gatlan reports: American insurance giant Aflac has disclosed a new data breach after attackers breached its Japan subsidiary&#8217;s systems and stole personal and bank account information. Aflac (short for American Family Life Assurance Company) is a Fortune 500 company and the largest supplemental insurance provider in the United States, serving millions of customers in... Source

DataBreaches.net
MEDIUMVulnerability

Digital assets prime broker FalconX secures MiCA authorisation

FalconX, the leading institutional digital asset prime broker, today announced that FalconX Limited has received authorization under the European Union's Markets in Crypto-Assets Regulation (MiCA) from the Malta Financial Services Authority (MFSA).

Finextra
CRITICALVulnerability

NVD CRITICAL: CVE-2026-8402 — Improper neutralization of special elements used in an SQL command ('SQL injecti...

Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in Eksagate Electronic Engineering and Computer Industry Trade Inc. SYSGUARD 6001 allows Blind SQL Injection. This issue affects SYSGUARD 6001: from 2.0.2 before 6.1.16.0.  NOTE: The vendor was contacted and it was learned that the product is not supported.

CVE-2026-8402
NIST NVD
CRITICALVulnerability

NVD CRITICAL: CVE-2026-14162 — Hospital Queuing Management developed by Advantech has a Sensitive Data Exposure...

Hospital Queuing Management developed by Advantech has a Sensitive Data Exposure vulnerability, allowing unauthenticated remote attackers to access a specific URL to obtain API documentation.

CVE-2026-14162
NIST NVD
LOWVulnerability

The Realities of AI Video Surveillance

The Financial Times has a good article on how AI is changing the capabilities of video surveillance, with information from both Israel/Iran and Russia. I wrote about this sort of thing a few years ago, how AI enables mass spying in the way that computers and networks enabled mass surveillance. The interesting development in the article is that AI allows people to ask natural language questions abo

Schneier on Security
HIGHVulnerability

Attackers actively exploit the Oracle E-Business Suite flaw CVE-2026-46817

[object Object]

CVE-2026-46817
r/cybersecurity
MEDIUMVulnerability

Allina Health System to Pay $12.5 Million to Settle Pixel Litigation

Allina Health System, a nonprofit health system based in Minneapolis, Minnesota, that serves patients in Minnesota and Western Wisconsin, has [&#8230;] The post Allina Health System to Pay $12.5 Million to Settle Pixel Litigation appeared first on The HIPAA Journal .

HIPAA Journal
CRITICALPhishing

Schneider Electric EasyLogic T150 and Saitel DP RTU

<p><a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-181-04.json"><strong>View CSAF</strong></a></p> <h2>Summary</h2> <p><strong>Successful exploitation of these vulnerabilities can allow an attacker to cause unauthorized access and exposure of sensitive information when the unauthenticated attacker accesses credentials stored within firmware or system files.</

CVE-2026-9650CVE-2026-9651
CISA Advisories
CRITICALPhishing

OFFIS DCMTK Toolkit

<p><a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsma-26-181-01.json"><strong>View CSAF</strong></a></p> <h2>Summary</h2> <p><strong>Successful exploitation of these vulnerabilities could allow an attacker to write files, access unauthorized information, exhaust memory, or crash affected DCMTK client or server processes.</strong></p> <p>The following versions of O

CVE-2026-50003CVE-2026-50254
CISA Advisories
CRITICALPhishing

Mitsubishi Electric MELSOFT Update Manager SW1DND-UDM-M

<p><a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-181-01.json"><strong>View CSAF</strong></a></p> <h2>Summary</h2> <p><strong>Successful exploitation of these vulnerabilities could allow a local attacker to tamper with or destroy information in the affected product, cause a denial-of-service condition in the affected product, or execute arbitrary code when a

CVE-2025-53816CVE-2025-53817
CISA Advisories
CRITICALVulnerability

Schneider Electric EcoStruxure IT Data Center Expert

<p><a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-181-03.json"><strong>View CSAF</strong></a></p> <h2>Summary</h2> <p><strong>Schneider Electric is aware of a vulnerability in its EcoStruxure™ IT Data Center Expert. The EcoStruxure™ IT Data Center Expert product is a scalable monitoring software that collects, organizes, and distributes critical device infor

CVE-2026-8045
CISA Advisories
CRITICALPhishing

StoneFly Storage Concentrator

<p><a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-181-06.json"><strong>View CSAF</strong></a></p> <h2>Summary</h2> <p><strong>Successful exploitation of these vulnerabilities could allow attackers to gain broad unauthorized access, execute arbitrary commands with root privileges, steal sensitive data, and perform actions on behalf of legitimate users across

CVE-2026-56415CVE-2026-55721
CISA Advisories
CRITICALPhishing

Frangoteam FUXA SCADA/HMI

<p><a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-181-02.json"><strong>View CSAF</strong></a></p> <h2>Summary</h2> <p><strong>Successful exploitation of this vulnerability could allow an unauthenticated remote attacker to enumerate all user accounts and role assignments on a FUXA SCADA/HMI instance.</strong></p> <p>The following versions of Frangoteam FUXA S

CVE-2026-13207
CISA Advisories
CRITICALVulnerability

XZ Utils vulnerability impacting B&amp;R Products

<p><a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-181-05.json"><strong>View CSAF</strong></a></p> <h2>Summary</h2> <p><strong>An update is available that resolves vulnerability in the product versions listed as affected in the advisory. An attacker who successfully exploited this vulnerability could cause the product to stop or corrupt memory data.</strong><

CVE-2025-31115
CISA Advisories
MEDIUMVulnerability

Hacker Conversations: Chris Thompson, Former Head of IBM X-Force Red, Co-Founder of RemoteThreat

Chris Thompson's journey took him from hacking game controls as a teenager to founding IBM’s X-Force Red team. The post Hacker Conversations: Chris Thompson, Former Head of IBM X-Force Red, Co-Founder of RemoteThreat appeared first on SecurityWeek .

SecurityWeek
MEDIUMMalware

ClickFix Now Cybercriminals' Favorite Malware Delivery Technique

ReliaQuest report warns of a surge in ClickFix social engineering attacks against Windows and macOS users

Infosecurity Magazine
CRITICALPhishing

Delta Electronics DVP12SE PLC

<p><a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-181-07.json"><strong>View CSAF</strong></a></p> <h2>Summary</h2> <p><strong>Successful exploitation of these vulnerabilities could allow an attacker to remotely issue commands, modify operational values, interfere with control logic, and alter device behavior without authentication or privilege enforcement.</

CVE-2026-12819CVE-2026-12818
CISA Advisories
MEDIUMVulnerability

Supreme Court Rules Constitutional Privacy Protections Apply to Cellphone Users&#8217; Location History

The ruling was made in the case of a bank robber whose identity was discovered through a geofence warrant. The post Supreme Court Rules Constitutional Privacy Protections Apply to Cellphone Users&#8217; Location History appeared first on SecurityWeek .

SecurityWeek
LOWAi

Malicious Chromium extension spoofs Perplexity AI to hijack browser searches

Google has removed a malicious browser extension masquerading as Perplexity AI after Microsoft researchers found it was intercepting users’ search traffic and routing queries through attacker-controlled servers before forwarding them to legitimate search engines. Microsoft Threat Intelligence said the extension masqueraded as the AI-powered answer engine to trick users into installing it. Based on

CSO Online
MEDIUMVulnerability

What the Numbers Say About FIFA 2026 Cyber Risk

The FIFA World Cup 2026 opened on June 11. By that date, according to Check Point Research, the fraud infrastructure targeting it had already been built, staged, and partially deployed. Threat actor activity was pre-planned, months out, across three sectors and at least ten languages. Check Point Exposure Management published the FIFA World Cup 2026 Cyber Threat Report this month, covering

The Hacker News
CRITICALVulnerability

Exploitation of Recent Oracle E-Business Suite Vulnerability Begins

The critical-severity defect allows unauthenticated attackers to take over the E-Business Suite’s Payments product. The post Exploitation of Recent Oracle E-Business Suite Vulnerability Begins appeared first on SecurityWeek .

SecurityWeek
MEDIUMVulnerability

Real-time payments &#39;out-of-reach&#39; for most banks - survey

A lack of automation and the prevalence of manual processes means that the majority of banks are unable to offer real-time payments to their customers, suggests recently released research.

Finextra
MEDIUMVulnerability

SoftSolutions adds AI to fixed income trading platform

AI is now integrated into nexRates. SoftSolutions today announced that its flagship fixed-income trading platform ships with production-ready AI capabilities, giving traders the agility to move at the speed of the market.

Finextra
CRITICALMalware

Attackers Exploit SimpleHelp CVE-2026-48558 to Deploy TaskWeaver and Djinn Stealer

An unknown threat actor has been observed exploiting a recently disclosed maximum-severity security flaw in SimpleHelp to deliver two previously unreported malware families, TaskWeaver and Djinn Stealer. The intrusion involves the exploitation of CVE-2026-48558 (CVSS score: 10.0), a critical authentication bypass vulnerability impacting the OpenID Connect (OIDC) flow that an unauthenticated

CVE-2026-48558
The Hacker News
HIGHData Breach

Insurance giant Aflac discloses data breach after subsidiary hack

American insurance giant Aflac has disclosed a new data breach after attackers breached its Japan subsidiary's systems and stole personal and bank account information. [...]

BleepingComputer
CRITICALSupply Chain

Shipping post-quantum cryptography to Python

<p>Post-quantum cryptography is now one <code>pip-install</code> away for the entire Python ecosystem. With funding from the <a href="https://www.sovereign.tech/">Sovereign Tech Agency</a>, we implemented support for ML-KEM, the NIST-standard key-establishment primitive, and ML-DSA, the NIST-standard digital-signature primitive, in <code>pyca/cryptography</code>.</p> <p>On June 22, 2026, the White

Trail of Bits
LOWVulnerability

Mircosoft adds smarter bot protection to Teams meetings

Microsoft has introduced a new Teams admin policy that allows organizers to prevent third-party bots from joining meetings without approval. [...]

BleepingComputer
LOWVulnerability

Microsoft adds smarter bot protection to Teams meetings

Microsoft has introduced a new Teams admin policy that allows organizers to prevent third-party bots from joining meetings without approval. [...]

BleepingComputer
MEDIUMVulnerability

Fintech industry welcomes FCA&#39;s new crypto rules

The UK's financial regulator, the Financial Conduct Authority (FCA), has announced a new framework for regulating digital and crypto assets designed to bring the DeFi world into the mainstream.

Finextra
MEDIUMMalware

Hackers Leverage Blockchain to Hit Japan's Hotels Through Booking.com Phishing

A wave of phishing emails sent to Booking.com partner accommodations in Japan in May led to blockchain-hosted malware

Infosecurity Magazine
MEDIUMMalware

USB drives carrying China-linked malware infected Japanese military networks for nearly a year

Read more in my article on the Hot for Security blog.

Graham Cluley
CRITICALVulnerability

NVD CRITICAL: CVE-2026-9711 — The EventON - WordPress Virtual Event Calendar Plugin plugin for WordPress (full...

The EventON - WordPress Virtual Event Calendar Plugin plugin for WordPress (full) is vulnerable to SQL Injection via the WordPress 'search' parameter in versions up to, and including, 5.0.11 due to insufficient escaping on the user supplied parameter and lack of preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already

CVE-2026-9711
NIST NVD
MEDIUMVulnerability

LexisNexis and Promon partner for fraud prevention

LexisNexis&#174; Risk Solutions and Promon announced a strategic alliance to strengthen fraud prevention in mobile apps globally by combining access to LexisNexis&#174; ThreatMetrix&#174; digital identity, device, and behavioural intelligence with Promon Shield and Promon Insight in-app protection and trusted telemetry.

Finextra
MEDIUMVulnerability

Axiology goes live on blockchain Canton

Axiology is now operating as a live validator node on Canton network, the privacy-enabled blockchain network used by a significant share of the world's regulated financial institutions for tokenisation, settlement, and asset servicing. Applications deployed on Canton can now interact directly with Axiology's regulated issuance, custody and settlement infrastructure.

Finextra
HIGHData Breach

Data Breaches Reported by Amicus Solutions: Huntsville Hospital Health System

Amicus Solutions (Fedora Solutions) has been affected by a cybersecurity incident, and Huntsville Hospital has confirmed it was affected by [&#8230;] The post Data Breaches Reported by Amicus Solutions: Huntsville Hospital Health System appeared first on The HIPAA Journal .

HIPAA Journal
LOWApt

ToddyCat: your hidden email assistant. Part 2

An in-depth analysis of Umbrij, a new tool used by the ToddyCat APT group to compromise corporate email communications in Gmail. The attack targeted OAuth authorization tokens, allowing threat actors to gain access to Google services.

Securelist (Kaspersky)
MEDIUMAi

The AI Token Costs That Can Break Cybersecurity

As cybersecurity platforms embrace agentic AI, organizations must balance detection performance against the escalating costs of token consumption, deployment architecture, and AI credits. The post The AI Token Costs That Can Break Cybersecurity appeared first on SecurityWeek .

SecurityWeek
MEDIUMVulnerability

BR-DGE secures $10m funding round

BR-DGE, the high-growth payments technology company, has secured a &#163;10m funding round, along with a new growth investor, as it executes its international growth strategy.

Finextra
MEDIUMVulnerability

Tax compliance platform Reptune names CEO

Reptune has appointed Rolf van de Velde as Chief Executive Officer.

Finextra
MEDIUMAi

Parabellum acquires data firm Crux Informatics

Parabellum Investments, a leading investment firm specialising in enterprise software and fintech, today announced its acquisition of Crux Informatics, the industry-leading platform for AI-powered external data management.

Finextra
MEDIUMVulnerability

Kali Linux 2026.2 released with 9 new tools, NetHunter updates

Kali Linux 2026.2, the second release of the year, is now available for download, featuring 9 new tools and numerous Kali NetHunter improvements. [...]

BleepingComputer
HIGHRansomware

Blackfield ransomware asks Nidec Corporation for $2 million ransom

The Blackfield ransomware gang is asking for a $2 million ransom from Nidec Corporation, a large Japanese manufacturer of electronic components for automotive and computing applications. [...]

BleepingComputer
MEDIUMVulnerability

Digital bank Sygnum expands EU market access

Sygnum, a global digital asset banking group, is leveraging its global banking platform, products and operational experience across Switzerland, Singapore and the Middle East to scale its EU client base via a CASP authorisation for its Sygnum Europe subsidiary.

Finextra
MEDIUMVulnerability

June 2026 Apple Updates, (Tue, Jun 30th)

Apple released updates for iOS/iPadOS, macOS, and Safari on Monday. There have been no updates for other Apple operating systems (visionOS, watchOS, tvOS). Usually, Apple updates all products at the same time.&#xd;

SANS ISC
MEDIUMVulnerability

UK Healthcare Sector Records Tenfold Increase in Cyber-Attacks

SonicWall records 264,000 events in first five months of 2026 as UK hospitals come under siege

Infosecurity Magazine
MEDIUMApt

AirDrop and Quick Share Flaws Let Nearby Attackers Trigger Crashes and Bypass Checks

Two researchers have found six security flaws in AirDrop and Quick Share, the wireless features that beam files between nearby devices with no cables or shared network. An attacker within wireless range, with just a laptop and no prior connection, can crash the sharing service on a Mac or iPhone set to receive from anyone, with no tap or prompt. The same research found Quick Share flaws that

The Hacker News
HIGHData Breach

Nissan Employee Data Breached in Oracle PeopleSoft Hack

Only a handful of the 100 organizations targeted in the PeopleSoft campaign have been confirmed. The post Nissan Employee Data Breached in Oracle PeopleSoft Hack appeared first on SecurityWeek .

SecurityWeek
HIGHRansomware

How ransomware syndicates weaponize corporate-style organization

From outsourced labor to tiered pricing models, an inside look at how today's top ransomware threats operate less like rogue hackers and more like Fortune 500 companies. The post How ransomware syndicates weaponize corporate-style organization appeared first on CyberScoop .

CyberScoop
CRITICALRansomware

CISA: Windows BlueHammer flaw now exploited by ransomware gangs

CISA confirmed on Monday that ransomware gangs are now exploiting a Microsoft Defender privilege escalation vulnerability, dubbed BlueHammer, that has previously been abused in zero-day attacks. [...]

BleepingComputer
CRITICALMalware

Critical SimpleHelp Vulnerability Exploited for Malware Delivery

The threat actor is focused on collecting credentials, SSH keys, cryptocurrency wallets, and development tooling. The post Critical SimpleHelp Vulnerability Exploited for Malware Delivery appeared first on SecurityWeek .

SecurityWeek
HIGHData Breach

Washington Dept. Health &#038; Social Services Insider Breach Affects 8,600 Individuals

The Washington Department of Social and Health Services (DSHS) has identified an insider data breach involving unauthorized access to the protected [&#8230;] The post Washington Dept. Health &#038; Social Services Insider Breach Affects 8,600 Individuals appeared first on The HIPAA Journal .

HIPAA Journal
MEDIUMAi

New BioShocking Attack Tricks AI Browsers Into Leaking User Credentials

Convince an AI browser that it is playing a game, and it can hand over your login details. That is the finding behind BioShocking, a technique from security firm LayerX that tricked six AI browsers and assistants into copying a user's credentials and sending them to an attacker. The targets included OpenAI's ChatGPT Atlas, Perplexity's Comet, and Anthropic's Claude browser extension. An

The Hacker News
HIGHRansomware

Over 300 UK Firms Hit by Ransomware in a Year

Report Fraud data reveals that more than half of 323 UK ransomware victims last year were SMEs

Infosecurity Magazine
CRITICALVulnerability

Progress Kemp LoadMaster Flaw Could Let Attackers Run Root Commands Pre-Auth

A critical vulnerability in Progress Kemp LoadMaster can let an unauthenticated attacker execute arbitrary commands as root on the appliance by sending a crafted request to its API. The flaw, tracked as CVE-2026-8037, carries a CVSS score of 9.8 according to ZDI. A patch is available. If you run LoadMaster with the API enabled, update now. Progress published its advisory on June

CVE-2026-8037
The Hacker News
LOWAi

Apple Patches 30+ iOS, macOS, Safari Flaws, Including AI-Discovered WebKit Bugs

Apple on Monday released security updates for iOS, macOS, and the Safari web browser to address over three dozen flaws, including four vulnerabilities in WebKit that were discovered using artificial intelligence (AI) tools like Anthropic Claude and OpenAI Codex Security. The WebKit vulnerabilities are listed below - CVE-2026-43707 - A memory corruption issue that could result in an

CVE-2026-43707
The Hacker News
MEDIUMVulnerability

Quantifind Raises $200 Million for AI-Native Risk Intelligence

Quantifind will accelerate international expansion and extend its platform’s localized risk intelligence capabilities. The post Quantifind Raises $200 Million for AI-Native Risk Intelligence appeared first on SecurityWeek .

SecurityWeek
CRITICALVulnerability

NVD CRITICAL: CVE-2026-12073 — The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is ...

The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 5.9.9.5. This is due to the plugin not validating a `user_login` on registration forms that don't contain this parameter, and not properly handling the error messages. This makes it possible for unauthenticated attackers to ch

CVE-2026-12073
NIST NVD
LOWVulnerability

New Controller Flaws Expose Highway Signs and Billboards to Remote Hacking

CISA has published an advisory to inform organizations about three vulnerabilities found by a researcher in Daktronics controllers. The post New Controller Flaws Expose Highway Signs and Billboards to Remote Hacking appeared first on SecurityWeek .

SecurityWeek
CRITICALVulnerability

Oracle E-Business Suite Flaw CVE-2026-46817 Actively Exploited in the Wild

A critical security flaw impacting Oracle E-Business Suite has come under active exploitation in the wild, according to Defused Cyber. The vulnerability, tracked as CVE-2026-46817 (CVSS score: 9.8), refers to an improper privilege management and authentication flaw in Oracle Payments that could be abused to take over susceptible instances. "Easily exploitable vulnerability allows

CVE-2026-46817
The Hacker News
MEDIUMVulnerability

EIB issues DLT-native commercial paper on Clearstream platform

The European Investment Bank (EIB) has issued the first distributed ledger technology-native commercial paper on Clearstream’s D7 platform.

Finextra
MEDIUMVulnerability

Mastercard launches Africa Cybersecurity Centre of Excellence

Mastercard has unveiled a pan-African, multiyear initiative designed to strengthen cyber resilience across the continent.

Finextra
MEDIUMVulnerability

NIST Enrichment Reductions Impact CVE Coverage, Accuracy

The National Institute of Standards and Technology (NIST) scaled back the number of CVEs it selects for in-depth analysis, but the move has produced mixed results, according to researchers.

Dark Reading
HIGHData Breach

EXCLUSIVE: Top-100 Law Firm Fox Rothschild Suffers Data Breach and Leak by Silent Ransom Group

Fox Rothschild is a top-100 law firm whose articles and resources have been cited on DataBreaches.net and PogoWasRight.org dozens of times over the years. This time, however, they are the subject of a post because they were victims of a data breach by a well-known group that targets law firms. Introduction The group called Silent... Source

DataBreaches.net
MEDIUMVulnerability

How Cloud Security Risks Grow With Home-Based Care

As hospital-at-home programs expand and AI adoption accelerates, healthcare organizations face mounting cloud security demands. Anahi Santiago, CISO of ChristianaCare, discusses vendor accountability, identity management, clinical AI risks and the need for stronger cybersecurity foundations.

Bank Info Security
MEDIUMAi

Austria Urges Anthropic to Move to EU to Avoid US Controls

<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/austria-urges-anthropic-to-move-to-eu-to-avoid-us-controls-image_small-8-a-32106.jpg" align=right hspace=4><b>Mythos and Fable Export Controls Deprive EU of 'Cutting-Edge Innovation,' Security</b><br>Stung by the Trump administration's export controls on Anthropic's most powerful cyber-capable models, Mythos and Fable, the Austria

Bank Info Security
MEDIUMVulnerability

DHS Eyes 600 New Cybersecurity Hires, New Director for CISA

<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/dhs-eyes-600-new-cybersecurity-hires-new-director-for-cisa-image_small-10-a-32105.jpg" align=right hspace=4><b>DHS Secretary Says Agency Has Funding But Lacks Skilled Cybersecurity Personnel</b><br>Homeland Security Secretary Markwayne Mullin told lawmakers CISA has adequate funding but must hire roughly 600 cybersecurity professi

Bank Info Security
LOWVulnerability

CyberFox Purchases Timus to Bring SASE Capabilities to SMBs

<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/cyberfox-purchases-timus-to-bring-sase-capabilities-to-smbs-image_small-4-a-32104.jpg" align=right hspace=4><b>CEO David Bellini Says Remote Work Drives Demand for Always-On Secure Connectivity</b><br>CyberFox has acquired Tampa, Florida-based SASE startup Timus Networks to help small and midsize businesses replace legacy VPN and

Bank Info Security
CRITICALVulnerability

'Djinn' Stealer Targets Cloud, AI Credentials

The infostealer was delivered via CVE-2026-48558, a critical authentication bypass vulnerability in SimpleHelp, targeting credentials linking development and admin environments to wider enterprise systems.

CVE-2026-48558
Dark Reading
MEDIUMAi

Warner bill would create federally vetted list for secure, trustworthy AI agents

The bill empowers the FTC to create a registry for sellers of AI agent software certifying their privacy and cybersecurity protections. The post Warner bill would create federally vetted list for secure, trustworthy AI agents appeared first on CyberScoop .

CyberScoop
CRITICALVulnerability

Vulnerabilities Expose Private Data in Indian Government Systems

One critical vulnerability, among many discovered by a researcher, could have allowed anyone to walk in and take over a national government portal.

Dark Reading
MEDIUMVulnerability

Mphasis joins Microsoft Intelligent Security Association

Mphasis, (BSE: 526299; NSE: MPHASIS), a global AI-led, platform-driven technology solutions provider, today announced that it has become a member of the Microsoft Intelligent Security Association (MISA), an ecosystem of software development companies and security services partners that have integrated their solutions with Microsoft Security technology to better defend their mutual customers agains

Finextra
CRITICALZero Day

Nissan discloses employee data breach linked to Oracle zero-day attacks

Nissan is warning that it suffered a data breach affecting current and former employees after threat actors exploited an Oracle PeopleSoft vulnerability in data theft attacks previously linked to the ShinyHunters extortion group. [...]

BleepingComputer
CRITICALZero Day

NAIC says public data stolen in ShinyHunters' PeopleSoft breach

The National Association of Insurance Commissioners (NAIC) says the ShinyHunters extortion group stole only publicly available data, outdated logs, and configuration files after breaching its systems by exploiting a zero-day vulnerability in an Oracle PeopleSoft server. [...]

BleepingComputer
LOWVulnerability

CVE-2026-13762 and CVE-2026-13763 - Issue with HTTP/2 multi-frame request body inspection in AWS WAF

<p><b>Bulletin ID:</b> 2026-048-AWS<br> <b>Scope:</b> AWS<br> <b>Content Type:</b> Important (requires attention)<br> <b>Publication Date:</b> 06/29/2026 11:15 PM PDT</p> <p><b>Description:</b></p> <p>AWS WAF is a web application firewall that monitors the HTTP(S) requests that are forwarded to your protected web application resources. We identified CVE-2026-13762 and CVE-2026-13763, which are iss

CVE-2026-13762CVE-2026-13763
AWS Security Bulletins
MEDIUMVulnerability

Can Clothes Make You Invisible to Facial Recognition?

Does life feel Orwellian sometimes? One researcher has a solution for you: graphic tees that confuse the neural networks in surveillance cameras.

Dark Reading
MEDIUMVulnerability

Enterprise Tech In, Shell Out (Progress Kemp LoadMaster Uninitialized Heap to Pre-Auth RCE CVE-2026-8037) - watchTowr Labs

[object Object]

CVE-2026-8037
r/netsec
MEDIUMMalware

Iran, Russia, China Target Water Systems for Sabotage

Nation-state attackers breach water systems through weak passwords, exposed PLCs, and poor segmentation — not sophisticated malware.

Dark Reading
MEDIUMAi

New MCP Specifications Fix Security Issue But Open Many More

<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/new-mcp-specifications-fix-security-issue-but-open-many-more-image_small-3-a-32102.png" align=right hspace=4><b>Model Context Protocol Rewrite Leaves More Security Decisions to Developers</b><br>The new MCP specifications fix a long-standing weakness in how AI agents authenticate to external tools, but security experts say it shif

Bank Info Security
MEDIUMVulnerability

Russian Threat Actors Continue Signal and WhatsApp Targeting

<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/russian-threat-actors-continue-signal-whatsapp-targeting-image_small-2-a-32101.jpg" align=right hspace=4><b>Thousands of Victims Tricked Into Giving Attackers Account Access, Say Officials</b><br>Russian military hackers, foiled by end-to-end encryption in Signal and WhatsApp, have compromised thousands of people by tricking them

Bank Info Security
MEDIUMVulnerability

OMB, Commerce Lay Out Road Map for Post-Quantum Migration

<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/omb-commerce-lay-out-road-map-for-post-quantum-migration-image_small-8-a-32100.jpg" align=right hspace=4><b>Federal Investment Shifts From Research Toward Implementation</b><br>The Office of Management and Budget has issued a detailed road map requiring agencies to begin post-quantum cryptography implementation immediately, while

Bank Info Security
MEDIUMVulnerability

Justices rule that cellphone location histories are protected by the Fourth Amendment

Police must get a warrant to request geofence data involving individual cellphones, the U.S. Supreme Court ruled in what represents a victory for privacy advocates.

The Record
MEDIUMVulnerability

Malicious Perplexity Chrome Extension Intercepted Searches and Address Bar Input

Microsoft has found a malicious Chrome extension that posed as the AI search engine Perplexity and quietly logged what people searched for. It routed every query and every character typed into the address bar through an attacker-controlled server before redirecting users to real results. Microsoft says Google removed it from the store after responsible disclosure. The extension was called "

The Hacker News
MEDIUMVulnerability

NI: Updated warning to parents over schools cyber attack

Niall Glynn and Auryn Cox report: The number of schools in Northern Ireland affected by a recent cyber-attack is larger than previously thought. In a letter issued by the Education Authority (EA) on Thursday, some parents were warned that their child&#8217;s personal data may have been accessed. The EA said the letters were sent to 23 schools,... Source

DataBreaches.net
CRITICALVulnerability

NVD CRITICAL: CVE-2026-56782 — Gorse before 0.5.10 contains an authentication bypass vulnerability in the /api/...

Gorse before 0.5.10 contains an authentication bypass vulnerability in the /api/dump and /api/restore endpoints that allows unauthenticated attackers to access protected functionality when admin_api_key is empty, which is the default configuration. Remote attackers can exfiltrate the entire database including user records, items, and feedback data containing personally identifiable information, or

CVE-2026-56782
NIST NVD
CRITICALVulnerability

NVD CRITICAL: CVE-2026-11720 — A path traversal vulnerability exists in the HTTP tool URL builder of googleapis...

A path traversal vulnerability exists in the HTTP tool URL builder of googleapis/mcp-toolbox. When constructing downstream API requests, the URL builder substitutes user-controlled pathParams into the configured tool path and parses the resulting string as a relative URL. While it checks that the input does not alter the scheme, host, or user info, it relies on ResolveReference for the final URL

CVE-2026-11720
NIST NVD
HIGHData Breach

MOVEit Breach Defendants Lose 2nd Bid to Toss Negligence Claims

Christopher Brown reports: Bellwether defendants in multi-district litigation over a massive data breach of Progress Software’s MOVEit file-transfer application failed to convince a federal court to toss negligence claims against them under the laws of California, Indiana, Michigan, and Ohio. The defendants—Progress and several of its customers—argued that the claims were barred under the economic

DataBreaches.net
LOWVulnerability

WhatsApp rolls out usernames to help users hide their phone number

WhatsApp is finally allowing users to reserve usernames, a privacy feature that lets them hide their phone numbers from people not in their contact list. [...]

BleepingComputer
MEDIUMVulnerability

National Securities Clearing Corporation extends clearing hours

The Depository Trust & Clearing Corporation (DTCC), the premier post-trade market infrastructure for the global financial services industry, today announced that its subsidiary, the National Securities Clearing Corporation (NSCC), has extended its clearing hours to 24x5 availability, from Sundays at 8:00 PM ET to Fridays at 8:00 PM ET, supporting overnight trading activity from Alternative Trading

Finextra
MEDIUMVulnerability

Supreme Court approves mail-in ballots that arrive after Election Day

The ruling is a victory for election advocates who say the evidence overwhelmingly shows that voter fraud is rare and not tied to mail voting in general. The post Supreme Court approves mail-in ballots that arrive after Election Day appeared first on CyberScoop .

CyberScoop
HIGHVulnerability

NVD HIGH: CVE-2026-13752 — Improper neutralization of parameters in Snowflake CLI versions prior to 3.19 al...

Improper neutralization of parameters in Snowflake CLI versions prior to 3.19 allowed unintended SQL execution. An attacker could exploit this by supplying crafted values to vulnerable command paths, causing Snowflake CLI to execute unintended SQL in the context of the user’s Snowflake session. Successful exploitation required crafted values to reach vulnerable parameters, including through social

CVE-2026-13752
NIST NVD
CRITICALVulnerability

NVD CRITICAL: CVE-2026-13751 — Improper handling of untrusted remote references in Snowflake CLI versions prior...

Improper handling of untrusted remote references in Snowflake CLI versions prior to 3.19 allowed server-side request forgery. The SQL statement reader's !source/!load directives could reference remote URLs that were retrieved at runtime without sufficient restriction on the request destination. By supplying crafted SQL content processed through a vulnerable command path, an attacker could cause th

CVE-2026-13751
NIST NVD
MEDIUMVulnerability

Supreme Court delivers ‘major win’ for tech privacy in Chatrie ruling

Dissenting justices who criticized the ruling said it would have “seismic” implications for the Fourth Amendment. The post Supreme Court delivers ‘major win’ for tech privacy in Chatrie ruling appeared first on CyberScoop .

CyberScoop
MEDIUMVulnerability

Microsoft extends Windows Server 2022 hotpatching until October 2027

Microsoft has extended Windows Server 2022 hotpatching until October 2027, one year after the mainstream end date of October 2026. [...]

BleepingComputer
MEDIUMVulnerability

US racks up about 400 wins over illegal World Cup streaming sites

The World Cup’s organizing body, FIFA, helped identify hundreds of domains taken down in an action organized by the U.S., along with the help of U.S. broadcaster NBC Universal and other entities.

The Record
HIGHVulnerability

NVD HIGH: CVE-2026-41052 — Improper privilege handling could be used by users with Project Owner role to es...

Improper privilege handling could be used by users with Project Owner role to escalate privileges, in Rancher versions 2.14 before 2.14.2, 2.13 before 2.13.6, and 2.12 before 2.12.10.

CVE-2026-41052
NIST NVD
HIGHVulnerability

NVD HIGH: CVE-2026-13744 — Improper neutralization of attacker-controlled content in Snowflake CLI versions...

Improper neutralization of attacker-controlled content in Snowflake CLI versions prior to 3.19 allowed unintended SQL execution. By supplying crafted repository content, project configuration, manifest data, or specification input, an attacker could cause Snowflake CLI to execute unintended SQL in the context of the victim user's Snowflake session. Successful exploitation requires the victim to pr

CVE-2026-13744
NIST NVD
LOWSupply Chain

Inside the Advisory Database and what happens when vulnerability volume breaks records

The GitHub Advisory Database is processing more vulnerability reports than ever before. Here's what's driving the surge, how we're responding, and how the community can help. The post Inside the Advisory Database and what happens when vulnerability volume breaks records appeared first on The GitHub Blog .

GitHub Security Blog
MEDIUMVulnerability

WhatsApp is Finally Getting Usernames to Help Keep Phone Numbers Private

WhatsApp on Monday officially announced the start of global reservations of usernames with an aim to protect the privacy of more than three billion users on the messaging platform. The optional feature is designed to help users connect with someone on the service through usernames, as opposed to directly sharing their phone numbers. Username reservations will start rolling out starting today,

The Hacker News
HIGHVulnerability

Factoring RSA Keys with Many Zeros

Interesting research on a new class of weak RSA keys: keys with lots of zeros. It turns out that these keys are out in the wild. The badkeys project is an open-source service that checks public keys for known vulnerabilities. While developing this tool, Hanno collected a massive number of real-world keys from public sources, including Certificate Transparency logs, internet-wide TLS and SSH scans,

Schneier on Security
MEDIUMVulnerability

WhatsApp Rolling Out Username Feature to Bolster Phone Number Privacy

An optional ‘username key’ adds another layer by requiring a secondary credential before someone can message users. The post WhatsApp Rolling Out Username Feature to Bolster Phone Number Privacy appeared first on SecurityWeek .

SecurityWeek
MEDIUMVulnerability

Atom Bank sale nears collapse - FT

The sale of Atom Bank is on the verge of collapse after the digital challenger failed to attract offers at the &#163;600 million valuation sought by shareholders, according to the Financial Times.

Finextra
MEDIUMVulnerability

Paysafe joins Primer platform to streamline card payments for online merchants

Paysafe (NYSE: PSFE), a leading global payments platform, today announced its partnership with Primer, the unified infrastructure for global payments.

Finextra
MEDIUMAi

Cr&#233;dit Agricole completes agentic payment transaction

Cr&#233;dit Agricole, Mastercard and Worldline have carried out the first agentic payment transaction completed in production in France.

Finextra
MEDIUMVulnerability

US posts $10 million reward over Russian cyber campaign targeting Signal, WhatsApp

Russia-linked hacking groups tracked as UNC5792 and UNC4221 have socially engineered their way into the messaging accounts of government officials.

The Record
CRITICALVulnerability

NVD CRITICAL: CVE-2026-56290 — The Joomla extension Page Builder CK is vulnerable to an unauthenticated arbitra...

The Joomla extension Page Builder CK is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to full RCE.

CVE-2026-56290
NIST NVD
HIGHVulnerability

NVD HIGH: CVE-2026-55607 — Claude Code is an agentic coding tool. From 2.1.38 until 2.1.163, Claude Code's...

Claude Code is an agentic coding tool. From 2.1.38 until 2.1.163, Claude Code's worktree handling allowed creation of worktrees named ".git" and navigation to worktrees outside the sandbox context, enabling git directory confusion attacks. By exploiting symlink manipulation and git fsmonitor execution during worktree operations, an attacker could overwrite files in the user's home directory (such

CVE-2026-55607
NIST NVD
MEDIUMVulnerability

U.S. offers $10 million for hackers targeting WhatsApp, Signal users

The U.S. Department of State is offering up to $10 million for information that helps identify or locate members of the UNC5792 and UNC4221 hacker groups, which are linked to Russia's intelligence and military services. [...]

BleepingComputer
MEDIUMApt

Mustang Panda Uses Zoho WorkDrive as Command Channel in Indian Government Attacks

The China-aligned espionage group Mustang Panda is running two campaigns against the Indian government and hydropower targets, deploying new malware and turning a legitimate cloud service into its command channel. Acronis Threat Research Unit found active compromises inside Indian government networks, including machines used by senior administrative staff, and worked with

The Hacker News
MEDIUMAi

OpenAI Reveals GPT-5.6 Sol Cybersecurity Model, Restricts Early Access

OpenAI is previewing its GPT-5.6 Sol model to a vetted few at the US government's request

Infosecurity Magazine
MEDIUMVulnerability

Personetics embeds AI into Fiserv Experience Digital

As consumers and small businesses increasingly expect digital banking experiences that are more relevant, timely, and intuitive, Personetics, the Cognitive Banking platform, today announced that Personetics’ AI-driven platform is now embedded within Experience Digital (XD) from Fiserv, giving banks and credit unions new ways to deliver more personalized digital experiences to customers and members

Finextra
HIGHData Breach

South Florida Injury Centers; Chickasaw Nation Department of Health Report Data Breaches

A hacking incident has been reported by South Florida Injury Centers, and Chickasaw Nation Department of Health has discovered that [&#8230;] The post South Florida Injury Centers; Chickasaw Nation Department of Health Report Data Breaches appeared first on The HIPAA Journal .

HIPAA Journal
MEDIUMVulnerability

Remote Desktop Tools are the Front Door in Healthcare, and Hackers are Walking Through

There is some positive news from the data collected by cybersecurity firm SonicWall, as cyberattacks have declined by up to [&#8230;] The post Remote Desktop Tools are the Front Door in Healthcare, and Hackers are Walking Through appeared first on The HIPAA Journal .

HIPAA Journal
MEDIUMMalware

⚡ Weekly Recap: Linux Kernel Flaws, AI Malware Tricks, Turla Backdoor, Infostealers and More

This week was a reminder that attackers do not always need big tricks. One small mistake, one old access path, one missed patch, and suddenly the door is open. The noise is not all noise, either. Forums are talking, researchers are finding easy cracks, and defenders have more cleanup waiting. Here’s the full Monday recap. ⚡ Threat of the Week New DirtyClone Linux Kernel Flaw Lets Local

The Hacker News
MEDIUMVulnerability

N26 makes supervisory board appointments

N26 today announced the appointment of Marieke Flament and Dr. Andreas H. Tuczka as new members of its Supervisory Board.

Finextra
MEDIUMVulnerability

Telegram-Based Millenium RAT Campaign Infects 60,000 Devices

Group-IB says Millenium RAT, now rewritten in C++, has hit 62,289 devices in 160+ countries

Infosecurity Magazine
MEDIUMAi

Researchers Demo New Claude Code Attack Using Harmless-Looking Repositories to Hijack Developer Machines

Indirect prompts hidden in a repository can lead to Claude Code spawning a reverse shell on the developer’s machine. The post Researchers Demo New Claude Code Attack Using Harmless-Looking Repositories to Hijack Developer Machines appeared first on SecurityWeek .

SecurityWeek
HIGHVulnerability

NVD HIGH: CVE-2026-11979 — libxml2 is vulnerable to multiple stack-based buffer overflows in the xmlcatalog...

libxml2 is vulnerable to multiple stack-based buffer overflows in the xmlcatalog utility when running in --shell mode. The usershell() function processes user input using fixed-size stack buffers without proper bounds checking. By supplying an overly long input line, an attacker can overflow internal buffers (command, arg, and argv) during input parsing. This results in memory corruption within th

CVE-2026-11979
NIST NVD
MEDIUMAi

Straiker Raises $64 Million for AI Security Platform

The startup’s platform can identify AI agents and provide visibility into their access, behavior, and risks. The post Straiker Raises $64 Million for AI Security Platform appeared first on SecurityWeek .

SecurityWeek
LOWAi

Agentic AI Has an Identity Problem and Attackers Know It

AI agents can access data, trigger workflows, and take action across enterprise systems. Token Security explains why governing these privileged identities is becoming essential for enterprise security. [...]

BleepingComputer
MEDIUMAi

Straiker Raises $64M to Safeguard Autonomous AI Agents

<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/embargo-0629-9am-et-straiker-raises-64m-to-safeguard-autonomous-ai-agents-image_small-1-a-32093.jpg" align=right hspace=4><b>Series A Funding Supports Pre-Training, Reinforcement Learning for Security Models</b><br>AI security startup Straiker closed a $64 million Series A funding round to expand GPU infrastructure, develop specia

Bank Info Security
MEDIUMVulnerability

Healthcare Data Collaboration Gets a Boost From AI

<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/healthcare-data-collaboration-gets-boost-from-ai-image_small-5-a-32097.jpg" align=right hspace=4><b>Emids' CAIO on Why Healthcare Leaders Are Treating AI as an Enterprise Investment</b><br>Healthcare organizations are moving beyond debating AI's value and focusing on how to scale it. According to Emids' State of Healthcare AI in 2

Bank Info Security
CRITICALMalware

Critical SimpleHelp flaw exploited to deploy new stealer malware

Hackers are exploiting a recently disclosed critical vulnerability (CVE-2026-48558) in SimpleHelp to deploy Djinn Stealer, a previously undocumented cross-platform information stealer targeting Windows, macOS, and Linux. [...]

CVE-2026-48558
BleepingComputer
CRITICALVulnerability

Hackers now exploit critical Oracle E-Business flaw in attacks

Attackers have begun exploiting a critical vulnerability (CVE-2026-46817) in the Oracle E-Business Suite (EBS) financial application, according to threat intelligence company Defused. [...]

CVE-2026-46817
BleepingComputer
HIGHData Breach

Insurance Regulators Group NAIC Hit in Oracle PeopleSoft Hack

The ShinyHunters extortion group claims to have stolen 3.1 TB of data from the organization. The post Insurance Regulators Group NAIC Hit in Oracle PeopleSoft Hack appeared first on SecurityWeek .

SecurityWeek
LOWVulnerability

Ukraine to use seized crypto from cybercrime group to buy war bonds

Ukraine's Asset Recovery and Management Agency (ARMA), which manages property seized in criminal proceedings, said more than $8.3 million in cryptocurrency had been transferred to its official digital wallet following a court order.

The Record
LOWVulnerability

Trading Technologies launches multi-asset trade surveillance tools

Trading Technologies International, Inc. (TT), a global capital markets technology platform services provider, today announced a major upgrade to TT&#174; Trade Surveillance that includes a new Market Replay tool and an enhanced enterprise-level case management system user interface (UI) that significantly improve the workflow, speed and scope of surveillance cases across equities, futures and opt

Finextra
HIGHRansomware

UK businesses fear stigma of ransomware

Alex Scroxton reports: Fear of stigmatisation is likely leading businesses across the UK to drastically underreport data on ransomware attacks, especially when they have paid a ransom to a cyber criminal gang, as admission of such is often seen as supporting further criminal activity or defying compliance regulations. Data gleaned from the national Report Fraud service – which... Source

DataBreaches.net
LOWData Breach

Central Bank of Libya investigates alleged data leak after cyberattack

SafaAlharathy reports: Libya’s central bank (CBL) says it is investigating data published on the dark web following a recent cyberattack. In a statement, the bank said its technical teams, working with international experts, were analysing the data to determine its nature and whether it is linked to the attack reported earlier this month. The bank... Source

DataBreaches.net
HIGHData Breach

ZA: Copying the wrong person on an email could be considered a data breach in South Africa

Jan Vermeulen reports: Misdirected internal emails that expose personal information can trigger mandatory data breach reporting under South Africa’s data privacy law, POPIA, even when the disclosure was accidental. Armand Swart, Hlonelwa Lutuli, and Isabella Keeves from Werksmans Attorneys said an Information Regulator enforcement notice against Central Johannesburg TVET College confirmed this pos

DataBreaches.net
MEDIUMVulnerability

LSE warns of listed companies moving to US

Up to 200 companies could move their listings from the UK to the US, according to a 'worst case' scenario plan devised by the London Stock Exchange (LSE).

Finextra
HIGHAi

Modernizing Global Vulnerability Standards For The Age Of AI

As AI-driven vulnerability discovery accelerates, the cybersecurity ecosystem is being forced to examine whether the standards, disclosure processes, and prioritization frameworks defenders rely on can still keep pace. Many of those systems were built around human-speed discovery, manageable vulnerability volumes, and exploitability confirmed after the fact, which leaves them under increasing stra

Rapid7
MEDIUMVulnerability

Tabby secures licences in Saudi Arabia

Tabby, the financial services app, today announced it has received a consumer finance licence and SME finance licence from the Saudi Central Bank (SAMA).

Finextra
HIGHVulnerability

NVD HIGH: CVE-2026-41992 — GNU gzip contains a global buffer overflow vulnerability in the LZH decompressio...

GNU gzip contains a global buffer overflow vulnerability in the LZH decompression logic caused by improper reuse of shared global state between different decompression formats within a single execution. GNU gzip maintains a global array that is shared across the LZ77, LZW, and LZH decompression routines and is not reinitialized between files processed in the same invocation. By decompressing a spe

CVE-2026-41992
NIST NVD
MEDIUMVulnerability

Digital ID provider Wultra raises $7.75m in funding round

Wultra, a provider of post-quantum authentication and digital identity solutions for banks and fintechs, announced the completion of a €6.8 million Series A funding round.

Finextra
LOWVulnerability

Adding some Automation to the favicon.ico method of Host Recon, (Mon, Jun 29th)

I&&#x23&#x3b;x26&#x3b;&#x23&#x3b;39&#x3b;m in the throes of target host recon for another pentest, and thought I&&#x23&#x3b;x26&#x3b;&#x23&#x3b;39&#x3b;d share some workflow / automation stuff.&#xd;

SANS ISC
MEDIUMPhishing

236,000 DCloud Uni-App Sites Used in Crypto Scams, Phishing, and Wallet Drainers

New findings unearthed by Infoblox show that more than 236,000 websites are using investment scam templates built using a legitimate Chinese open-source, cross-platform application development framework called DCloud Uni-App. The templates power bogus cryptocurrency exchanges, multi-language pig-butchering operations, WhatsApp phishing networks, fake gambling platforms, brand-impersonation

The Hacker News
MEDIUMAi

Amazon Q VS Extension Flaw Leads to Cloud Credential Theft

Adversaries could plant a malicious repository that can execute arbitrary code and steal cloud credentials by exploiting the vulnerability, which showcases growing MCP risk.

Dark Reading
MEDIUMVulnerability

Sweden&#39;s Vermiculus makes executive appointments

Vermiculus Financial Technology today announced that the company’s Board of Directors and CEO have appointed Chris Dorougidenis as Chief Operating Officer (COO) and Henrik Rouet-Leduc as Deputy CEO.

Finextra
MEDIUMApt

Why Post-Quantum Cryptography Starts With Credentials

Today’s encrypted data, such as credentials, may no longer remain confidential in the future because the public-key cryptography protecting it will soon be broken by quantum computers. Although no machine today can break elliptic curve cryptography or RSA, quantum hardware is advancing rapidly and will inevitably change how organizations protect their data. Ciphertext and credentials captured by

The Hacker News
MEDIUMApt

Gamaredon Expands Ukraine Attacks with New Malware and Cloud Service Abuse

A Russian advanced persistent threat (APT) group has continued to evolve and expand its malware arsenal as part of its ongoing cyber onslaught against Ukraine throughout 2025. Slovakian cybersecurity company ESET said it observed 35 distinct spear-phishing campaigns mounted by Gamaredon against new targets, with most of them taking place in the second half of the year. Primary targets of these

The Hacker News
MEDIUMVulnerability

US seizes hundreds of FIFA World Cup illegal streaming domains

The U.S. Justice Department's Criminal Division has seized nearly 400 web domains used for illegally streaming matches at the FIFA World Cup. [...]

BleepingComputer
LOWVulnerability

&#8216;DirtyClone&#8217; Linux Kernel Vulnerability Leads to Root Access

A variant of DirtyFrag, the flaw allows unprivileged local users to manipulate the Linux page cache and gain root privileges. The post &#8216;DirtyClone&#8217; Linux Kernel Vulnerability Leads to Root Access appeared first on SecurityWeek .

SecurityWeek
MEDIUMVulnerability

Westpac appoints CIO

Australian bank Westpac has named Richard Heeley as chief information officer (CIO).

Finextra
MEDIUMVulnerability

Robot Police Officers

We&#8217;ve taken one small step towards robot police officers: a drone capable of disarming a suspect: In a June 22 video posted on the Sacramento County Sheriff’s Office’s Instagram page, an officer wearing goggles can be seen operating a drone to retrieve a knife from an armed suspect hiding inside a cluttered house. &#8220;After not responding to negotiators, a drone was deployed inside the re

Schneier on Security
MEDIUMVulnerability

Former ECB board member named as chair of Reform Technologies

Anti money laundering (AML) technology platform Reform Technologies has named Elizabeth McCaul as its new chair.

Finextra
MEDIUMAi

OpenAI and Anthropic Limit New AI Models to Trump-Approved Customers During Cybersecurity Review

ChatGPT maker OpenAI said Friday it is restricting the release of its new artificial intelligence model at the request of President Donald Trump’s administration. The post OpenAI and Anthropic Limit New AI Models to Trump-Approved Customers During Cybersecurity Review appeared first on SecurityWeek .

SecurityWeek
HIGHRansomware

The Gentlemen are knocking: сustom backdoors and evolving tactics

Kaspersky researchers analyze incidents related to The Gentlemen RaaS group, disclose their tools and TTPs, and find a new ransomware variant.

Securelist (Kaspersky)
HIGHData Breach

US Federal Insurance Regulator Confirms Data Breach Via Oracle Flaw

An attacker has exploited a zero day in Oracle Peoplesoft to gain access to the IT systems of the NAIC, the standard-setting association for the US federal insurance system

Infosecurity Magazine
MEDIUMVulnerability

Mynt plans $1.5bn IPO for Philippines mobile payment platform

Philippines-based fintech Mynt is planning the country's largest ever listing for its mobile wallet GCash.

Finextra
MEDIUMVulnerability

Maldives Premier Bank selects Finastra for international payments

Finastra, a global leader in financial services software, today announced that Maldives Premier Bank (MPB) has selected Finastra’s Financial Messaging API solution to drive a modern, digital-first approach to its international banking operations.

Finextra
MEDIUMAi

Shield extends agentic AI comms surveillance tool

Shield, the global Communication Risk Management platform for financial services, today added two new AI agents to AmplifAI, its agentic suite for digital communications surveillance and investigations.

Finextra
MEDIUMVulnerability

US Offers $10 Million Bounty for Russian State Hackers as Messaging App Attacks Evolve

UNC5792 and UNC4221 have been targeting US government officials, military leaders, and allied personnel. The post US Offers $10 Million Bounty for Russian State Hackers as Messaging App Attacks Evolve appeared first on SecurityWeek .

SecurityWeek
MEDIUMAi

Quantifind raises $200m for AI-powered risk management

Quantifind, the leader in AI-native Risk Intelligence for modern financial crime and national security operations, today announced a $200 million growth investment led by Summit Partners, with participation from existing investors Citi Ventures, S&P Global, Deloitte, and Stephens Group.

Finextra
HIGHRansomware

Russian Hackers Accused of Destructive Cyber-Attack on Jaguar Land Rover

Experts warn the Jaguar Land Rover breach bears hallmarks of Kremlin-backed hackers, citing novel ransomware, strategic timing and efforts to obscure attribution

Infosecurity Magazine
CRITICALVulnerability

What the post-quantum executive order really demands of CISOs

ith federal PQC deadlines set for 2030 and 2031, CISOs face a multi-year transformation program that most organizations have not yet started. The window for orderly execution is narrowing fast. The post What the post-quantum executive order really demands of CISOs appeared first on CyberScoop .

CyberScoop
MEDIUMVulnerability

Inside the inbox: Why cybercriminals want to break into your email account

Your inbox is an identity system all of its own: whoever owns it may own a lot more

WeLiveSecurity (ESET)
MEDIUMMalware

Microsoft Removes 119 Edge Extensions That Hid Malware in Images and Fonts

Microsoft has shut down a long-running malicious extension operation on the Edge Add-ons store that hid its payloads inside ordinary image and font files, then woke up days after install to steal credentials and run ad fraud. The company calls it StegoAd, a mash-up of steganography and adware, and ties 119 extensions to a single threat actor it says has been active since at least 2021.

The Hacker News
MEDIUMPhishing

FBI Sounds Alarm Over Russian Intelligence Signal Phishing

The FBI claims Russian spies are targeting Signal backup keys

Infosecurity Magazine
MEDIUMAi

OpenAI Unveils GPT-5.6 Sol as Its Most Advanced Cybersecurity AI

The company says Sol matches competing systems like Mythos Preview while using only a third of the output tokens. The post OpenAI Unveils GPT-5.6 Sol as Its Most Advanced Cybersecurity AI appeared first on SecurityWeek .

SecurityWeek
CRITICALVulnerabilityPOC

Public PoC Released for Critical libssh2 CVE-2026-55200 Client-Side SSH Flaw

A public proof-of-concept is now out for CVE-2026-55200, a critical flaw in libssh2 that lets a malicious or compromised SSH server trigger memory corruption on a connecting client, with possible code execution. No credentials, no user interaction. The bug affects every release up to and including 1.11.1 and carries a CVSS 4.0 score of 9.2. libssh2 is a client-side SSH library, not a server.

CVE-2026-55200
The Hacker News
MEDIUMSupply Chain

Hijacked npm and Go Packages Use VS Code Tasks to Deploy Python Infostealer

Cybersecurity researchers have uncovered two hijacked npm packages and a cluster of Go packages that are designed to deploy a Python-based information stealer on compromised Windows, Linux, and macOS hosts. "This attack avoids the most common npm execution paths through lifecycle scripts, perhaps in an attempt to remain 'compatible' with npm v12's security hardenings," JFrog said in a

The Hacker News
MEDIUMVulnerability

Canadian fintech Float raises C$85m

Canadian business finance platform Float Financial has raised C$85 million (US$60 million) in a Series C funding round led by Inovia Capital with participation from Goldman Sachs.

Finextra
MEDIUMAi

Snyk VulnBench JS 1.0: Can LLMs Find the Same Bugs Twice?

Snyk VulnBench JS 1.0: 300 repeated scans show LLM security findings vary by run, while SAST and models catch different vulnerability gaps.

Snyk
HIGHVulnerability

CISA KEV: SimpleHelp SimpleHelp — SimpleHelp Authentication Bypass Vulnerability

SimpleHelp contains an authentication bypass vulnerability in the OIDC authentication flow. When OIDC authentication is configured, identity tokens submitted during login are accepted without verifying their cryptographic signature. In a vulnerable configuration, a remote, unauthenticated attacker can submit a forged token containing arbitrary identity claims to obtain a fully authenticated technician session. In some configurations, this may also allow bypass of multi-factor authentication.

CVE-2026-48558SimpleHelp SimpleHelp
CISA KEV
HIGHData Breach

A KDDI data breach has put up to 14.2 million ISP email logins at risk across Japan

James Whitmore reports: Data breach at Japanese telecoms operator KDDI may have exposed up to 14.22 million email addresses and passwords linked to ISP mail services, after attackers gained unauthorised access to a system used by six providers in Japan. KDDI said it confirmed the incident on 17 June 2026, repaired the affected system the same day,... Source

DataBreaches.net
HIGHData Breach

Data breach exposes up to 14.2 million email logins at six ISPs

Japanese telecommunications operator KDDI Corporation disclosed a data breach where threat actors gained access to one of its email systems used by five other internet service providers (ISPs) in the country. [...]

BleepingComputer
HIGHData Breach

AssuranceAmerica breach may have affected more than 1.1 million people in seven states

Krys Shahin and Christopher Buchanan report: State officials are warning at least 1.1 million people across seven states may be impacted by an AssuranceAmerica data breach. Notices about the breach were sent to California, Massachusetts, Nebraska, South Carolina, Texas, Vermont, and Washington residents Friday. AssuranceAmerica Managing General Agency, LLC, said they detected &#8220;suspicious act

DataBreaches.net
MEDIUMData Breach

NZ pharmacy scrambles to scrub internet of patients&#8217; private messages

Mary Argue reports: A Wellington pharmacy at the centre of a data leak says sensitive patient information has now been scrubbed from the internet. Unichem Petone said it was contacting 29 patients affected by what it described as an error on the website that saw patients&#8217; private messages to the pharmacy via its &#8216;contact us&#8217;... Source

DataBreaches.net
HIGHVulnerability

NVD HIGH: CVE-2026-13484 — A vulnerability has been found in MLflow up to 4666cffc7912ea606d592fc38d6a75e29...

A vulnerability has been found in MLflow up to 4666cffc7912ea606d592fc38d6a75e2935f65e7. The impacted element is an unknown function of the component Experiment-scoped Label Schema CRUD API. Such manipulation leads to missing authorization. It is possible to launch the attack remotely. A high complexity level is associated with this attack. The exploitability is regarded as difficult. The exploit

CVE-2026-13484
NIST NVD
MEDIUMVulnerability

YARA-X 1.18.0 and 1.19.0 Release, (Sun, Jun 28th)

YARA-X&&#x23&#x3b;x26&#x3b;&#x23&#x3b;39&#x3b;s 1.18.0 release brings 3 improvements and 2 bugfixes.&#xd;

SANS ISC
CRITICALVulnerability

NVD CRITICAL: CVE-2026-58053 — Gitea act_runner with the Docker backend (through act 0.262.0) passes a workflow...

Gitea act_runner with the Docker backend (through act 0.262.0) passes a workflow's container.options string to the Docker job container's HostConfig and, when configured with privileged: false, forces only the Privileged flag off while merging options such as --pid=host, --cap-add, and --security-opt unchanged. A user who can run a workflow on a Docker-backed runner can create a job container with

CVE-2026-58053
NIST NVD
HIGHVulnerability

NVD HIGH: CVE-2026-58050 — libssh2 through 1.11.1 reads an attacker-controlled 32-bit attribute count from ...

libssh2 through 1.11.1 reads an attacker-controlled 32-bit attribute count from a publickey-subsystem response and uses it in the allocation num_attrs * sizeof(libssh2_publickey_attribute) without bounds checking, so on 32-bit platforms the multiplication overflows to an undersized buffer. A malicious SSH server can then drive the attribute-parsing loop to write past the allocation, causing a heap

CVE-2026-58050
NIST NVD
HIGHVulnerability

NVD HIGH: CVE-2026-58049 — FFmpeg's RASC video decoder (decode_dlta in libavcodec/rasc.c) performs 32-bit r...

FFmpeg's RASC video decoder (decode_dlta in libavcodec/rasc.c) performs 32-bit reads and writes at the row cursor before the NEXT_LINE row-boundary check and validates the DLTA region in pixel rather than byte units, so a DLTA run on a PAL8 frame can access several bytes past the row allocation. A crafted media stream using the RASC FourCC, decoded by libavcodec, triggers a bitstream-controlled ou

CVE-2026-58049
NIST NVD
MEDIUMVulnerability

Ukraine Says Russian Intelligence Used Fake Support Texts to Steal Messaging Credentials

The Security Service of Ukraine (SSU) said it, together with the U.S. Federal Bureau of Investigation (FBI), uncovered a long-running campaign orchestrated by Russian intelligence services to break into the messaging accounts of government officials, military personnel, politicians, and activists in Ukraine, Europe, and the U.S. The systematic cyber attacks aimed at stealing sensitive

The Hacker News
MEDIUMAi

Clean GitHub repo tricks AI coding agents into running malware

An agentic coding tool tasked with cloning and setting up a seemingly benign GitHub repository could execute a malicious payload that remains invisible to security scanners, AI agents, and human reviewers. [...]

BleepingComputer
MEDIUMAi

OpenAI Previews GPT-5.6 Sol With Restricted Access and Stronger Cyber Safeguards

OpenAI on Friday released three versions of GPT-5.6, called Sol, Terra, and Luna, as a limited preview to a small number of companies as part of an ongoing engagement with the U.S. government. While Sol is the latest flagship model and the most powerful, Terra strikes a balance between efficiency and power, and Luna is fine-tuned for speed and affordability. "GPT‑5.6 Sol launches with our most

The Hacker News
MEDIUMVulnerability

Chinese Framework Powers 200,000 Scam Sites

Threat actors are selling investment scam templates created using the legitimate DCloud Uni-App toolkit. The post Chinese Framework Powers 200,000 Scam Sites appeared first on SecurityWeek .

SecurityWeek
MEDIUMVulnerability

NAIC suspends investment risk designations after cyber attack

The National Association of Insurance Commissioners (NAIC) is the U.S. standard-setting and regulatory support organization. It is governed by the chief insurance regulators from the 50 states, the District of Columbia, and five U.S. territories. The organization serves the public interest by setting standards and regulatory best practices, acting as a forum to exchange information,... Source

DataBreaches.net
HIGHRansomware

Third-Party Breaches Teach Education Sector a Costly Lesson in Vendor Risk

Rising threats from third-party actors are forcing institutions to play defense to protect student data from ransomware and other attacks.

Dark Reading
CRITICALVulnerability

NVD CRITICAL: CVE-2026-12415 — The Invoice Generator plugin for WordPress is vulnerable to privilege escalation...

The Invoice Generator plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the pravel_invoice_edit_account() AJAX action in versions up to, and including, 1.0.0. The handler is exposed via wp_ajax_nopriv_pravel_invoice_edit_account, accepts an attacker-controlled user_id and user_email from POST data, and calls wp_update_user() without verifying authentic

CVE-2026-12415
NIST NVD
CRITICALZero Day

Hackers exploit critical PTC Windchill PLM software flaw

Hackers are exploiting a critical vulnerability recently patched in PTC Windchill and FlexPLM, two product lifecycle management solutions used by organizations across a range of industries, including defense, aerospace, automotive, medical, electronics, industrial machinery, and consumer goods. The vulnerability, tracked as CVE-2026-12569 , is an unsafe deserialization flaw that enables remote cod

CVE-2026-12569
CSO Online
CRITICALAi

OpenAI Limits GPT-5.6 Rollout at US Government's Request

<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/openai-limits-gpt-56-rollout-at-us-governments-request-image_small-7-a-32092.jpg" align=right hspace=4><b>Enterprise Users Face Delayed Access as Trusted Partners Get Early Preview</b><br>OpenAI limited its release of GPT-5.6 to a short list of users after the Trump administration requested access to the model and the list of user

Bank Info Security
CRITICALSupply Chain

Post-Quantum Security Spurs National Sovereignty Thinking

<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/post-quantum-security-spurs-national-sovereignty-thinking-image_small-10-a-32095.jpg" align=right hspace=4><b>AI Export Controls Expose Hidden Risks to Post-Quantum Cryptography Migrations</b><br>Security leaders warn that post-quantum cryptography migration is creating new dependencies on foreign vendors, hyperscalers and supply

Bank Info Security
LOWMalware

Malware-Laced USBs Breach Japanese Military Networks

<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/malware-laced-usbs-breach-japanese-military-networks-image_small-10-a-32094.jpg" align=right hspace=4><b>Reused USB Drives Linked to China Spread Malware to Private Sector</b><br>Counterfeit flash drives embedded with a Chinese-linked computer virus and used by the Japanese army are now dispensing malware throughout other secure n

Bank Info Security
LOWPhishing

FBI: Russian hackers now target Signal backup recovery keys

The FBI and CISA are warning that a phishing campaign targeting Signal users tied to Russian intelligence services has evolved to steal Signal Backup Recovery Keys, allowing attackers to access victims' historical messages. [...]

BleepingComputer
HIGHRansomware

Russian Hackers Behind the $2.5 Billion Jaguar Land Rover Cyberattack, Investigators Say

Rex Edison reports A single cyberattack dented an entire country&#8217;s GDP. The Cyber Monitoring Centre estimates that the ransomware assault on Jaguar Land Rover cost the UK economy £1.9 billion — roughly $2.5 billion — rippling through more than 5,000 businesses and dragging car production to levels not seen since 1952. The Bank of England flagged the damage in its economic outlook. Now, after

DataBreaches.net
HIGHVulnerability

NVD HIGH: CVE-2026-54353 — Budibase is an open-source low-code platform. Prior to 3.39.9, authenticated use...

Budibase is an open-source low-code platform. Prior to 3.39.9, authenticated users with automation permissions can bypass Budibase's SSRF blacklist through DNS rebinding. The outbound fetch flow validates a hostname against the blacklist before the request is sent, but the actual socket connection later performs a separate DNS lookup through node-fetch. Since the validated IPs are never pinned to

CVE-2026-54353
NIST NVD
CRITICALVulnerability

NVD CRITICAL: CVE-2026-54351 — Budibase is an open-source low-code platform. Prior to 3.39.9, the webhook trigg...

Budibase is an open-source low-code platform. Prior to 3.39.9, the webhook trigger endpoint in Budibase is publicly accessible and passes the full HTTP request body into automation execution parameters. A mass assignment vulnerability in externalTrigger() allows an attacker to overwrite the internal appId property by including it in the webhook POST body. When the automation is processed asynchron

CVE-2026-54351
NIST NVD
CRITICALVulnerability

NVD CRITICAL: CVE-2026-54350 — Budibase is an open-source low-code platform. Prior to 3.39.12, an unauthentica...

Budibase is an open-source low-code platform. Prior to 3.39.12, an unauthenticated visitor of any published Budibase app reads every document of the backing MongoDB, CouchDB, Elasticsearch, DynamoDB-PartiQL, or REST-with-JSON-body collection and, where the builder has published a PUBLIC write query, modifies every document of that collection with one HTTP request. enrichContext at packages/server

CVE-2026-54350
NIST NVD
CRITICALVulnerability

NVD CRITICAL: CVE-2026-50137 — Budibase is an open-source low-code platform. Prior to 3.39.0, an anonymous atta...

Budibase is an open-source low-code platform. Prior to 3.39.0, an anonymous attacker who knows or can enumerate a workspace id (app_...) and an S3-source datasource id (ds_...) can call this endpoint with no auth and obtain a 15-minute pre-signed PUT URL minted on the victim's IAM identity. The endpoint also returns the publicUrl so the attacker knows exactly where their PUT lands. Because bucket

CVE-2026-50137
NIST NVD
HIGHVulnerability

NVD HIGH: CVE-2026-46710 — Notepad++ is a free and open-source source code editor. From 8.9.4 until 8.9.6, ...

Notepad++ is a free and open-source source code editor. From 8.9.4 until 8.9.6, Notepad++ contains a local privilege escalation vulnerability in the installer. During installation, the installer invokes powershell.exe without using an absolute path after setting the working directory to the installation contextMenu directory. If an attacker can pre-place a malicious powershell.exe in a user-writab

CVE-2026-46710
NIST NVD
MEDIUMVulnerability

The Chinese Control the Majority of Argentina’s Squid Fleet

Chinese companies control nearly two-thirds of Argentina’s own squid fleet.

Schneier on Security
MEDIUMVulnerability

HHS Agencies Flesh Out Priorities for Healthcare AI

<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/hhs-agencies-flesh-out-priorities-for-healthcare-ai-image_small-1-a-32091.jpg" align=right hspace=4><b>Coordinated 'OneHHS' AI Governance, Implementation, Guidance Efforts Under Way</b><br>The U.S. Department of Health and Human Services is preparing guidance aimed at accelerating the adoption of healthcare AI, with agency officia

Bank Info Security
CRITICALVulnerability

CISA sets urgent deadline to fix Cisco flaw exploited in attacks

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is giving federal agencies until Sunday to patch a vulnerability in Cisco Unified Communications Manager Server that is being actively exploited. [...]

BleepingComputer
MEDIUMPhishing

FBI Warns Russian Intelligence Hackers Target Signal Backup Recovery Keys

The FBI and CISA have updated their March warning about Russian intelligence phishing Signal accounts, and the operators have added a step: they now coax targets into handing over their Signal Backup Recovery Key. Hand it over once, and the attacker can restore the account's backup, read the private and group message history, and take over the account. Worse, the key keeps working.

The Hacker News
LOWAi

Weekly Metasploit Update: Modules for Audiobookshelf, LiteLLM, Next.js, Dalfox and more

Help shape the future of Metasploit Framework We are planning future work in relation to the evasion capabilities present in Metasploit Framework, and how they function/are presented to users. We are currently accepting responses to our feedback form, which means that you can shape the future of how evasive capabilities are implemented in Metasploit Framework. The proposal for the changes can be f

CVE-2025-25205CVE-2026-42208
Rapid7
MEDIUMVulnerability

ATF cancels controversial commercial geolocation contract

The agency told CyberScoop the tool was a pilot that didn’t meet their needs. Members of Congress say it was accessed for hundreds of active cases. The post ATF cancels controversial commercial geolocation contract appeared first on CyberScoop .

CyberScoop
MEDIUMVulnerability

AI Decline? Confidence in Autonomous Penetration Testing Falls

Companies are still experimenting with automated AI systems to find security weaknesses, but fewer are relying on the technology.

Dark Reading
HIGHRansomware

First Circuit Affirms Dismissal of Data Breach Class Action for Lack of Traceable Injury

Melanie Conroy of Pierce Atwood LLP writes: The First Circuit recently affirmed dismissal of a putative data breach class action against Bayamón Medical Center (BMC), holding that the plaintiff failed to plausibly allege that her injuries were traceable to the healthcare provider’s 2019 ransomware attack. In Santos-Pagán v. Bayamón Medical Center, the court concluded that allegations... Source

DataBreaches.net
MEDIUMMalware

New SharkLoader Malware Deploys Cobalt Strike in StrikeShark Cyberattacks

A newly discovered cyber attack campaign has been observed delivering a previously undocumented malware family called SharkLoader that acts as a loader for deploying Cobalt Strike Beacon on compromised hosts. Kaspersky, which is tracking the activity under the moniker StrikeShark, said the campaign has targeted a diplomatic organization in Indonesia, government organizations in Taiwan,

The Hacker News
HIGHVulnerability

NVD HIGH: CVE-2026-48706 — Envoy is an open source edge and service proxy designed for cloud-native applica...

Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.34.0 until 1.35.13, 1.36.9, 1.37.5, and 1.38.3, a vulnerability exists in Envoy's TCP StatsD sink (TcpStatsdSink), where the thread-local flusher buffer can be overflowed by exceptionally long statistic names (e.g., >16KiB). During formatting, TcpStatsdSink reserves a single contiguous memory slice of 16K

CVE-2026-48706
NIST NVD
HIGHVulnerability

NVD HIGH: CVE-2026-48497 — Envoy is an open source edge and service proxy designed for cloud-native applica...

Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to 1.35.11, 1.36.7, 1.37.3, and 1.38.1, in cases where UDP DNS filter is configured with local resolution containing a name with the length of 255 octets or remote resolution for a name of 255 octets long can complete successfully, a query with such name will result in abnormal process termination. The abn

CVE-2026-48497
NIST NVD
HIGHVulnerability

NVD HIGH: CVE-2026-47221 — Envoy is an open source edge and service proxy designed for cloud-native applica...

Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.18.0 until 1.35.13, 1.36.9, 1.37.5, and 1.38.3, the router filter contains a null pointer dereference vulnerability when handling HTTP 303 (See Other) internal redirects for body-less non-GET/HEAD requests. When a POST, PUT, DELETE, or PATCH request without a body is sent to a route configured with intern

CVE-2026-47221
NIST NVD
HIGHVulnerability

NVD HIGH: CVE-2026-47204 — Envoy is an open source edge and service proxy designed for cloud-native applica...

Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.26.0 until 1.35.13, 1.36.9, 1.37.5, and 1.38.3, the envoy.filters.http.grpc_stats filter crashes (null pointer dereference / segfault) when a Connect protocol request (Content-Type: application/connect+proto or application/connect+json) hits a direct_response route. A single unauthenticated HTTP request c

CVE-2026-47204
NIST NVD
LOWSupply Chain

Polymarket customers lose $3 million in supply-chain attack

Polymarket says it will fully reimburse customers who lost an estimated $3 million after hackers injected a malicious script into the platform's frontend following a breach at a third-party vendor. [...]

BleepingComputer
MEDIUMVulnerability

How Accenture Acquisition Could Push Dragos Beyond Energy

<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/how-accenture-acquisition-could-push-dragos-beyond-energy-image_small-4-a-32089.jpg" align=right hspace=4><b>Forrester: Transaction Reflects Move From Services Toward Owning Security Technology</b><br>Forrester analyst Paddy Harrington says Accenture's proposed acquisition of Dragos signals a strategic move toward owning OT securi

Bank Info Security
MEDIUMAi

Cybersecurity firms targeted by fraudulent OpenAI organization invites

Threat actors are creating OpenAI tenants that impersonate legitimate companies and inviting employees to join them, in what appears to be a ploy to trick targets into submitting sensitive company information in chats and projects. [...]

BleepingComputer
MEDIUMSupply Chain

Global banks back project to strengthen open source resilience

At the Open Source in Finance Forum, FINOS, the financial services arm of the Linux Foundation, announced its intent to form an Open Source Enterprise Resiliency Alliance (OSERA), a global, vendor-neutral, member-governed coalition to strengthen the industry's supply chain resiliency. OSERA will strengthen the open source components that underpin the sector by securing them through a vendor-neutra

Finextra
MEDIUMAi

Cisco Adds NHI to Security Stack With Astrix, WideField Acquisitions

Cisco joins a growing list of security platform providers that are betting that securing the agentic workforce means turning identity into the primary control plane.

Dark Reading
CRITICALVulnerability

NVD CRITICAL: CVE-2026-54636 — Dokku is a docker-powered PaaS. Prior to 0.38.7, the cron plugin utilizes comman...

Dokku is a docker-powered PaaS. Prior to 0.38.7, the cron plugin utilizes commands in the app.json file to manage system cron running as the Dokku user. An app.json cron command utilizing special shell characters - including, but not limited to, > or ; - can break out of the Docker container and execute commands on the host as the Dokku user. This vulnerability is fixed in 0.38.7.

CVE-2026-54636
NIST NVD
HIGHVulnerability

NVD HIGH: CVE-2026-45406 — Dokku is a docker-powered PaaS. Prior to 0.38.2, the openresty-vhosts plugin cop...

Dokku is a docker-powered PaaS. Prior to 0.38.2, the openresty-vhosts plugin copies files from an app's openresty/http-includes/ git repository directory to the host and then interpolates their filenames, unescaped, into a single-quoted shell string that is later parsed by eval. A filename containing a single quote breaks the quoting and allows command substitution to execute arbitrary commands on

CVE-2026-45406
NIST NVD
HIGHVulnerability

NVD HIGH: CVE-2026-45405 — Dokku is a docker-powered PaaS. Prior to 0.38.2, the git:from-archive and certs:...

Dokku is a docker-powered PaaS. Prior to 0.38.2, the git:from-archive and certs:add commands extract user-supplied tar/zip archives into temporary directories without sanitizing member paths or preventing symlink traversal. GNU tar creates symlinks during extraction and follows them for subsequent entries, allowing an attacker to write arbitrary files anywhere writable by the dokku user — includin

CVE-2026-45405
NIST NVD
MEDIUMVulnerability

ISMG Editors: Prep Now, Hackers Will Soon Wield Frontier AI

<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/ismg-editors-prep-now-hackers-will-soon-wield-frontier-ai-image_small-7-a-32088.jpg" align=right hspace=4><b>Also: AI Model for Drug Development Allegedly Stolen; Accenture's Dragos Deal</b><br>In this week's panel, four ISMG editors discussed Western intelligence agencies' warning that attackers will soon wield frontier artificia

Bank Info Security
MEDIUMVulnerability

Meta Is Testing Facial Recognition for Police and Military

We know that ICE wants to deploy eyeglasses with facial recognition that can identify people in real time. Turns out Meta is prototyping the feature with a Pentagon supplier. (Alternate news story.)

Schneier on Security
MEDIUMVulnerability

New Initiative Tackles Security for End-of-Life Open Source Software

The Open Source Sustainability Initiative's goal is to help enterprises manage and secure aging open source projects while maintaining regulatory compliance.

Dark Reading
LOWAi

Malware authors subvert AI detection systems

Enterprises that have turned to AI in order to boost their security defenses may have to reconsider their approach. Malware containing code that commands LLM-assisted products to abort their analysis or refuse to implement it is already circulating, according to a post from security company SentinelLabs. SentinelLabs thinks it knows who’s responsible for the malware, which attacks MacOS systems. “

CSO Online
CRITICALApt

Chinese-Speaking APT Deploys New TinyRCT Backdoor in Southeast Asia Campaign

A Chinese-speaking advanced persistent threat (APT) actor has been linked to a new custom backdoor called TinyRCT as part of cyber attacks aimed at government entities and critical infrastructure in Southeast Asia. The activity, particularly aimed at state-owned enterprises in the energy and government sectors, has been attributed to a threat actor called CL-STA-1062, which Palo Alto Networks

The Hacker News
HIGHVulnerability

NVD HIGH: CVE-2026-44018 — Docling simplifies document processing by parsing diverse formats and providing ...

Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. From 2.45.0 until 2.91.0, the METS-GBS backend's XML parsing and the input document format detection lacked security controls. An attacker could craft malicious METS-GBS archives that, when processed, could read sensitive files, exhaust system resources, or cause applicati

CVE-2026-44018
NIST NVD
CRITICALVulnerability

NVD CRITICAL: CVE-2026-12411 — Broken Access Control in the devLXDInstancePatchHandler component of Canonical L...

Broken Access Control in the devLXDInstancePatchHandler component of Canonical LXD allows an untrusted guest to mount, read, and overwrite another guest's custom storage volume via a crafted device PATCH request over /dev/lxd when security.devlxd.management.volumes is enabled.

CVE-2026-12411
NIST NVD
MEDIUMVulnerability

AI Won't Wipe-Out Entry-Level Cybersecurity Jobs

Instead of eliminating jobs for early-career cyber pros, AI is creating new opportunities for candidates with strong human decision-making skills.

Dark Reading
LOWVulnerability

Amazon Q Flaw Enabled Cloud Credential Theft via Malicious Repositories

AWS has patched the vulnerability and published its own advisory to inform customers about the potential impact. The post Amazon Q Flaw Enabled Cloud Credential Theft via Malicious Repositories appeared first on SecurityWeek .

SecurityWeek
HIGHRansomware

More Klue Breach Victims Identified as Hackers Get Hacked

Roughly two dozen companies have notified their customers of the Klue-Salesforce incident impact. The post More Klue Breach Victims Identified as Hackers Get Hacked appeared first on SecurityWeek .

SecurityWeek
CRITICALApt

Cyberattacks pose a ‘threat to life’ in Australia

Australia’s Security Intelligence Organization (ASIO) has uncovered an attack on a critical infrastructure operator’s network. State-sponsored actors had compromised the network and were preparing to sabotage it, according to its director general, Mike Burgess. Other countries face similar cyber-threats to critical infrastructure . It’s impossible to exaggerate the danger that the country is facin

CSO Online
HIGHData Breach

In Other News: Chinese Mythos-Like AI, Tata Electronics Breach, Snyk Layoffs

Other noteworthy stories that might have slipped under the radar: Russia used Cellebrite to hack activist’s phone, Five Eyes issue urgent AI threat warning, macOS Gaslight backdoor, Scattered Spider guilty pleas. The post In Other News: Chinese Mythos-Like AI, Tata Electronics Breach, Snyk Layoffs appeared first on SecurityWeek .

SecurityWeek
MEDIUMVulnerability

Revolut ends remote-first working for graduates and interns

Revolut is scrapping its remote-first policy for graduates and interns, requiring new staffers to work in the office at least three days a week.

Finextra
MEDIUMVulnerability

QI Tech and Bettr expand credit access for e-commerce merchants and consumers in Brazil

QI Tech, a leading financial services infrastructure provider, has joined forces with Bettr, a leading provider of inclusive and embedded financial services under Ant International, to expand credit solutions for e-commerce sellers and shoppers.

Finextra
CRITICALVulnerability

NVD CRITICAL: CVE-2026-57926 — In JetBrains YouTrack before 2026.2.16593 the websandbox bridge was vulnerable t...

In JetBrains YouTrack before 2026.2.16593 the websandbox bridge was vulnerable to a prototype pollution attack

CVE-2026-57926
NIST NVD
HIGHVulnerability

NVD HIGH: CVE-2026-57923 — In JetBrains YouTrack before 2026.2.16593 improper authorisation in the app conf...

In JetBrains YouTrack before 2026.2.16593 improper authorisation in the app configurations endpoint allowed modifying project settings

CVE-2026-57923
NIST NVD
HIGHVulnerability

NVD HIGH: CVE-2026-57921 — In JetBrains YouTrack before 2026.2.16593 improper access control allowed readin...

In JetBrains YouTrack before 2026.2.16593 improper access control allowed reading users' private data via the comment templates endpoint

CVE-2026-57921
NIST NVD
CRITICALVulnerability

NVD CRITICAL: CVE-2026-53914 — In JetBrains Kotlin before 2.4.20 code execution was possible via unsafe deseria...

In JetBrains Kotlin before 2.4.20 code execution was possible via unsafe deserialization in the build cache metadata

CVE-2026-53914
NIST NVD
MEDIUMVulnerability

Iranian-Turkish national sought by US on hacking charges arrested in Montenegro

Predrag Milic reports: An Iranian national who is wanted by the United States for mass hacking attacks that caused damage of $3.4 billion was arrested in Montenegro, police in the Balkan country said late Thursday. The 39-year-old man, who holds both the Iranian and Turkish citizenship, is wanted by a court in New York on multiple charges, including... Source

DataBreaches.net
MEDIUMVulnerability

Your First GRC Agent: A Red Teamer's Walkthrough

AI won't replace GRC analysts, but it can eliminate much of the repetitive work they do. Anecdotes walks through building an agent that continuously monitors controls, identifies evidence gaps, and opens remediation tasks. [...]

BleepingComputer
MEDIUMVulnerability

HIPAA Compliance Software

The purpose of HIPAA compliance software is to provide a framework to guide a HIPAA-covered entity or business associate through [&#8230;] The post HIPAA Compliance Software appeared first on The HIPAA Journal .

HIPAA Journal
MEDIUMVulnerability

Binance to stop serving EU customers after failing to secure MiCA license

Crypto giant Binance has told customers in the EU that it will stop providing them with services from 1 July after it failed to secure a license under the bloc’s Markets in Crypto-Assets Regulation.

Finextra
MEDIUMAi

Amazon Q Developer Flaw Could Let Malicious Repos Run Code via MCP Configs

A high-severity flaw in Amazon Q Developer let a malicious repository run commands and steal a developer's cloud credentials. The path was short: a developer opens the repo, trusts the workspace, and Amazon Q does the rest. Amazon has patched it. Tracked as CVE-2026-12957 (CVSS 8.5), the bug sat in how Amazon's AI coding assistant handled Model Context Protocol (MCP) servers. Wiz

CVE-2026-12957
The Hacker News
MEDIUMVulnerability

Russia accuses Apple of ‘political censorship’ after VK apps removed from App Store

Apple removed VK's flagship social network VKontakte, often described as Russia's equivalent of Facebook, along with VK Music, VK Messenger, VK Video, Odnoklassniki and Mail.ru services, including its email application.

The Record
MEDIUMVulnerability

UK: Boy&#8217;s medical records may have been accessed inappropriately after crocodile attack at zoo

They could have &#8212; and should have &#8212; anticipated great curiosity about this particular patient&#8217;s medical records. Did they control access well enough? Emily Stevens reports: The medical records of a young boy who was attacked by a crocodile at a Cambridgeshire zoo were accessed by up to 40 members of staff. The incident took... Source

DataBreaches.net
MEDIUMVulnerability

Meeting Trump's 2030 Quantum Deadline Will be Expensive, Complex

Getting accurate visibility into IT and OT systems will be compounded by multivendor environments, misaligned update life cycles, and interoperability gaps.

Dark Reading
MEDIUMApt

Turla group adds more malware to Russia’s espionage efforts against Ukraine

Threat intelligence researchers at Google described StockStay, the latest malware developed by the Russian cyber-espionage group known as Turla.

The Record
MEDIUMVulnerability

Russia used social engineering to breach prominent messaging accounts, Ukraine says

Ukraine's SBU described a long-running Russian operation that used fake tech-support workers to persuade people to hand over credentials to their messaging apps.

The Record
LOWVulnerability

UK: ICO statement on ‘Edtech examined’ report

The UK Information Commissioner&#8217;s Office (ICO) has released a report titled &#8220;EdTech examined &#8212; Key Findings from Our Audits.&#8221; The ICO issued the following statement to accompany the report&#8217;s release: Today, the ICO has published ‘Edtech examined’, a new report which outlines how we have worked directly with edtech providers to review and improve data protection practi

DataBreaches.net
MEDIUMVulnerability

New Linux pedit COW Exploit Enables Root Access by Poisoning Cached Binaries

A flaw in the Linux kernel's traffic-control subsystem can let a local unprivileged user gain root on affected systems. CVE-2026-46331, nicknamed "pedit COW," is an out-of-bounds write in the packet-editing action (act_pedit) that corrupts shared page-cache memory. A public, working exploit appeared within a day of the CVE assignment on June 16. Red Hat rates the flaw as

CVE-2026-46331
The Hacker News
LOWVulnerability

Beware of the license manager: how a Schneider Electric software vulnerability puts industrial facilities at risk

Analysis of CVE-2024-2658 as found in Schneider Electric's Floating License Manager. Discover how this FlexNet Publisher vulnerability potentially allows attackers to escalate to NT AUTHORITY\SYSTEM privileges and expand their foothold; learn how to mitigate the risk.

CVE-2024-2658
Securelist (Kaspersky)
MEDIUMVulnerability

Thanks for Crushing the Submissions Inbox. We're Trying to Keep Up

It might be taking a bit longer than usual to respond to your submissions — here's why.

Dark Reading
MEDIUMVulnerability

Nebulock Raises $25 Million for AI-Native Contextual Security

The cybersecurity startup provides threat hunting, proactive detection, and behavioral security analytics. The post Nebulock Raises $25 Million for AI-Native Contextual Security appeared first on SecurityWeek .

SecurityWeek
CRITICALVulnerability

CISA Adds Exploited PTC Windchill RCE Flaw to KEV as Web Shell Attacks Continue

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a critical remote code execution vulnerability impacting PTC Windchill PDMlink and PTC FlexPLM enterprise Product Data Management (PDM) and Product Lifecycle Management (PLM) software to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability in question is

The Hacker News
HIGHData Breach

Okanogan Behavioral Healthcare Settles Class Action Data Breach Lawsuit

Okanogan Behavioral Healthcare, a provider of holistic behavioral health services in Okanogan County, Washington, has agreed to settle a class [&#8230;] The post Okanogan Behavioral Healthcare Settles Class Action Data Breach Lawsuit appeared first on The HIPAA Journal .

HIPAA Journal
MEDIUMVulnerability

FCC votes to toughen rules in bid to better protect undersea cables

In an unprecedented move, the FCC also said it plans to mandate that owners and operators of submarine line terminal equipment (SLTE) be licensed.

The Record
MEDIUMPhishing

Russian Intelligence Services Continue to Target Commercial Messaging Applications

<p>CISA and the Federal Bureau of Investigation (FBI) issued an updated <a href="https://www.ic3.gov/PSA/2026/PSA260626" target="_blank">Public Service Announcement (PSA)</a> warning of Russian Intelligence Services (RIS) cyber threat actors targeting commercial messaging applications in ongoing phishing campaigns. This PSA is an update to the March 2026 <a href="https://www.cisa.gov/resources-too

CISA Advisories
MEDIUMVulnerability

New DirtyClone Linux Kernel Flaw Lets Local Users Gain Root via Cloned Packets

DirtyClone is a new Linux kernel privilege escalation in the DirtyFrag family. JFrog Security Research published a working exploit walkthrough for the flaw on June 25, the first public demonstration for this variant. Tracked as CVE-2026-43503 (CVSS 8.8), it lets a local user corrupt file-backed memory through a cloned network packet and gain root. The patch landed in

CVE-2026-43503
The Hacker News
MEDIUMVulnerability

High-Severity Vulnerability Identified in OHIF Viewers DICOM

A high-severity vulnerability has been identified in OHIF (Open Health Imaging Foundation) Viewers DICOM, which could be exploited to steal [&#8230;] The post High-Severity Vulnerability Identified in OHIF Viewers DICOM appeared first on The HIPAA Journal .

HIPAA Journal
MEDIUMVulnerability

Why You Don&#8217;t Need to Understand HIPAA to Make Your Small Practice HIPAA Compliant

A small practice owner who cannot define a Security Risk Analysis, has never read the HIPAA Security Rule, and does [&#8230;] The post Why You Don&#8217;t Need to Understand HIPAA to Make Your Small Practice HIPAA Compliant appeared first on The HIPAA Journal .

HIPAA Journal
MEDIUMAi

Guardian Agents: The Next Layer of Identity Governance

AI agents are moving through enterprise environments, inheriting permissions, traversing systems, and executing decisions at machine speed with minimal oversight. The identity infrastructure built to govern human access wasn't designed for autonomous actors, and the gap between what enterprises are deploying and what their governance programs actually cover is widening fast. This guide breaks

The Hacker News
MEDIUMVulnerability

Linux Foundation Unveils New Open Source Security Project Akrites

It will provide the tools and channels to report, patch, and disclose open source software vulnerabilities. The post Linux Foundation Unveils New Open Source Security Project Akrites appeared first on SecurityWeek .

SecurityWeek
HIGHData Breach

Colorado Health Network; Kentucky Mountain Health Alliance Announce Data Breaches

Data security incidents have been announced by the Colorado Health Network and Kentucky Mountain Health Alliance. In both cases, only [&#8230;] The post Colorado Health Network; Kentucky Mountain Health Alliance Announce Data Breaches appeared first on The HIPAA Journal .

HIPAA Journal
LOWSupply Chain

Miasma Malware Targets npm Packages and GitHub Actions in Supply Chain Attack

Cybersecurity researchers have flagged yet another evolution of the supply chain attack linked to the Mini Shai-Hulud, Miasma, and Hades malware family that has compromised a new set of npm packages, even as it has propagated to the Go ecosystem. "The latest activity includes malicious npm releases affecting LeoPlatform and RStreams packages, GitHub Actions workflow abuse, and a related Go

The Hacker News
LOWVulnerability

One Million Passports Leaked Online

A database of almost a million passports from around the world was leaked online. Note what happened. A high-value credential&#8212;a passport&#8212;was used in an ancillary low-value authentication system: ID verification for cannabis dispensaries. And it&#8217;s the low-value system that got hacked, putting the high-value credential at risk.

Schneier on Security
HIGHData Breach

Minnesota Epilepsy Group; Campbell University; City of Middletown Announce Data Breaches

Data breaches have been announced by Minnesota Epilepsy Group, Campbell University, and the City of Middletown, Ohio. Minnesota Epilepsy Group [&#8230;] The post Minnesota Epilepsy Group; Campbell University; City of Middletown Announce Data Breaches appeared first on The HIPAA Journal .

HIPAA Journal
CRITICALVulnerability

China-Linked Hackers Strike Asian Critical Infrastructure with TinyRCT Backdoor

A China-linked threat group has been targeting critical infrastructure in Southeast Asia with a new custom backdoor called TinyRCT

Infosecurity Magazine
CRITICALRansomware

What CISOs need to tell the board about zero trust in OT: A 90-day communication and action plan

I work as a principal specialist at a pipeline operator where Operational Technology (OT) is the backbone of the business. I do not report to the board or act as a CISO, but the issues that get raised to those levels affect my job every single day. Since the Colonial pipeline ransomware incident in 2021 , it has become apparent that our industry has started posing different tones of “Are we zero t

CSO Online
CRITICALAi

Proposed US law would make AI risk reporting a legal obligation

US lawmakers on Thursday introduced a bill that would require developers of advanced AI models to report major safety and security incidents to the Commerce Department, establishing a federal oversight framework for high-risk AI systems. The proposed AI Incident Reporting Act would mandate that developers of designated “covered models” disclose incidents within seven days of knowing, or reasonably

CSO Online
MEDIUMPhishing

$3 Million Reportedly Stolen in Polymarket Hack

The decentralized prediction market said hackers targeted some of its users through a compromise of a third-party vendor. The post $3 Million Reportedly Stolen in Polymarket Hack appeared first on SecurityWeek .

SecurityWeek
MEDIUMPhishing

Microsoft Warns of Photo ZIP Phishing Campaign Targeting Hotels with Node.js Implant

An active phishing campaign has been targeting hotel and other hospitality organizations across Europe and Asia since April 2026, using photo-themed ZIP files to drop a Node.js implant and dig into front-desk machines, Microsoft says. The company has not attributed the activity to a known threat actor, and the operators' end goal is still unclear. The lure plays to how hotels work.

The Hacker News
MEDIUMVulnerability

Smarsh collaborates with AWS to deliver compliant AI adoption in regulated industries

Today, Smarsh, a global leader in digital communications compliance and intelligence, announced breakthrough results from its strategic collaboration agreement (SCA) with Amazon Web Services (AWS), delivering a new standard for compliant AI adoption in regulated industries.

Finextra
LOWVulnerability

FCA admits TREX to regulatory sandbox, tests advanced climate risk modelling

The Financial Conduct Authority (FCA) has onboarded Transition Risk Exeter Ltd (TREX) into its regulatory sandbox to test whether its approach to climate scenario analysis can provide financial firms a clearer view of physical risks like flooding or heatwaves, as well as risks linked to the move to a low-carbon economy.

Finextra
CRITICALData Breach

Mythos is a signal, not a siren: What frontier AI should change for CISOs

When a new AI capability starts making headlines, I see the same pattern play out in boardrooms and executive staff meetings. The technology is introduced as a looming breakthrough for attackers. The conversation quickly shifts to worst-case scenarios. Then security leaders are asked some version of the same question: Are we suddenly exposed in ways we were not exposed before? My answer is usually

CSO Online
MEDIUMApt

Russian APT Deploys &#8216;StockStay&#8217; Backdoor Against Ukrainian Targets

Turla has been using the backdoor against government and military organizations in Ukraine for espionage. The post Russian APT Deploys &#8216;StockStay&#8217; Backdoor Against Ukrainian Targets appeared first on SecurityWeek .

SecurityWeek
MEDIUMVulnerability

SMB cyber readiness: the road to resilience starts here

Your business may be small, but its attack surface is anything but. Readiness is the first step to resilience.

WeLiveSecurity (ESET)
MEDIUMVulnerability

Russia Used Cellebrite on Jailed Activist's iPhone Months After Sales Cutoff

Russian authorities used Cellebrite's UFED forensic tools to break into the iPhone of detained opposition activist Andrey Pivovarov in June 2021, three months after Cellebrite said it would stop selling its tools and services to Russia and Belarus. The finding, published June 25 by the Citizen Lab, rests on two things that rarely line up: traces on the phone itself and an official Russian

The Hacker News
CRITICALVulnerability

NVD CRITICAL: CVE-2026-2053 — The WSO2 API Manager's message flow component, when processing WS-Addressing hea...

The WSO2 API Manager's message flow component, when processing WS-Addressing headers, does not sufficiently validate or restrict user-controlled input within these headers. This omission allows an attacker to manipulate WS-Addressing headers to specify arbitrary destinations for server-initiated requests. Successful exploitation allows an unauthenticated attacker to control the destination of ser

CVE-2026-2053
NIST NVD
HIGHVulnerability

First-Ever Exploitation of PTC Windchill Vulnerability Discovered in the Wild

CISA has added the remote code execution flaw CVE-2026-12569 to its Known Exploited Vulnerabilities catalog. The post First-Ever Exploitation of PTC Windchill Vulnerability Discovered in the Wild appeared first on SecurityWeek .

CVE-2026-12569
SecurityWeek
CRITICALAi

New Enterprise-Ready MCP Specification Brings New Security Challenges

A major overhaul of the Model Context Protocol shifts critical security responsibilities from the protocol itself to developers and platform operators. The post New Enterprise-Ready MCP Specification Brings New Security Challenges appeared first on SecurityWeek .

SecurityWeek
HIGHData Breach

CMC Releases Analysis and Guidance for Education Sector After Canvas Data Breach

The UK Cyber Monitoring Centre reviews the Canvas breach affecting 160 UK universities, highlighting data theft risks and financial impacts of cyber incidents

Infosecurity Magazine
CRITICALVulnerability

GDPR at 10: Landmark data protections, increasing business burden

Ten years have passed since the General Data Protection Regulation (GDPR) came into force, and the results are mixed. While data protection has become more firmly established in European companies — and beyond — than ever before, the business world remains critical of the regulation due to increasing bureaucracy, legal uncertainty, and competitive disadvantages. From a data protection perspective,

CSO Online
MEDIUMApt

Google Details Turla's New STOCKSTAY Backdoor Used in Ukraine Espionage Attacks

The Russian state-sponsored threat actor known as Turla has been attributed to a previously undocumented .NET backdoor called STOCKSTAY that has been deployed against government and military organizations in Ukraine, and entities that have an interest in Italian foreign policy. Describing the Windows backdoor as continually developed by the hacking group, Google Threat Intelligence Group (

The Hacker News
MEDIUMVulnerability

Finextra and NICE Actimize release new European Fraud Insights survey report

Finextra’s latest survey report ‘The European Fraud Insights report 2026’ is now available to download.

Finextra
MEDIUMVulnerability

Philip Martin Joins Uber as Chief Information Security Officer

Martin brings experience from Coinbase, Palantir, Amazon, and the U.S. Army to lead Uber's cybersecurity and enterprise security organization. The post Philip Martin Joins Uber as Chief Information Security Officer appeared first on SecurityWeek .

SecurityWeek
MEDIUMVulnerability

DirtyClone (CVE-2026-43503): JFrog's catch on the DirtyFrag fix regression, with a detectable PoC

[object Object]

CVE-2026-43503
r/cybersecurity
CRITICALVulnerability

NVD CRITICAL: CVE-2026-48930 — A flaw in Node.js TLS hostname handling can cause Embedded-nul hostnames can lea...

A flaw in Node.js TLS hostname handling can cause Embedded-nul hostnames can lead to silent authority rebinding due to c-string truncation in resolver bindings. This vulnerability affects all supported release lines: **Node.js 22**, **Node.js 24**, and **Node.js 26**.

CVE-2026-48930
NIST NVD
HIGHVulnerability

NVD HIGH: CVE-2026-48619 — A flaw in Node.js HTTP/2 client allows a server to send an unlimited number of O...

A flaw in Node.js HTTP/2 client allows a server to send an unlimited number of ORIGIN frames, which could lead to an Out of Memory error on the client. This vulnerability affects all supported release lines: **Node.js 22**, **Node.js 24**, and **Node.js 26**.

CVE-2026-48619
NIST NVD
HIGHVulnerability

NVD HIGH: CVE-2026-48615 — A flaw in Node.js proxy tunnel error handling could expose proxy credentials in ...

A flaw in Node.js proxy tunnel error handling could expose proxy credentials in `ERR_PROXY_TUNNEL` error messages. When proxy credentials are embedded in the proxy URL, they may be exposed through error handling paths and captured by logs, diagnostics, or other error consumers. This vulnerability affects all supported release lines: **Node.js 22**, **Node.js 24**, and **Node.js 26**.

CVE-2026-48615
NIST NVD
MEDIUMVulnerability

Google Finance gets an app

Google has launched a dedicated mobile app for its recently revamped, AI-infused, financial data, news and analytics service.

Finextra
MEDIUMVulnerability

SBI Holdings to buy crypto exchange Bitbank for $289m

Japanese financial conglomerate SBI Holdings has agreed a deal to buy local crypto exchange Bitbank for around $289 million.

Finextra
MEDIUMVulnerability

BIS warns of stablecoin &#39;structural flaws&#39;

Stablecoins, as currently designed, have structural flaws that could affect macroeconomic and financial stability if they were to see widespread adoption, according to the Bank for International Settlements.

Finextra
MEDIUMAi

AI Firms Seek US Help Against China Model Distillation

<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/ai-firms-seek-us-help-against-china-model-distillation-image_small-8-a-32082.jpg" align=right hspace=4><b>Anthropic Says Legal Gaps Leave Frontier Labs Vulnerable to LLM Copying</b><br>U.S.-based AI companies are urging the U.S. government to crack down on alleged illicit model distillation by Chinese AI developers, arguing curren

Bank Info Security
MEDIUMVulnerability

Secret Service Driven to Personal Phones by Heavy Limits

<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/secret-service-driven-to-personal-phones-by-heavy-limits-image_small-4-a-32083.jpg" align=right hspace=4><b>Agents Couldn't Group Chat or Text Foreign Counterparts</b><br>U.S. Secret Service agents abroad jeopardized their protective mission by using personal smartphones on foreign trips, say auditors, who fault the Department of

Bank Info Security
LOWVulnerability

Snyk Reportedly Cuts 90 Jobs to Accelerate AI Strategy

<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/snyk-reportedly-cuts-90-jobs-to-accelerate-ai-strategy-image_small-10-a-32081.jpg" align=right hspace=4><b>Interim CEO Ken MacAskill Says Changes Will Speed Product Development and Execution</b><br>Boston-based Snyk is reportedly eliminating about 90 jobs while reorganizing leadership, go-to-market operations and research to accel

Bank Info Security
LOWAi

Anthropic is testing desktop-like Claude Cowork for mobile

Anthropic appears to be testing Claude Cowork support on mobile, allowing you to manage long-running Claude tasks from your phone. [...]

BleepingComputer
MEDIUMVulnerability

Robinhood Cuts Access Approval Time to Support High-Velocity Development

The fintech company's engineering-first application security team re-engineered the process for granting system access, making it easier and more secure for developers working on their projects. Here are the lessons learned from Robinhood's experience.

Dark Reading
MEDIUMVulnerability

Poland busts SIM-swapping gang tied to millions in crypto theft

Authorities in Poland have arrested four members of an organized cybercrime group accused of breaching telecommunications partners and hijacking email accounts to carry out SIM-swapping attacks. [...]

BleepingComputer
HIGHVulnerability

NVD HIGH: CVE-2026-8720 — wc_Blake2bHmacFinal and wc_Blake2sHmacFinal discard the message when the key len...

wc_Blake2bHmacFinal and wc_Blake2sHmacFinal discard the message when the key length exceeds the block size, producing a MAC that is independent of the input. When the supplied key is longer than the BLAKE2 block size the key-hashing branch reinitialized the running hash state, discarding the accumulated message data, so the resulting MAC depended only on the key and not on the message being authen

CVE-2026-8720
NIST NVD
HIGHVulnerability

NVD HIGH: CVE-2026-7532 — iPAddress name constraints bypass when WOLFSSL_IP_ALT_NAME is not defined. IP ad...

iPAddress name constraints bypass when WOLFSSL_IP_ALT_NAME is not defined. IP address name constraints are not enforced in that configuration, allowing a certificate to bypass an issuing CA's IP address constraints.

CVE-2026-7532
NIST NVD
HIGHVulnerability

NVD HIGH: CVE-2026-7511 — PKCS7_verify signer confusion allows forged signatures, where the signer associa...

PKCS7_verify signer confusion allows forged signatures, where the signer associated with a signature is not correctly bound, permitting a forged signature to be accepted.

CVE-2026-7511
NIST NVD
HIGHVulnerability

NVD HIGH: CVE-2026-6331 — HMAC zero-length tag forgery in EVP_DigestVerifyFinal, where a zero-length tag c...

HMAC zero-length tag forgery in EVP_DigestVerifyFinal, where a zero-length tag could be accepted as valid during HMAC verification. In the OpenSSL-compatibility HMAC verify path the supplied signature length was only checked as not exceeding the MAC length, so a zero-length or otherwise truncated tag could pass verification. The fix requires the supplied tag length to exactly equal the MAC length

CVE-2026-6331
NIST NVD
HIGHVulnerability

NVD HIGH: CVE-2026-6325 — Out-of-bounds write in SetSuitesHashSigAlgo when processing an oversized signatu...

Out-of-bounds write in SetSuitesHashSigAlgo when processing an oversized signature algorithms list, allowing a write past the bounds of the destination buffer.

CVE-2026-6325
NIST NVD
HIGHVulnerability

NVD HIGH: CVE-2026-11703 — Missing SNI/ALPN binding on stateful (session-ID) resumption, which previously s...

Missing SNI/ALPN binding on stateful (session-ID) resumption, which previously skipped the binding check performed for ticket-based resumption. A cached session could be resumed under a different SNI/ALPN than originally negotiated and, where client-authentication policy differs across virtual hosts, carry the cached peer-authentication state into a context it was not established for. Resumption n

CVE-2026-11703
NIST NVD
CRITICALVulnerability

NVD CRITICAL: CVE-2025-71338 — Flowise contains a path traversal vulnerability in the /api/v1/document-store/lo...

Flowise contains a path traversal vulnerability in the /api/v1/document-store/loader/process endpoint that allows unauthenticated attackers to write arbitrary files to the filesystem. Attackers can exploit unsanitized fileName parameters with ../ sequences to overwrite critical files like package.json and achieve remote code execution when the application restarts.

CVE-2025-71338
NIST NVD
CRITICALVulnerability

NVD CRITICAL: CVE-2025-71336 — Flowise before 3.0.6 (affected versions 2.2.7-patch.1 and earlier) contains an u...

Flowise before 3.0.6 (affected versions 2.2.7-patch.1 and earlier) contains an unsandboxed remote code execution vulnerability in the Custom MCP feature, which is designed to execute OS commands such as launching local MCP servers. Because Flowise's authentication and authorization model is minimal and lacks role-based access control, and the default installation runs without authentication unless

CVE-2025-71336
NIST NVD
CRITICALVulnerability

NVD CRITICAL: CVE-2025-71334 — Flowise before 3.0.6 (affected versions 2.2.8 and earlier) contains an arbitrary...

Flowise before 3.0.6 (affected versions 2.2.8 and earlier) contains an arbitrary file access vulnerability due to missing validation that the chatflowId and chatId parameters are UUIDs or numbers in file handling operations. By supplying a path-traversal value (e.g., '../../../../../tmp') as the chatflow id, an unauthenticated attacker can use the /api/v1/chatflows endpoint (via addBase64FilesToSt

CVE-2025-71334
NIST NVD
CRITICALVulnerability

NVD CRITICAL: CVE-2025-71333 — Flowise through 2.2.4 contains an unauthenticated arbitrary file upload vulnerab...

Flowise through 2.2.4 contains an unauthenticated arbitrary file upload vulnerability in the /api/v1/attachments endpoint when storageType is set to local. Attackers can exploit path traversal in the chatId and chatflowId parameters to upload malicious files to arbitrary directories, potentially enabling remote code execution and server compromise.

CVE-2025-71333
NIST NVD
HIGHVulnerability

NVD HIGH: CVE-2025-71328 — Flowise before 3.0.10 contains an unverified password change vulnerability. An a...

Flowise before 3.0.10 contains an unverified password change vulnerability. An authenticated user can change their account password through the account settings (Security) section without supplying the current password or any additional verification, as the application does not enforce a current-password check on the credential change. This can lead to full account takeover, particularly if an att

CVE-2025-71328
NIST NVD
CRITICALVulnerability

NVD CRITICAL: CVE-2025-71327 — Flowise contains an authentication bypass vulnerability in the unprotected /api/...

Flowise contains an authentication bypass vulnerability in the unprotected /api/v1/account/register endpoint that allows unauthenticated attackers to create user accounts. Remote attackers can exploit this endpoint to register arbitrary accounts and authenticate to the system, gaining full API access without credentials.

CVE-2025-71327
NIST NVD
CRITICALApt

CL-STA-1062 Targets Southeast Asian Governments and Critical Infrastructure

Government entities and critical infrastructure were targeted for espionage in SE Asia by attackers using a hybrid toolkit, including custom TinyRCT backdoor. The post CL-STA-1062 Targets Southeast Asian Governments and Critical Infrastructure appeared first on Unit 42 .

Unit 42 (Palo Alto)
MEDIUMVulnerability

In Less Than 24 Hours, Attackers Weaponize Cisco CUCM Flaw

The flaw enables server-side request forgery (SSRF) and escalates privileges to root, impacting Cisco Unified CM and Unified CM SME deployments.

Dark Reading
HIGHVulnerability

NVD HIGH: CVE-2026-6731 — X.509 name constraint bypass via the Subject Common Name when treated as a DNS-t...

X.509 name constraint bypass via the Subject Common Name when treated as a DNS-type name. A certificate whose Subject CN violates an issuing CA's DNS name constraints could be accepted.

CVE-2026-6731
NIST NVD
HIGHVulnerability

NVD HIGH: CVE-2026-6679 — A heap buffer overflow could occur in the DTLS 1.3 ACK serialization path before...

A heap buffer overflow could occur in the DTLS 1.3 ACK serialization path before the connecting peer is authenticated. The buffer overflow was due to an integer truncation when computing the length of the ACK record-number list, causing an undersized buffer to be allocated and then overrun. This affects builds using DTLS 1.3 and wolfSSL version 5.9.0 and earlier. A fix was added to the 5.9.1 relea

CVE-2026-6679
NIST NVD
MEDIUMApt

Russian APT 'Gamaredon' Upgrades Its Arsenal, Requiring New Defenses

The FSB state-sponsored operation has gotten a lot better at loading its malware and hiding its servers.

Dark Reading
MEDIUMVulnerability

Third Defendant Sentenced To Prison For Hacking DraftKings

NATHAN AUSTAD, one of three people indicted for hacking DraftKings in 2022 has now been sentenced to 18 months in prison. In April, a second man, KAMERIN STOKES, a/k/a “TheMFNPlug,” was sentenced to 30 months in prison for his role, while JOSEPH GARRISON was sentenced in 2024 to 18 months: United States Attorney for the... Source

DataBreaches.net
HIGHRansomware

Breach Roundup: How Hackers Exploited a Cisco SD-WAN Flaw

<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/breach-roundup-how-hackers-exploited-cisco-sd-wan-flaw-image_small-3-a-32080.jpg" align=right hspace=4><b>Also, Three Ubiquiti Flaws Under Exploitation</b><br>This week, Mandiant detailed a Cisco SD-WAN hack as attackers exploited Ubiquiti flaws. London Hydro disclosed a customer data breach, researchers flagged cross-cloud bucket

Bank Info Security
MEDIUMVulnerability

Feds Expand AI to Combat Healthcare Fraud

<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/feds-expand-ai-to-combat-healthcare-fraud-image_small-2-a-32079.jpg" align=right hspace=4><b>$6.5B Takedown Highlights AI's Growing Role in Fraud Detection</b><br>A federal effort, bolstered with by data analytics and AI tools, helped bust $6.5 billion in false healthcare claims, U.S. government officials said this week. Moving fo

Bank Info Security
MEDIUMVulnerability

EdTech Attackers Shift From Schools to Their Software Suppliers

Educational institutions, the edtech companies they rely on, and, more concerningly, the challenges they pose for schools are the focus of the latest Reporters' Notebook video series.

Dark Reading
CRITICALVulnerability

NVD CRITICAL: CVE-2026-7531 — Use-after-free in PQC hybrid key-share handling. This is an incomplete-fix follo...

Use-after-free in PQC hybrid key-share handling. This is an incomplete-fix follow-up to CVE-2026-5460 (released in 5.9.1): a malicious TLS 1.3 server sending a truncated PQC hybrid KeyShare can still trigger the error cleanup path to operate on freed memory.

CVE-2026-7531
NIST NVD
HIGHVulnerability

NVD HIGH: CVE-2026-55960 — Un-negotiated Raw Public Key (RFC 7250) accepted in place of an X.509 certificat...

Un-negotiated Raw Public Key (RFC 7250) accepted in place of an X.509 certificate, bypassing chain validation. A raw public key has no chain, so ParseCertRelative() accepts it without performing any trust verification; it must therefore only be accepted when RPK was actually negotiated for that peer. The check now defaults the expected type to X.509 (per RFC 7250/8446) when no type was negotiated,

CVE-2026-55960
NIST NVD
HIGHVulnerability

NVD HIGH: CVE-2026-55958 — Out-of-bounds write in the Renesas TSIP TLS 1.3 transcript buffer. In tsip_Store...

Out-of-bounds write in the Renesas TSIP TLS 1.3 transcript buffer. In tsip_StoreMessage() the capacity check guarding the fixed message bag (MSGBAG_SIZE) sets an error code but fails to return, so execution falls through to an XMEMCPY that writes past the end of the buffer once the accumulated TLS 1.3 handshake transcript exceeds MSGBAG_SIZE (8 KB), corrupting adjacent heap state and potentially c

CVE-2026-55958
NIST NVD
HIGHVulnerability

NVD HIGH: CVE-2026-12340 — Out-of-bounds heap read during SM2/SM3 certificate signature verification. When ...

Out-of-bounds heap read during SM2/SM3 certificate signature verification. When parsing a certificate with an SM3wSM2 signature, the Subject Key Identifier computation reads the trailing 65 bytes of the public key without checking that the key is at least that long. A public key shorter than 65 bytes results in an out-of-bounds heap read, leading to a potential crash (denial of service); there is

CVE-2026-12340
NIST NVD
HIGHVulnerability

NVD HIGH: CVE-2026-11310 — X.509 trust-chain bypass in the OpenSSL compatibility certificate verifier (wolf...

X.509 trust-chain bypass in the OpenSSL compatibility certificate verifier (wolfSSL_X509_verify_cert()). This affects only builds with --enable-opensslextra (OPENSSL_EXTRA) and whose application validates certificates by calling X509_verify_cert() with caller-supplied untrusted intermediate certificates; for those users it is critical, otherwise the library is unaffected. In particular, native wol

CVE-2026-11310
NIST NVD
HIGHVulnerability

NVD HIGH: CVE-2026-10512 — The X25519 x86_64 assembly implementation fails to clear the most significant bi...

The X25519 x86_64 assembly implementation fails to clear the most significant bit during the final modular reduction, so the computed result may not be fully reduced modulo the field prime 2^255 - 19. This can leave the field element in a non-canonical form, producing an incorrect result from the scalar multiplication and potentially a wrong shared secret. The final carry-propagation chains in the

CVE-2026-10512
NIST NVD
HIGHVulnerability

NVD HIGH: CVE-2026-10097 — wolfSSL's AVX2-optimized ML-KEM implementation (mlkem_cmp_avx2) compares only 15...

wolfSSL's AVX2-optimized ML-KEM implementation (mlkem_cmp_avx2) compares only 1536 of the 1568 ciphertext bytes during the Fujisaki-Okamoto re-encryption check in ML-KEM-1024 decapsulation. Ciphertexts that differ from the expected re-encryption solely in bytes 1536-1567 bypass implicit rejection and are accepted as valid, breaking IND-CCA2 security. An attacker able to submit chosen ciphertexts t

CVE-2026-10097
NIST NVD
LOWSupply Chain

Miasma Returns: Leo Platform Compromise in npm

<div class="hs-featured-image-wrapper"> <a href="https://www.sonatype.com/blog/miasma-returns-leo-platform-compromise-in-npm" title="" class="hs-featured-image-link"> <img src="https://www.sonatype.com/hubfs/blog_miasma_leo_platform.png" alt="Image with text "Leo Platform Compromise: Miasma is back" next to skull icon." class="hs-featured-image" style="width:auto !important; max-width:50%; float:l

Sonatype (Maven/npm)
CRITICALVulnerability

FCC passes new cybersecurity rules for emergency systems, undersea cables

The new rules would overhaul national emergency systems to protect against hijacking and update federal security review rules for undersea cables providers The post FCC passes new cybersecurity rules for emergency systems, undersea cables appeared first on CyberScoop .

CyberScoop
MEDIUMPhishing

Order-tracking app Shop abused to push callback phishing attacks

Threat actors are increasingly abusing Shop, the order-tracking app from Shopify, by adding fake purchase receipts in users' order histories to trick them into providing sensitive data or installing remote access software. [...]

BleepingComputer
MEDIUMVulnerability

US Bank and GigSafe team on payment infrastructure for logistics industry

US Bank today announced a collaboration with GigSafe, a compliance and payments platform built for regulated delivery and logistics operators, to enhance the way workers using GigSafe get paid.

Finextra
HIGHVulnerability

NVD HIGH: CVE-2026-56788 — RTKLIB through 2.4.3 contains an out-of-bounds read vulnerability in getcodepri ...

RTKLIB through 2.4.3 contains an out-of-bounds read vulnerability in getcodepri function when processing unrecognized RINEX observation codes, allowing attackers to trigger denial of service. Crafted RINEX files with unknown observation types cause negative array indexing into the codepris table, resulting in reliable crashes and potential memory disclosure of adjacent global data.

CVE-2026-56788
NIST NVD
HIGHVulnerability

NVD HIGH: CVE-2026-56787 — RTKLIB through 2.4.3 contains an off-by-one out-of-bounds read vulnerability in ...

RTKLIB through 2.4.3 contains an off-by-one out-of-bounds read vulnerability in the decode_ssr3 function at src/rtcm3.c:1446 that allows remote attackers to trigger a global buffer overflow via crafted RTCM3 SSR messages with attacker-controlled signal mode fields. Remote attackers can exploit this vulnerability by sending malicious SSR correction streams over NTRIP or serial connections to cause

CVE-2026-56787
NIST NVD
CRITICALVulnerability

NVD CRITICAL: CVE-2026-56786 — RTKLIB through 2.4.3 contains an out-of-bounds write vulnerability in decode_typ...

RTKLIB through 2.4.3 contains an out-of-bounds write vulnerability in decode_type1033 function that fails to clamp length counters to destination buffer size, allowing up to 191-byte overflow into fixed 64-byte descriptor fields. An attacker controlling an NTRIP or serial RTCM3 correction stream can craft a valid CRC-bearing type-1033 message to corrupt adjacent rtcm_t object members, potentially

CVE-2026-56786
NIST NVD
HIGHVulnerability

NVD HIGH: CVE-2026-56770 — libais through 0.15 VdmStream::AddLine uses an unchecked sentinel value as a vec...

libais through 0.15 VdmStream::AddLine uses an unchecked sentinel value as a vector index when processing AIS sentences with empty or out-of-range sequential message IDs. Remote attackers can crash services or vessel systems by sending crafted AIVDM sentences over VHF marine radio or IP feeds, causing out-of-bounds memory access and potential corruption.

CVE-2026-56770
NIST NVD
HIGHVulnerability

NVD HIGH: CVE-2026-56769 — Huly Platform through 0.7.423, fixed in commit 68cbf8a contains an authenticated...

Huly Platform through 0.7.423, fixed in commit 68cbf8a contains an authenticated server-side request forgery vulnerability in the /import endpoint of front pod that allows workspace users to make arbitrary server requests. Attackers can exploit this by supplying malicious URLs to fetch internal services, exfiltrate responses, and replay credentials against backend systems.

CVE-2026-56769
NIST NVD
HIGHVulnerability

NVD HIGH: CVE-2026-56768 — Seahub before 13.0.23 does not enforce SHARE_LINK_LOGIN_REQUIRED on GET /api/v2....

Seahub before 13.0.23 does not enforce SHARE_LINK_LOGIN_REQUIRED on GET /api/v2.1/share-link-zip-task/, allowing unauthenticated users to bypass authentication. Attackers with a folder share-link token can call the GET endpoint to obtain a fileserver zip token and download entire shared directory trees.

CVE-2026-56768
NIST NVD
HIGHVulnerability

NVD HIGH: CVE-2026-56766 — Hydra through 9.7, fixed in commit 9cc84c2, contains a stack buffer overflow in ...

Hydra through 9.7, fixed in commit 9cc84c2, contains a stack buffer overflow in NTLM authentication across SMTP, POP3, IMAP, NNTP, HTTP, HTTP-Proxy, and HTTP-Proxy-Urlenum modules when processing malicious NTLM Type-2 challenges. A malicious server can send a crafted NTLM Type-2 challenge with an excessively long domain string, causing base64-encoded response data to overflow a 500-byte stack buff

CVE-2026-56766
NIST NVD
CRITICALVulnerability

NVD CRITICAL: CVE-2026-54917 — SeaweedFS is a distributed storage system for object storage (S3), file systems,...

SeaweedFS is a distributed storage system for object storage (S3), file systems, and Iceberg tables. Prior to 4.30, the S3 API gateway and the Iceberg REST catalog gateway construct their routers with mux.NewRouter().SkipClean(true). With path cleaning disabled, a .. segment inside the URL survives routing, so a request such as `GET /bucket-A/../evil-bucket/key`, is matched as bucket=bucket-A, obj

CVE-2026-54917
NIST NVD
CRITICALVulnerability

NVD CRITICAL: CVE-2026-50549 — Cursor is a code editor built for programming with AI. Prior to 3.0, Cursor runs...

Cursor is a code editor built for programming with AI. Prior to 3.0, Cursor runs agent terminal commands in a sandbox by default. Before a Write, the agent canonicalizes the target path to confirm it stays inside the workspace, but when canonicalization fails it falls back to the original path and writes without approval. A malicious agent can create an in-workspace symlink that points outside the

CVE-2026-50549
NIST NVD
CRITICALVulnerability

NVD CRITICAL: CVE-2026-50548 — Cursor is a code editor built for programming with AI. Prior to 3.0, Cursor runs...

Cursor is a code editor built for programming with AI. Prior to 3.0, Cursor runs agent terminal commands in a sandbox by default, and the sandbox grants write access to the command's working directory. A flaw was identified in how the agent could modify the working_directory parameter, which could cause the sandbox to include writable paths outside the intended workspace. A malicious agent could s

CVE-2026-50548
NIST NVD
MEDIUMVulnerability

The Rise of Collective Defense for Open Source

<div class="hs-featured-image-wrapper"> <a href="https://www.sonatype.com/blog/the-rise-of-collective-defense-for-open-source" title="" class="hs-featured-image-link"> <img src="https://www.sonatype.com/hubfs/blog_akrites.jpg" alt="Image with a logo for Akrites side-by-side with the logo for Sonatype" class="hs-featured-image" style="width:auto !important; max-width:50%; float:left; margin:0 15px

Sonatype (Maven/npm)
LOWVulnerability

Local Police Collusion Hampers Crackdown on Asian Scam Centers

With tens of billions of dollars flowing into regional economies from cybercrime, scam centers continue to flourish, despite international and law-enforcement efforts.

Dark Reading
MEDIUMVulnerability

DHS chief says president has met with potential CISA nominee; agency plans to hire 600

Once a new CISA director is in place, the agency will ramp up hiring efforts, Homeland Security Markwayne Mullin told lawmakers. The White House has not yet announced a nominee.

The Record
MEDIUMVulnerability

DHS chief says president has met with likely CISA nominee; agency plans to hire 600

Once a new CISA director is in place, the agency will ramp up hiring efforts, Homeland Security Secretary Markwayne Mullin told lawmakers. The White House has not yet announced a nominee.

The Record
LOWVulnerability

Microsoft quietly extends free Windows 10 ESU support to October 2027

Microsoft has quietly extended its free Windows 10 Extended Security Updates (ESU) program for consumers by an additional year, allowing enrolled devices to continue receiving security updates until October 12, 2027. [...]

BleepingComputer
MEDIUMVulnerability

UK&#39;s Retail Payments Infrastructure Board launches consultation

The Bank of England-led Retail Payments Infrastructure Board (RPIB) has launched a consultation on the future design of the UK's retail payments infrastructure.

Finextra
CRITICALVulnerability

NVD CRITICAL: CVE-2026-6094 — Heap buffer overread in wc_PKCS7_DecodeEnvelopedData when parsing crafted PKCS7 ...

Heap buffer overread in wc_PKCS7_DecodeEnvelopedData when parsing crafted PKCS7 EnvelopedData. This could theoretically be triggered by attacker-supplied data delivered via S/MIME or CMS.

CVE-2026-6094
NIST NVD
HIGHVulnerability

NVD HIGH: CVE-2026-55967 — AES-GCM encryption/decryption with extremely large cumulative single message siz...

AES-GCM encryption/decryption with extremely large cumulative single message sizes (>64 GiB) were not properly rejected by the streaming APIs, allowing counter wrap, keystream reuse, and consequent plaintext recovery.

CVE-2026-55967
NIST NVD
HIGHVulnerability

NVD HIGH: CVE-2026-55961 — wolfSSL_PKCS7_verify() returning success for a degenerate (certs-only) PKCS#7 ob...

wolfSSL_PKCS7_verify() returning success for a degenerate (certs-only) PKCS#7 object that contains no signer. Such an object has empty signerInfos, so the underlying signed-data verification succeeds without authenticating any content. The compatibility-layer verify path now rejects the object when no signer signature has actually been verified, so a PKCS#7 carrying no valid signature is no longer

CVE-2026-55961
NIST NVD
HIGHVulnerability

NVD HIGH: CVE-2026-55697 — pnpm is a package manager. Prior to 10.34.2 and 11.5.3, pnpm can install configD...

pnpm is a package manager. Prior to 10.34.2 and 11.5.3, pnpm can install configDependencies declared in pnpm-workspace.yaml before command dispatch. Before the patch, a repository could declare pacquet or @pnpm/pacquet as a config dependency and pnpm treated that repository-controlled dependency as an install-engine opt-in. During install, pnpm resolved a platform-specific @pacquet/<platform>-<arc

CVE-2026-55697
NIST NVD
HIGHVulnerability

NVD HIGH: CVE-2026-55487 — pnpm is a package manager. Prior to 10.34.2 and 11.5.3, the generic peer-suffix ...

pnpm is a package manager. Prior to 10.34.2 and 11.5.3, the generic peer-suffix normalizer also stripped parenthesized text from git, URL, tarball, file, and other opaque locators. Approval for one source string could therefore authorize a different attacker-controlled source whose locator normalized to the same value. This vulnerability is fixed in 10.34.2 and 11.5.3.

CVE-2026-55487
NIST NVD
HIGHVulnerability

NVD HIGH: CVE-2026-50573 — pnpm is a package manager. Prior to 10.34.0 and 11.4.0, `pnpm install` in non-fr...

pnpm is a package manager. Prior to 10.34.0 and 11.4.0, `pnpm install` in non-frozen mode can accept new remote package content after detecting that the downloaded tarball does not match the integrity recorded in pnpm-lock.yaml. When a package is already locked with an integrity value, and the registry later serves different metadata and tarball content for the same package name and version, pnpm

CVE-2026-50573
NIST NVD
HIGHVulnerability

NVD HIGH: CVE-2026-50021 — pnpm is a package manager. Prior to 10.34.0 and 11.4.0, pnpm's tarball extractio...

pnpm is a package manager. Prior to 10.34.0 and 11.4.0, pnpm's tarball extraction worker skips integrity verification when the integrity field is absent from the lockfile resolution. If an attacker can both modify pnpm-lock.yaml to remove the integrity: field and cause the referenced registry URL to serve altered package content, pnpm install --frozen-lockfile can install the altered package witho

CVE-2026-50021
NIST NVD
HIGHVulnerability

NVD HIGH: CVE-2026-50014 — pnpm is a package manager. Prior to 10.34.0 and 11.4.0, pnpm passes the lockfile...

pnpm is a package manager. Prior to 10.34.0 and 11.4.0, pnpm passes the lockfile-controlled git resolution.commit value to git fetch without a -- separator or commit-format validation. For git dependencies fetched through the shallow-fetch path, a malicious lockfile can replace the expected 40-character commit hash with a Git option such as --upload-pack=<command>. For SSH and local transports, --

CVE-2026-50014
NIST NVD
HIGHVulnerability

NVD HIGH: CVE-2026-48995 — pnpm is a package manager. Prior to 10.33.4 and 11.0.7, a malicious codeload.git...

pnpm is a package manager. Prior to 10.33.4 and 11.0.7, a malicious codeload.github.com server can serve whatever tarball it wants and pnpm will install it regardless of the lockfile. The lockfile does not store the hash of the dependencies from https://codeload.github.com. This means that if this server was compromised or a person's machine configuration was compromised, pnpm would download and i

CVE-2026-48995
NIST NVD
HIGHVulnerability

NVD HIGH: CVE-2026-11999 — X.509 trust-chain bypass (path-depth exhaustion) in the OpenSSL compatibility ce...

X.509 trust-chain bypass (path-depth exhaustion) in the OpenSSL compatibility certificate verifier (wolfSSL_X509_verify_cert()). This affects only builds with --enable-opensslextra whose application calls X509_verify_cert() with caller-supplied untrusted intermediates; for those users it is critical, otherwise the library is unaffected. Native wolfSSL TLS/DTLS usage is not impacted. X509_verify_ce

CVE-2026-11999
NIST NVD
MEDIUMAi

Airwallex targets agentic commerce after hitting $11bn valuation

Business payments outfit Airwallex has hit an $11 billion valuation on a $320 million funding round as it gears up for a push into autonomous finance and agentic commerce.

Finextra
MEDIUMVulnerability

Beyond IOCs: AI-enabled threat intelligence

In this week’s newsletter, Martin considers how AI will help threat intelligence by creating an easily queryable data source of intelligence reports.

Cisco Talos
MEDIUMSupply Chain

Forrester: AI Agents Pose New Cybersecurity Risks for CISOs

<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/forrester-ai-agents-pose-new-cybersecurity-risks-for-cisos-image_small-1-a-32078.jpg" align=right hspace=4><b>Forrester's Jitin Shabadu Says Visibility and Identity Must Top Security Priorities</b><br>AI innovation is reshaping cyber risk. Forrester analyst Jitin Shabadu explains why security leaders should prioritize visibility,

Bank Info Security
MEDIUMVulnerability

Europol Poised for More Data Access in Cybercrime Fight

<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/europol-poised-for-more-data-access-in-cybercrime-fight-image_small-4-a-32077.jpg" align=right hspace=4><b>Privacy Advocates Raised Objections of Bystander Data Being Swept Up in Police Net</b><br>The European Commission has proposed significant reforms for Europol intended to strengthen the law enforcement cooperation agency's ab

Bank Info Security
MEDIUMAi

Dick's Sporting Goods Bets on the Data, Not the Bot

<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/dicks-sporting-goods-bets-data-bot-image_small-1-a-32073.jpg" align=right hspace=4><b>Retailer Uses Adobe Platform, Agentic AI to Boost Engagement, Capture Customer Data</b><br>Dick's Sporting Goods announced Coach by Dick's, an AI assistant built on Adobe's Brand Concierge platform that rolled out inside its mobile app in June. T

Bank Info Security
MEDIUMVulnerability

Cryptohack Roundup: DOJ Seizes Huione Cloud Account

<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/cryptohack-roundup-doj-seizes-huione-cloud-account-image_small-8-a-32072.jpg" align=right hspace=4><b>Also: Guilty Pleas in $8M Home Invasion, $1.8B HyperFund Fraud</b><br>This week, the U.S. Department of Justice seized a Huione Group cloud account, Aztec's $2 million exploit, CoinEx's alleged Iranian link and crypto bill warning

Bank Info Security
MEDIUMAi

Jack Henry partner Google Cloud for AI-driven security

Jack Henry (Nasdaq: JKHY) and Google Cloud today announced an expanded collaboration to deliver AI-driven security capabilities for banks and credit unions. Building on their strategic relationship established in 2022, Jack Henry will use Google Cloud's suite of agentic defense products to develop a proprietary AI security platform purpose-built for the financial services ecosystem.

Finextra
HIGHVulnerability

NVD HIGH: CVE-2026-9800 — A flaw was found in Keycloak Policy Enforcer. This vulnerability allows any auth...

A flaw was found in Keycloak Policy Enforcer. This vulnerability allows any authenticated user to bypass all authorization policies, including role, scope, and User-Managed Access (UMA) permission checks. By including the configured access-denied page path within a request URL, either as a path segment or a query parameter, an attacker can gain unauthorized access to protected resources.

CVE-2026-9800
NIST NVD
HIGHVulnerability

NVD HIGH: CVE-2026-9099 — A flaw was found in Keycloak. A missing authorization check in the GroupResource...

A flaw was found in Keycloak. A missing authorization check in the GroupResource.addChild() endpoint within the Admin REST API allows an authenticated user with limited administrative privileges to reparent any existing group. When Fine-Grained Admin Permissions v2 (FGAPv2) is enabled, an attacker with management rights over a single low-privilege group can reparent a highly privileged group (such

CVE-2026-9099
NIST NVD
HIGHVulnerability

NVD HIGH: CVE-2026-9086 — A flaw was found in Keycloak. A remote attacker with administrative privileges, ...

A flaw was found in Keycloak. A remote attacker with administrative privileges, specifically those with `manage-client` permission or access to client registration endpoints, could bypass client Uniform Resource Identifier (URI) validation. This is achieved by registering a malicious client with a specially crafted redirect URI using a case-insensitive `javascript:` or `data:` scheme. This Cross-S

CVE-2026-9086
NIST NVD
HIGHVulnerability

NVD HIGH: CVE-2026-56123 — socat versions 1.8.0.0 through 1.8.1.1 contain a heap-based buffer overflow vuln...

socat versions 1.8.0.0 through 1.8.1.1 contain a heap-based buffer overflow vulnerability that allows a malicious SOCKS5 proxy server to overwrite adjacent heap memory by exploiting a sign-extension flaw in the DOMAINNAME reply parser. During connection setup, the domain name length byte is read through a signed char field causing a negative bytes_to_read value that is implicitly converted to size

CVE-2026-56123
NIST NVD
HIGHVulnerability

NVD HIGH: CVE-2026-55092 — Trivy is a security scanner. Prior to 0.71.1, when Trivy downloads an OCI artifa...

Trivy is a security scanner. Prior to 0.71.1, when Trivy downloads an OCI artifact, it uses the org.opencontainers.image.title annotation from the artifact manifest as the destination filename without validation. An attacker who can make Trivy fetch an attacker-controlled artifact can supply a crafted annotation that resolves to a path outside the intended destination, causing Trivy to write the l

CVE-2026-55092
NIST NVD
HIGHVulnerability

NVD HIGH: CVE-2026-54040 — LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prio...

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the POST /api/auth/2fa/backup/regenerate endpoint regenerates all 2FA backup codes without requiring any TOTP token or existing backup code verification. An attacker with a stolen session token can silently replace a victim's backup codes and use them to bypass 2FA login or disable 2FA entirely. This vu

CVE-2026-54040
NIST NVD
CRITICALVulnerability

NVD CRITICAL: CVE-2026-54030 — LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prio...

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.5, LibreChat's MCP OAuth implementation does not validate that the resource parameter from OAuth Protected Resource metadata (RFC 9728) matches the configured MCP server URL, allowing a malicious MCP server to steal access tokens intended for a legitimate server. This vulnerability is fixed in 0.8.5.

CVE-2026-54030
NIST NVD
HIGHVulnerability

NVD HIGH: CVE-2026-45233 — HTMLy CMS through 3.1.1 contains a path traversal vulnerability that allows low-...

HTMLy CMS through 3.1.1 contains a path traversal vulnerability that allows low-privileged authenticated attackers to relocate arbitrary files by supplying directory traversal sequences in the oldfile parameter at the admin autosave endpoint. Attackers can pass unsanitized traversal sequences directly to file_exists() and rename() functions in admin.php without canonicalization or directory bounda

CVE-2026-45233
NIST NVD
MEDIUMAi

AI and Liability

Earlier this month, a German court ruled that Google is liable for its AI search summaries. Rejecting defenses like &#8220;users can check for themselves,&#8221; and that they generally know &#8220;that information generated with AI should not be blindly trusted,&#8221; the court held that the AI&#8217;s summaries are reflections of the company and &#8220;above all an expression of Google&#8217;s

Schneier on Security
MEDIUMVulnerability

Arca raises $64m for AI-native wealth management

Arca, an AI-native wealth management startup promising to humanise the sector in the age of robo-advisors, has emerged from stealth with $64 million in funding.

Finextra
MEDIUMAi

New macOS malware embeds fake errors to confuse AI analysis tools

A newly discovered macOS malware dubbed "Gaslight" is designed to confuse AI-assisted malware analysis tools by hiding prompt injection strings and fake debugging data within the executable. [...]

BleepingComputer
MEDIUMData Breach

Colorado Health Network Notifies Patients of Last Year&#8217;s Breach—But Key Details Remain Undisclosed

In August 2025, DataBreaches added the Colorado Health Network (CHN) to our non-public worksheets after threat actors called Cephalus added the provider to its&#8217; dark web leak site with a claim that they had acquired 900 GB of data. Cephalus disappeared from public view days later, and never leaked the data on any server that... Source

DataBreaches.net
HIGHVulnerability

NVD HIGH: CVE-2026-9717 — CWE-78 Neutralization of Special Elements used in an OS Command ('OS Command Inj...

CWE-78 Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could allow unauthorized execution of commands with elevated privileges, impacting system integrity, confidentiality, and availability when a privileged authenticated user interacts with a vulnerable network-exposed service.

CVE-2026-9717
NIST NVD
HIGHVulnerability

NVD HIGH: CVE-2026-9716 — CWE-476 NULL Pointer Dereference vulnerability exists that could cause a denial-...

CWE-476 NULL Pointer Dereference vulnerability exists that could cause a denial-of-service condition, rendering the device’s HMI and configuration functionality unavailable when malformed requests are received over exposed network interfaces.

CVE-2026-9716
NIST NVD
HIGHVulnerability

NVD HIGH: CVE-2026-57456 — Vim is an open source, command line text editor. Prior to 9.2.0699, Vim's Python...

Vim is an open source, command line text editor. Prior to 9.2.0699, Vim's Python omni-completion (runtime/autoload/python3complete.vim and the legacy pythoncomplete.vim) executes reconstructed function and class definitions from the current buffer with exec() as part of populating the completion dictionary. When reconstructing that source, each scope's docstring is inserted verbatim between triple

CVE-2026-57456
NIST NVD
HIGHVulnerability

NVD HIGH: CVE-2026-57455 — Vim is an open source, command line text editor. Prior to 9.2.0698, the single-b...

Vim is an open source, command line text editor. Prior to 9.2.0698, the single-byte branch of spell_soundfold_sofo() in src/spell.c translates a word through a spell file's SOFO (sound-folding) byte map into a caller-owned result buffer. Its copy loop advances the output index ri with no upper bound and terminates only on the input NUL, writing one byte per input byte into the MAXWLEN-element stac

CVE-2026-57455
NIST NVD
HIGHVulnerability

NVD HIGH: CVE-2026-57453 — Vim is an open source, command line text editor. From 9.1.1784 until 9.2.0678, w...

Vim is an open source, command line text editor. From 9.1.1784 until 9.2.0678, when the bundled zip plugin autoload/zip.vim falls back to PowerShell to browse, read, extract, update or delete entries in a zip archive, it builds the PowerShell command by inserting archive entry names that are quoted only for the shell, not for PowerShell. A crafted entry name can break out of the intended string co

CVE-2026-57453
NIST NVD
HIGHVulnerability

NVD HIGH: CVE-2026-55895 — Vim is an open source, command line text editor. Prior to 9.2.0663, a Vimscript ...

Vim is an open source, command line text editor. Prior to 9.2.0663, a Vimscript code injection vulnerability exists in s:NetrwLocalRmFile() in the netrw plugin (runtime/pack/dist/opt/netrw/autoload/netrw.vim) when deleting a local file from the browser. A filename derived from the buffer's directory listing is interpolated into an Ex command line passed to :execute with only the backslash characte

CVE-2026-55895
NIST NVD
HIGHVulnerability

NVD HIGH: CVE-2026-55693 — Vim is an open source, command line text editor. Prior to 9.2.0653, the tree_cou...

Vim is an open source, command line text editor. Prior to 9.2.0653, the tree_count_words() function in src/spellfile.c fills in the word-count fields of a spell-file word trie by walking it iteratively with a depth counter. The counter is bounded only by the trie structure itself; it is never checked against the size of the fixed MAXWLEN-element stack arrays it indexes (arridx[], curi[], wordcount

CVE-2026-55693
NIST NVD
HIGHVulnerability

NVD HIGH: CVE-2026-54036 — LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prio...

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the GET /api/auth/2fa/enable endpoint can be called by an authenticated user (or attacker with a stolen session) even when 2FA is already fully enabled on the account. This endpoint overwrites the existing TOTP secret, generates new backup codes, and sets twoFactorEnabled to false — all without requirin

CVE-2026-54036
NIST NVD
MEDIUMVulnerability

Federal court rules Trump election-focused executive order illegal

Provisions setting up federal voter lists for each state and restricting mail ballots through USPS were declared unconstitutional. The post Federal court rules Trump election-focused executive order illegal appeared first on CyberScoop .

CyberScoop
MEDIUMVulnerability

PirloTV sports piracy network disrupted as 44 domains seized

A major sports piracy ring linked to the illegal PirloTV streaming platform has been disrupted in an action that targeted 44 domains. [...]

BleepingComputer
MEDIUMVulnerability

CVE-2025-52465 geoserver arbitrary file write vulnerability

[object Object]

CVE-2025-52465
r/netsec
HIGHVulnerability

NVD HIGH: CVE-2026-57435 — Nokogiri is an open source XML and HTML library for the Ruby programming languag...

Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri’s CRuby native extension could leave a Ruby wrapper pointing to freed memory when replacing the value of an XML attribute. If Ruby code had already accessed an attribute child node, Nokogiri::XML::Attr#value= could free the underlying native child node while the wrapper remained reachable t

CVE-2026-57435
NIST NVD
HIGHVulnerability

NVD HIGH: CVE-2026-57434 — Nokogiri is an open source XML and HTML library for the Ruby programming languag...

Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri contains a bug when calling certain methods on allocated-but-uninitialized native wrapper classes that inherit from Nokogiri::XML::Node. This caused a NULL pointer dereference that could crash the process. This vulnerability is fixed in 1.19.4.

CVE-2026-57434
NIST NVD
HIGHVulnerability

NVD HIGH: CVE-2026-57236 — Nokogiri is an open source XML and HTML library for the Ruby programming languag...

Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, calling Document#encoding= with an invalid encoding (e.g., a non-string, or a string containing a null byte) raises an exception, but only after freeing the document's current encoding string without replacing it. The document is left referencing freed memory, so the next call to Document#encoding r

CVE-2026-57236
NIST NVD
HIGHVulnerability

NVD HIGH: CVE-2026-57235 — Nokogiri is an open source XML and HTML library for the Ruby programming languag...

Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri::XML::NodeSet#[] (and its alias #slice) checked the requested index against the node set's bounds using a 32-bit-truncated copy of the index. A large negative index could pass the check and then be used at full width, reading outside the node set's storage. On CRuby this is an out-of-bounds

CVE-2026-57235
NIST NVD
MEDIUMPhishing

Bluekit phishing kit adopts browser-in-the-middle for login theft

The Bluekit phishing-as-a-service platform continues to evolve with nearly 70 new hostnames identified over the past week and by adding browser-in-the-middle capabilities for improved data theft. [...]

BleepingComputer
MEDIUMVulnerability

Russia uses Cellebrite to break into human rights activist’s phone, even after cancellation of contract

The phone-cracking firm broke off from its deal with Russia, but Citizen Lab said that didn’t stop authorities from surveilling Andrey Pivovarov. The post Russia uses Cellebrite to break into human rights activist’s phone, even after cancellation of contract appeared first on CyberScoop .

CyberScoop
MEDIUMVulnerability

Another Russian dairy company reportedly disrupted by cyberattack

A dairy products manufacturer in Russia's republic of Bashkortostan is the latest such company to have its operations snarled by a cyberattack.

The Record
MEDIUMVulnerability

Minnesota man known as ‘Snoopy’ sentenced in DraftKings hack

Nathan Austad, who sold access to compromised accounts through a criminal storefront, is the third and final defendant sentenced in the 2022 breach The post Minnesota man known as ‘Snoopy’ sentenced in DraftKings hack appeared first on CyberScoop .

CyberScoop
HIGHVulnerability

NVD HIGH: CVE-2026-56122 — Winstone Servlet Engine through 0.9.10 contains a path traversal vulnerability t...

Winstone Servlet Engine through 0.9.10 contains a path traversal vulnerability that allows unauthenticated attackers to read arbitrary files by sending HTTP GET requests with dot-dot-slash sequences that are not sanitized when serving static files from the configured webroot. Attackers can traverse outside the webroot directory using traversal-prefixed paths in a single HTTP request to read any fi

CVE-2026-56122
NIST NVD
HIGHVulnerability

NVD HIGH: CVE-2026-47151 — In EmberZNet v9.0.2 and earlier, malformed ClearWeekdaySchedule messages can tri...

In EmberZNet v9.0.2 and earlier, malformed ClearWeekdaySchedule messages can trigger out-of-bounds writes into Door Lock schedule state. The size and location of this data is limited. These messages must come from a device that has already joined the network. Only devices supporting the Door Lock cluster may be impacted.

CVE-2026-47151
NIST NVD
HIGHVulnerability

NVD HIGH: CVE-2026-47150 — In EmberZNet v9.0.2 and earlier, malformed IAS Zone enrollment messages can trig...

In EmberZNet v9.0.2 and earlier, malformed IAS Zone enrollment messages can trigger an out-of-bounds state-table write and terminate the process. The size and location of this write is limited. These messages must come from a device that has already joined the network. Only devices supporting the IAS Zone cluster may be impacted.

CVE-2026-47150
NIST NVD
HIGHVulnerability

NVD HIGH: CVE-2026-47147 — In EmberZNet v9.0.2 and earlier, malformed OTA requests can drive the OTA server...

In EmberZNet v9.0.2 and earlier, malformed OTA requests can drive the OTA server parser into out-of-bounds reads. A limited amount of data from RAM is read back to the requester. The size and location of this data is limited. These requests must come from a device that has already joined the network. Only devices supporting the OTA Server cluster may be impacted.

CVE-2026-47147
NIST NVD
HIGHVulnerability

NVD HIGH: CVE-2026-46734 — Dell Display and Peripheral Manager (DDPM Mac), versions prior to 2.3, contain a...

Dell Display and Peripheral Manager (DDPM Mac), versions prior to 2.3, contain an Improper Certificate Validation vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Protection mechanism bypass.

CVE-2026-46734
NIST NVD
HIGHVulnerability

NVD HIGH: CVE-2026-46732 — Dell Display and Peripheral Manager (DDPM Mac), versions prior to 2.3, contain a...

Dell Display and Peripheral Manager (DDPM Mac), versions prior to 2.3, contain a Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges.

CVE-2026-46732
NIST NVD
MEDIUMVulnerability

Cisco Vulnerability Exploited Months Before Disclosure, Google Warns

A high-severity flaw in Cisco Catalyst SD-WAN Manager disclosed in early June was exploited as early as March

Infosecurity Magazine
LOWVulnerability

Chrome Ad Blocker with 10M+ Installs Found with Dormant Script Injection Capability

An analysis of a popular Google Chrome ad block extension for YouTube has uncovered the ability to execute arbitrary JavaScript code. According to Island, the extension, named Adblock for YouTube (ID: cmedhionkhpnakcndndgjdbohmhepckk), has more than 10 million installs and carries a Featured badge on the Chrome Web Store. The extension description states that it allows users to prevent web

The Hacker News
MEDIUMVulnerability

The Four Elevations of Effective Fraud Prevention

Fraudsters don't attack just one transaction. They target accounts, platforms, and entire ecosystems. IPQS explains the four elevations of fraud prevention and why broader visibility improves fraud detection. [...]

BleepingComputer
MEDIUMApt

Russia's Gamaredon Adapts Tactics to Target Ukraine

<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/russias-gamaredon-adapts-tactics-to-target-ukraine-image_small-9-a-32068.jpg" align=right hspace=4><b>Eset Documents New Malware Families and Infrastructure Tactics</b><br>Eset found Russia's FSB-linked Gamaredon expanded its malware toolkit, launched dozens of spear-phishing campaigns, and increasingly relied on legitimate cloud,

Bank Info Security
MEDIUMVulnerability

GoCardless and Sequence launch native Direct Debit integration for businesses

GoCardless, the bank payment company, has announced a partnership with Sequence, an AI billing and quote-to-cash platform to deliver a fully native Direct Debit integration, enabling businesses to automate payment collection across one-off invoices and recurring billing schedules without leaving their billing engine.

Finextra
MEDIUMVulnerability

Lean and Ziina launch UAE&#39;s first one-tap Pay by Bank system

Lean Technologies and Ziina have launched the UAE's first One-Tap Pay by Bank experience under the Open Finance framework, marking a significant step in the maturation of account-to-account payments in the region.

Finextra
CRITICALVulnerability

Experts on Experts: Why AI and Compliance Are Forcing A New Security Operating Model

This week on Experts on Experts, I sat down with Sabeen Malik , Rapid7’s VP of Global Government Affairs and Public Policy, to discuss a shift security leaders can’t afford to treat as separate threads: frontier AI, vulnerability discovery, cybersecurity compliance, and operational resilience. AI is changing how quickly vulnerabilities can be found, validated, and potentially exploited. At the sam

Rapid7
MEDIUMVulnerability

Twenty Million US IP Connections Used by Proxy Services

Digital Citizens Alliance report claims that millions of Americans may have unwittingly had IP connections used by cybercriminals

Infosecurity Magazine
MEDIUMVulnerability

No need to hack when it&#8217;s leaking: Dialog edition

Yes, another entry in our &#8220;no need to hack when it&#8217;s leaking&#8221; archives, and another example of entities trying to excuse their security failures by claiming they were &#8220;hacked.&#8221; Danny Bradbury cuts to the chase: Some organizations exist to be exclusive. They’re invite-only, and discreet, the kind of place where the membership directory is the... Source

DataBreaches.net
MEDIUMVulnerability

Runlayer Raises $30 Million in Series A Funding

The startup’s platform functions as a secure control layer, aiming to secure AI tools across enterprises. The post Runlayer Raises $30 Million in Series A Funding appeared first on SecurityWeek .

SecurityWeek
LOWPhishing

ThreatsDay Bulletin: Smart TV Proxyware, 24-Year curl Bug, AI Crime Forums + 13 More Stories

It’s dumb out there again. This week has the usual smell of prod on fire and nobody wanting to admit who left the door open — old creds still working, trusted apps doing sketchy crap, browser tricks jumping the fence, and “normal” workflows turning into phishing pipes because apparently email was not enough hell already. The worst part is how cheap some of it feels. Not elite. Not cinematic.

The Hacker News
MEDIUMVulnerability

Ukraine's state postal operator reports app disruption after cyberattack

Ukraine's state-owned postal operator said it was experiencing disruptions to some of its app services due to a suspected cyberattack, but did not say who was behind it.

The Record
MEDIUMVulnerability

Russia used Cellebrite phone-hacking tool to crack down on dissident after firm cut off country

The continued use of the powerful data extraction product soon after the company in March 2021 said it would stop working with Russia suggests the firm has been unable to pull back its technology from authoritarian government customers, researchers say.

The Record
MEDIUMVulnerability

Cal Water Finds No Evidence of OT Activity After Hackers Claimed They Could Disrupt Water Supply

Mandiant has helped the California water utility investigate the cyberattack launched by Iranian hacker group Handala. The post Cal Water Finds No Evidence of OT Activity After Hackers Claimed They Could Disrupt Water Supply appeared first on SecurityWeek .

SecurityWeek
MEDIUMVulnerability

Cal Water Says No OT Systems Breached in Iranian Handala Cyberattack

Mandiant has helped the California water utility investigate the cyberattack launched by Iranian hacker group Handala. The post Cal Water Says No OT Systems Breached in Iranian Handala Cyberattack appeared first on SecurityWeek .

SecurityWeek
LOWVulnerability

Ukraine’s National Postal Service Ukrposhta Hacked Overnight

Kyiv Post reports: Ukrposhta, Ukraine’s national postal service, announced system malfunctions following a cyberattack overnight going into Thursday. In a brief update, the state-run postal service said it is working to restore operations and would provide updates as they become available. “Due to a nighttime hostile attack on IT systems, the Ukrposhta application is temporarily malfunctioning,”..

DataBreaches.net
CRITICALVulnerability

Schneider Electric PowerLogic P7

<p><a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-176-07.json"><strong>View CSAF</strong></a></p> <h2>Summary</h2> <p><strong>Schneider Electric is aware of a vulnerability in its PowerLogic™ P7 product. The PowerLogic™ P7 is a protection and control platform designed for complex and advanced electrical network applications. Failure to apply the remediation

CVE-2026-9716CVE-2026-9717
CISA Advisories
CRITICALVulnerability

Yokogawa FAST/TOOLS and CI Server

<p><a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-176-01.json"><strong>View CSAF</strong></a></p> <h2>Summary</h2> <p><strong>Successful exploitation of this vulnerability may return a response containing the CI Server setting information.</strong></p> <p>The following versions of Yokogawa FAST/TOOLS and CI Server are affected:</p> <ul> <li>FAST/TOOLS >=R9.0

CVE-2026-11833
CISA Advisories
CRITICALPhishing

Horner Automation Cscape

<p><a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-176-03.json"><strong>View CSAF</strong></a></p> <h2>Summary</h2> <p><strong>Successful exploitation of this vulnerability could allow a local attacker to disclose information and execute arbitrary code.</strong></p> <p>The following versions of Horner Automation Cscape are affected:</p> <ul> <li>Cscape <10.2_

CVE-2026-12897
CISA Advisories
CRITICALPhishing

Delta Electronics DTM Soft

<p><a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-176-06.json"><strong>View CSAF</strong></a></p> <h2>Summary</h2> <p><strong>Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code.</strong></p> <p>The following versions of Delta Electronics DTM Soft are affected:</p> <ul> <li>DTMSoft vers:all/*&nbsp;</li> </ul> <div

CVE-2026-12578
CISA Advisories
CRITICALPhishing

OHIF Viewers DICOM

<p><a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsma-26-176-02.json"><strong>View CSAF</strong></a></p> <h2>Summary</h2> <p><strong>Successful exploitation of this vulnerability in a custom integration version could allow an attacker to steal an authenticated clinician&#039;s token via a crafted link.</strong></p> <p>The following versions of OHIF Viewers DICOM a

CVE-2026-12473
CISA Advisories
MEDIUMVulnerability

Trust in Automated AI Vulnerability Scanning Collapses to 9%, New Study Finds

Cobalt study finds 20-percentage-point drop in number of organizations relying solely on AI automation for testing

Infosecurity Magazine
CRITICALPhishing

H.VIEW HV-500S6 IP Camera

<p><a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-176-05.json"><strong>View CSAF</strong></a></p> <h2>Summary</h2> <p><strong>Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary code and upload malicious files to the affected device.</strong></p> <p>The following versions of H.VIEW HV-500S6 IP Camera are affected:</p

CVE-2026-55975CVE-2026-56414
CISA Advisories
CRITICALVulnerability

pydicom pynetdicom Library

<p><a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsma-26-176-01.json"><strong>View CSAF</strong></a></p> <h2>Summary</h2> <p><strong>Successful exploitation of this vulnerability could allow an unauthenticated attacker to write to arbitrary file paths.</strong></p> <p>The following versions of pydicom pynetdicom Library are affected:</p> <ul> <li>pynetdicom >=v1.0

CVE-2026-56445
CISA Advisories
CRITICALVulnerability

Daktronics Controller Firmware

<p><a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-176-04.json"><strong>View CSAF</strong></a></p> <h2>Summary</h2> <p><strong>Successful exploitation of these vulnerabilities could could provide an unauthenticated user with complete root-level access and control of the system.</strong></p> <p>The following versions of Daktronics Controller Firmware are affec

CVE-2026-28701CVE-2026-33560
CISA Advisories
CRITICALVulnerability

EVoke Systems Charging Station Management System

<p><a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-176-02.json"><strong>View CSAF</strong></a></p> <h2>Summary</h2> <p><strong>Successful exploitation of these vulnerabilities could enable attackers to gain unauthorized administrative control over vulnerable charging stations or disrupt charging services through denial-of-service attacks.</strong></p> <p>The

CVE-2026-40702CVE-2026-50176
CISA Advisories
MEDIUMVulnerability

Goldman Sachs leads $110 million round in financial AI firm Taktile

Goldman Sachs has led a $110 million Series C fundraising round for financial services specific AI firm Taktile.

Finextra
MEDIUMVulnerability

New CISA Guide Helps Agencies Adopt SASE For Zero Trust

New CISA guidance shows federal agencies how to use SASE to move from legacy TIC 2.0 to zero trust

Infosecurity Magazine
MEDIUMAi

Interesting Paper Exploring Prompt Injection

This is a fascinating explotation of how LLMs fall for prompt injection attacks. It turns out that they learn to recognize the style of text in different role/instruction blocks, and not just the tags. Their conclusion: Role tags were a formatting trick that became the security architecture and the cognitive scaffolding of modern LLMs. We&#8217;ve shown that this architecture doesn&#8217;t survive

Schneier on Security
MEDIUMVulnerability

Lantronix Serial-to-IP Converter Flaw Exploited in Attacks After OT Threat Warning

The exploited flaw, CVE-2025-67038, is one of the vulnerabilities disclosed in April as part of the BRIDGE:BREAK research project. The post Lantronix Serial-to-IP Converter Flaw Exploited in Attacks After OT Threat Warning appeared first on SecurityWeek .

CVE-2025-67038
SecurityWeek
MEDIUMVulnerability

HIPAA Security Rule Training for Business Associates

HIPAA Business Associates that create, receive, maintain, or transmit electronic Protected Health Information on behalf of HIPAA-covered entities are directly [&#8230;] The post HIPAA Security Rule Training for Business Associates appeared first on The HIPAA Journal .

HIPAA Journal
MEDIUMVulnerability

Surviving the Mythos Era: Richard Bejtlich on the Case for NDR

Despite the abundance of telemetry at analysts’ disposal, many security operations teams struggle to answer a few basic questions during incident investigation: What happened? What evidence do we have? How do we know we’re seeing it all, in context? Answering these questions requires teams to go beyond alerts, the most common basis for initial triage. But investigations (and their outcomes)

The Hacker News
MEDIUMVulnerability

N26 hits full-year profitability under new leadership team

German digital bank N26 has surpassed €500 million in revenue and secured its first full year of net profitability after a leadership shake up that saw the demotions of co-founders Maximilian Tayenthal and Valentin Stalf and the appointment of UBS executive board member Mike Dargan as CEO.

Finextra
MEDIUMVulnerability

GitLab Patches Code Execution, Information Disclosure Vulnerabilities

The latest GitLab CE/EE updates address 13 vulnerabilities, including three high-severity defects. The post GitLab Patches Code Execution, Information Disclosure Vulnerabilities appeared first on SecurityWeek .

SecurityWeek
MEDIUMVulnerability

macOS Flaw Lets Standard Users Disable EDR and MDM

macos-xpc-flaw-disable-edr-mdm-standard-user-xm-cyber

Infosecurity Magazine
HIGHRansomware

Major Increase in Ransomware Attacks Targeting Europe, Warns New Report

Analysis of ransomware incidents by researchers at Black Kite found that attacks have risen by over 50% in the last year, with supply chain attacks increasing

Infosecurity Magazine
HIGHData Breach

Rethinking the balance between AI oversight and innovation

The new CIO mandate is clear: facilitate AI adoption across the enterprise at speed. According to CIO.com’s State of the CIO survey, CEOs’ to p priority for their IT executives is to capitalize on AI . From researching to evaluating AI products, CIOs are now the central figures in their organizations’ AI strategies. And company leaders are looking for real outcomes. Almost two-thirds of senior lea

CSO Online
MEDIUMData Breach

Inside the 2026 SMB threat landscape: From phishing and scams to fake AI tools

Kaspersky researchers analyze the threat landscape for SMBs in 2026: the rise of attacks involving fake AI tools, phishing schemes, and data sold on the dark web.

Securelist (Kaspersky)
HIGHData Breach

Bradford Health Services; Bradford Health Partners Settle Data Breach Lawsuit

Bradford Health Services, LLC, and Bradford Health Partners, LLC, were sued over a December 2023 cybersecurity incident that exposed the [&#8230;] The post Bradford Health Services; Bradford Health Partners Settle Data Breach Lawsuit appeared first on The HIPAA Journal .

HIPAA Journal
MEDIUMVulnerability

Introduction to COM usage by Windows threats

Component Object Model (COM) is a fundamental Windows technology used by legitimate applications for object activation, inter-process communication, automation and language-independent component reuse. Those same qualities make it useful to threat actors.

Cisco Talos
HIGHRansomware

Europe Evolves Into Ransomware's Favorite Region

After a global lull, ransomware gangs are setting sights on a rich new arena: attacking EU organizations and their suppliers.

Dark Reading
MEDIUMVulnerability

Healthcare Report Highlights Growing Vendor Risk and Lack of Cyberattack Readiness

Cybersecurity risk is growing, and healthcare organizations are struggling to defend a rapidly increasing attack surface. AI tools are being [&#8230;] The post Healthcare Report Highlights Growing Vendor Risk and Lack of Cyberattack Readiness appeared first on The HIPAA Journal .

HIPAA Journal
LOWVulnerability

25-Year-Old Vulnerability Patched in Curl

The latest version of the open source data transfer tool resolves 18 medium and low-severity vulnerabilities. The post 25-Year-Old Vulnerability Patched in Curl appeared first on SecurityWeek .

SecurityWeek
MEDIUMAi

New Gaslight macOS Malware Uses Prompt Injection to Disrupt AI-Assisted Analysis

A previously undocumented Rust-based macOS implant and information stealer has been found to embed a prompt injection payload designed to trick a malware analyst's artificial intelligence (AI) tools and trick it into aborting or refusing an analysis of the artifact. The malware has been codenamed Gaslight owing to this deceptive behavior. It's been assessed with high confidence that the tool is

The Hacker News
MEDIUMVulnerability

Top UK banks go to work on digital verification service

UK Finance is supporting Barclays, HSBC, Lloyds Banking Group, Nationwide Building Society, NatWest Group and Santander to develop a financial services-led digital verification service.

Finextra
MEDIUMVulnerability

Albania&#39;s digital-first Jet Bank launches

Albania's first fully-digital bank, Jet Bank, has launched after securing its license.

Finextra
HIGHRansomware

Why patch directives only go so far

Six weeks of undetected access through a compromised VPN exposes why patching isn't a solution for the organizations already breached. The post Why patch directives only go so far appeared first on CyberScoop .

CyberScoop
LOWApt

GRC is broken. FedRAMP 20x might fix it

We are auditing a curated version of history. I’ve worked in security long enough now to know something most of us don’t really say out loud. A lot of compliance is theatre. Not all of it, and not all auditors or frameworks, but enough of it that most experienced CISOs know exactly what I mean. If you understand how audits work, know how controls are interpreted and can manage scope and narrative

CSO Online
MEDIUMVulnerability

SecurityWeek ICS Cybersecurity Conference Heads to Nashville for Special 25-Year Anniversary Edition

The 2026 Industrial Control Systems (ICS) Cybersecurity Conference takes place October 6-8, 2026, at the W Nashville. The post SecurityWeek ICS Cybersecurity Conference Heads to Nashville for Special 25-Year Anniversary Edition appeared first on SecurityWeek .

SecurityWeek
MEDIUMAi

Forter introduces five new AI agents

Forter, the AI decisioning platform for the future of commerce, today launched Forter Agents and early access to the Forter Model Context Protocol (MCP), helping teams get faster access to the context, recommendations, and insights they need to grow revenue from key commerce moments throughout the entire customer journey.

Finextra
MEDIUMVulnerability

New Mistic Backdoor Linked to KongTuke in ClickFix and ModeloRAT Campaigns

A new, stealthy backdoor named Mistic has been deployed as part of suspected financially motivated attacks aimed at multiple organizations spanning insurance, education, IT, and professional services sectors since April 2026. According to Symantec and Carbon Black's Threat Hunter Team, the backdoor, also tracked as MLTBackdoor, is said to be linked to an initial access broker (IAB) named

The Hacker News
LOWVulnerability

Marshmallow, Percayso Inform and TransUnion form data partnership

Marshmallow Insurance has signed a multi-year partnership agreement with data specialist Percayso Inform and analytics solution provider TransUnion.

Finextra
MEDIUMVulnerability

On-chain finance startup Ground emerges from stealth with $3.6 million pre-seed funding

The financial industry’s next infrastructure layer already exists.

Finextra
MEDIUMData Breach

Gamaredon in 2025: Leveraging tunnels, workers, dead drops, and new alliances

ESET Research analyzes Gamaredon’s new toolset and the group’s growing reliance on legitimate online services to hide its C&C infrastructure and exfiltrate stolen data

WeLiveSecurity (ESET)
MEDIUMVulnerability

NIST Opens Updated IoT Security Guidance to Public Review

The guidance aims to establish product cybersecurity requirements for IoT devices integrated into federal agencies’ networks. The post NIST Opens Updated IoT Security Guidance to Public Review appeared first on SecurityWeek .

SecurityWeek
HIGHVulnerability

NVD HIGH: CVE-2026-12937 — The Tourfic – AI Powered Travel Booking, Hotel Booking & Car Rental WordPress Pl...

The Tourfic – AI Powered Travel Booking, Hotel Booking & Car Rental WordPress Plugin plugin for WordPress is vulnerable to generic SQL Injection via the 'post_id' parameter in all versions up to, and including, 2.22.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to appe

CVE-2026-12937
NIST NVD
MEDIUMVulnerability

Chrome 149 Update Resolves 18 Severe Vulnerabilities

More than half of the bugs are use-after-free defects, which can potentially lead to remote code execution. The post Chrome 149 Update Resolves 18 Severe Vulnerabilities appeared first on SecurityWeek .

SecurityWeek
HIGHVulnerability

NVD HIGH: CVE-2026-12490 — When a provide-xfr is given with a tls-auth-name, a secondary requesting a trans...

When a provide-xfr is given with a tls-auth-name, a secondary requesting a transfer should provide a client certificate with that name. However, no client certificate is needed when the request comes in over TLS over the regular tls-port (and not the tls-auth-port) or over over TCP over the regular port, when the other conditions of the provide-xfr rule match.

CVE-2026-12490
NIST NVD
HIGHVulnerability

NVD HIGH: CVE-2026-12246 — NSD version 4.14.0 introduced a bug where a specially crafted APL RR, with an ad...

NSD version 4.14.0 introduced a bug where a specially crafted APL RR, with an adflength larger than permitted for the address family will overwrite the stack when the zone is written to disk, with a maximum of 111 attacker controlled bytes.

CVE-2026-12246
NIST NVD
HIGHVulnerability

NVD HIGH: CVE-2026-12245 — NSD from version 4.13.0 has a heap use-after-free bug in logging errors on TLS c...

NSD from version 4.13.0 has a heap use-after-free bug in logging errors on TLS connections, causing a crash of the server process, which can be triggered trivially by sending a DNS query over a DoT connection, and closing the connection without reading the response.

CVE-2026-12245
NIST NVD
HIGHVulnerability

NVD HIGH: CVE-2026-12244 — If NSD is configured as secondary for a zone, the primary of that zone can crash...

If NSD is configured as secondary for a zone, the primary of that zone can crash NSD with an AXFR containing a DNS message with a special crafted SVCB RR with an rdata size of 65512, that let's an (uint16_t) variable that is used to allocate space needed for the RR wrap (because total size > 65535), causing a heap overflow. The attacker can perform a controlled (RCE class) head write of up to 6550

CVE-2026-12244
NIST NVD
CRITICALZero Day

Cisco SD-WAN Zero-Day Exploited Months Before Patching

CVE-2026-20245, the 7th Cisco SD-WAN vulnerability exploited in 2026, was used for months prior to its disclosure and patching. The post Cisco SD-WAN Zero-Day Exploited Months Before Patching appeared first on SecurityWeek .

CVE-2026-20245
SecurityWeek
CRITICALZero Day

Cisco Catalyst SD-WAN Zero-Day CVE-2026-20245 Exploited to Gain Root Access

An unknown threat actor exploited a recently disclosed high-severity security flaw impacting Cisco Catalyst SD-WAN as a zero-day at least two months before it was publicly disclosed, according to new findings from Google-owned Mandiant. The vulnerability, tracked as CVE-2026-20245 (CVSS score: 7.8), allows an authenticated, local attacker to execute arbitrary commands with elevated privileges

CVE-2026-20245
The Hacker News
HIGHVulnerability

NVD HIGH: CVE-2026-12053 — GitLab has remediated an issue in GitLab EE affecting all versions from 19.1 bef...

GitLab has remediated an issue in GitLab EE affecting all versions from 19.1 before 19.1.1 that under certain conditions could have allowed a user to access sensitive information that had already been committed to a project, due to insufficient output filtering in Duo Workflows.

CVE-2026-12053
NIST NVD
HIGHVulnerability

NVD HIGH: CVE-2026-12077 — The Dokan Pro plugin for WordPress is vulnerable to time-based SQL Injection via...

The Dokan Pro plugin for WordPress is vulnerable to time-based SQL Injection via the via 'latitude' and 'longitude' parameters in all versions up to, and including, 5.0.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existin

CVE-2026-12077
NIST NVD
MEDIUMVulnerability

Aryon Secures $29M to Thwart Cloud Risks Before Deployment

<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/aryon-secures-29m-to-thwart-cloud-risks-before-deployment-image_small-3-a-32069.jpg" align=right hspace=4><b>Series A Funds Back Enforcement Controls That Block Insecure Resources Instantly</b><br>Aryon Security raised $29 million in Series A funding to help enterprises enforce security policies at cloud deployment, preventing mis

Bank Info Security
MEDIUMSupply Chain

Open-Source Coalition Pushes California to Rework AI Act

<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/open-source-coalition-pushes-california-to-rework-ai-act-image_small-9-a-32067.jpg" align=right hspace=4><b>Developers Warn Clause in AI Transparency Act Collides With Open-Source Licensing</b><br>A coalition of open-source artificial intelligence players are pressing California to rewrite a license-revocation provision in the sta

Bank Info Security
MEDIUMAi

Your Board Is Using Shadow AI

<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/your-board-using-shadow-ai-image_small-8-a-32065.jpg" align=right hspace=4><b>Board Members Adopt GenAI Without Policies or Oversight</b><br>A new Diligent Institute survey finds 82% of U.S. public company directors are using generative AI for board work, yet 69% of boards have no formal AI policy in place. CIOs are being left out

Bank Info Security
HIGHVulnerability

NVD HIGH: CVE-2026-8658 — OS Command Injection vulnerability in Rapid7 InsightConnect Tcpdump Plugin on Li...

OS Command Injection vulnerability in Rapid7 InsightConnect Tcpdump Plugin on Linux allows authenticated attackers to execute arbitrary OS commands via the options or filter parameters due to insufficient input sanitization in shell command construction.

CVE-2026-8658
NIST NVD
CRITICALVulnerability

NVD CRITICAL: CVE-2026-8666 — OS Command Injection vulnerability in the traceroute action of Rapid7 InsightCon...

OS Command Injection vulnerability in the traceroute action of Rapid7 InsightConnect Traceroute Plugin on Linux allows remote attackers to execute arbitrary OS commands via the host, port, max_ttl, count, or time_out request parameters due to insufficient input validation when constructing shell commands.

CVE-2026-8666
NIST NVD
CRITICALVulnerability

NVD CRITICAL: CVE-2026-8665 — OS Command Injection vulnerability in the TR action of Rapid7 InsightConnect Tra...

OS Command Injection vulnerability in the TR action of Rapid7 InsightConnect Translate Plugin on Linux allows remote attackers to execute arbitrary OS commands via the text or expression parameters due to insufficient input sanitization in shell command construction.

CVE-2026-8665
NIST NVD
HIGHVulnerability

NVD HIGH: CVE-2026-8664 — OS Command Injection vulnerability in Rapid7 InsightConnect Finger Plugin on Lin...

OS Command Injection vulnerability in Rapid7 InsightConnect Finger Plugin on Linux allows authenticated attackers to execute arbitrary OS commands via the user or host parameters due to insufficient input validation in shell command construction.

CVE-2026-8664
NIST NVD
CRITICALVulnerability

NVD CRITICAL: CVE-2026-8660 — OS Command Injection vulnerability in the ping action of Rapid7 InsightConnect P...

OS Command Injection vulnerability in the ping action of Rapid7 InsightConnect Ping Plugin on Linux allows remote attackers to execute arbitrary OS commands via the host parameter due to insufficient input validation when constructing shell commands.

CVE-2026-8660
NIST NVD
CRITICALVulnerability

NVD CRITICAL: CVE-2026-8592 — OS Command Injection vulnerability in the process_string action of Rapid7 Insigh...

OS Command Injection vulnerability in the process_string action of Rapid7 InsightConnect AWK Plugin on Linux allows remote attackers to execute arbitrary OS commands via the text or expression parameters due to unsafe shell command construction in the processing pipeline.

CVE-2026-8592
NIST NVD
MEDIUMApt

Another BreachForums Clone Shuts Down, Citing Fears of ShinyHunters

If there were a soundtrack for this post, it would be Queen&#8217;s &#8220;Another One Bites the Dust.&#8221; There&#8217;s another chapter in the ongoing drama that is &#8220;BreachForums.&#8221; Yesterday, the BreachForums clone at breached[.hn] was listed for sale for $3k USD. By today, they had dropped the price to $ 1,500 USD and still couldn&#8217;t seem... Source

DataBreaches.net
MEDIUMVulnerability

What do Ports Hear When Nobody's Listening&#x3f; An Assessment of Automated Cybercrime &#x5b;Guest Diary&#x5d;, (Wed, Jun 24th)

&#x5b;This is a Guest Diary by Nicole Phillips, an ISC intern as part of the SANS.edu BACS program&#x5d;&#xd;

SANS ISC
HIGHVulnerability

NVD HIGH: CVE-2026-8663 — OS Command Injection vulnerability in Rapid7 InsightConnect RPM Plugin on Linux ...

OS Command Injection vulnerability in Rapid7 InsightConnect RPM Plugin on Linux allows authenticated attackers to execute arbitrary OS commands via the repo, key, or name parameters due to insufficient input sanitization in shell command construction.

CVE-2026-8663
NIST NVD
HIGHVulnerability

NVD HIGH: CVE-2026-8659 — OS Command Injection vulnerability in Rapid7 InsightConnect SQLmap Plugin on Lin...

OS Command Injection vulnerability in Rapid7 InsightConnect SQLmap Plugin on Linux allows authenticated attackers to execute arbitrary OS commands via the api_host or api_port parameters during connection configuration due to insufficient input validation.

CVE-2026-8659
NIST NVD
CRITICALVulnerability

NVD CRITICAL: CVE-2026-40079 — Cacti is an open source performance and fault management framework. Versions 1.2...

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior are vulnerable to Command Injection due to lack of sanitization in the escape_command() function. The escape_command() function at lib/rrd.php is a no-op: it returns $command unchanged. The command line built by rrdtool_function_graph() is passed through this function and then to shell_exec($full_commandl

CVE-2026-40079
NIST NVD
HIGHVulnerability

NVD HIGH: CVE-2026-39951 — Cacti is an open source performance and fault management framework. Versions 1.2...

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have a Stored SQL Injection vulnerability through graph_name_regexp in the Reports feature. This issue has been fixed in version 1.2.31.

CVE-2026-39951
NIST NVD
MEDIUMAi

SBI Holdings invests in agent orchestration platform Pints AI

Japanese financial group SBI Holdings has co-led a $5.6 million pre-Series A funding round for Pints AI, an agentic artificial intelligence startup specialising in the financial services sector.

Finextra
MEDIUMVulnerability

Stablecore launches stablecoin and digital asset programme for credit unions

An early-access stablecoin and digital asset programme specifically designed for US credit unions has launched.

Finextra
MEDIUMVulnerability

NVD in the AI Era: The Case for Multi-Source Vulnerability Intelligence

NIST’s shift to risk-based enrichment makes one thing clear: modern security teams need more than a single public source. In the AI era, trusted vulnerability intelligence depends on multiple signals, human validation, and clear context.

Snyk
HIGHVulnerability

CISA KEV: PTC Windchill and FlexPLM — PTC Windchill and FlexPLM Improper Input Validation Vulnerability

PTC Windchill and FlexPLM contains an improper input validation vulnerability allowing an unauthenticated, remote attacker to execute arbitrary code by sending a malicious request to the network.

CVE-2026-12569PTC Windchill and FlexPLM
CISA KEV
HIGHVulnerability

CISA KEV: Cisco Unified Communications Manager — Cisco Unified Communications Manager Server-Side Request Forgery (SSRF) Vulnerability

Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) contain a server-side request forgery (SSRF) Vulnerability that could allow an unauthenticated, remote attacker to write files to the underlying operating system that could be used later to elevate to root.

CVE-2026-20230Cisco Unified Communications Manager
CISA KEV
MEDIUMVulnerability

Google releases new privacy controls for activity history, personalization

Google is rolling out new privacy controls for Search services and Google Play, giving you more control over saved history and personalized recommendations. [...]

BleepingComputer
CRITICALVulnerability

NVD CRITICAL: CVE-2026-39948 — Cacti is an open source performance and fault management framework. In versions ...

Cacti is an open source performance and fault management framework. In versions 1.2.30 and prior, the rfilter request parameter is retrieved via the raw accessor grv() (rather than gfrv() with FILTER_VALIDATE_IS_REGEX validation) and concatenated directly into RLIKE SQL clauses in lib/html_graph.php and lib/html_tree.php, which are reachable pre-authentication through graph_view.php on installatio

CVE-2026-39948
NIST NVD
HIGHRansomware

Be on the lookout for Mistic, a new backdoor used by ransomware broker

Researchers have identified a new backdoor program that has been used in enterprise intrusions since April and appears to be linked to an initial access broker that sells network footholds to ransomware gangs. Dubbed Mistic by researchers from Symantec , the malware program has been deployed on networks belonging to organizations from multiple sectors, including insurance, education, IT, and profe

CSO Online
CRITICALVulnerability

NVD CRITICAL: CVE-2026-55455 — Appsmith is a platform to build admin panels, internal tools, and dashboards. Pr...

Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 2.1, the outbound HTTP host filter applied by WebClientUtils (used by the REST API and GraphQL datasource plugins) validates hosts against an exact-match string denylist. The comprehensive address-class check (loopback, any-local, link-local, fc00::/7) exists only on a separate code path used by SMTP, not by the

CVE-2026-55455
NIST NVD
HIGHVulnerability

NVD HIGH: CVE-2026-50189 — Appsmith is a platform to build admin panels, internal tools, and dashboards. Pr...

Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 2.1, Appsmith's bundled supervisord exposes an XML-RPC interface on port 9001, reachable from outside the container via a Caddy reverse-proxy route at /supervisor/* on the public ingress. Combined with the APPSMITH_SUPERVISOR_PASSWORD exposed via GET /api/v1/admin/env, any authenticated administrator can send ar

CVE-2026-50189
NIST NVD
MEDIUMVulnerability

DraftKings hacker 'Snoopy' sentenced to 18 months in prison

A 21-year-old using the alias "Snoopy" was sentenced to 18 months in prison for his role in hacking DraftKings accounts in the November 2022 cyberattack. [...]

BleepingComputer
CRITICALZero Day

Mandiant reveals how Cisco SD-WAN zero-day attacks gained root access

New details have been revealed on how hackers exploited a Cisco Catalyst SD-WAN vulnerability tracked as CVE-2026-20245 in zero-day attacks to create rogue root accounts on targeted devices. [...]

CVE-2026-20245
BleepingComputer
HIGHVulnerability

NVD HIGH: CVE-2026-13201 — A flaw was found in KubeVirt's safepath package used by virt-handler. The OpenAt...

A flaw was found in KubeVirt's safepath package used by virt-handler. The OpenAtNoFollow function uses O_PATH|O_NOFOLLOW to obtain a file descriptor to a path leaf, but downstream operations resolve the path via /proc/self/fd/N using link-following syscalls. When the leaf is a symlink, the kernel dereferences it, defeating the intended no-follow protection. An attacker with access to a virt-launch

CVE-2026-13201
NIST NVD
MEDIUMVulnerability

Attackers Hit Cisco SD-WAN Flaw 2 Months Before Disclosure

Researchers believe rogue peering was used to connect to the victim's SD-WAN devices to gain admin privileges and root-level access.

Dark Reading
MEDIUMAi

OpenAI Unveils 'Jalapeño' Inference Chip

<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/openai-unveils-jalapeo-inference-chip-image_small-7-a-32064.jpg" align=right hspace=4><b>Custom Silicon Advances Firm's Push Toward a Full AI Stack</b><br>OpenAI has introduced Jalapeño, its first custom inference chip developed with Broadcom and Celestica. The move marks a significant step toward vertical integration, giving Open

Bank Info Security
HIGHRansomware

Malicious Edge extension abuses Native Messaging as bridge to malware

A malicious Microsoft Edge extension dubbed 'Edgecution' has been used in a ransomware attack to escape the browser sandbox and deploy a Python-based backdoor. [...]

BleepingComputer
MEDIUMVulnerability

2026 FIFA World Cup Faces Surge in Cyber Threats

Persistent cybercrime, social engineering, and infrastructure threats continue to plague the FIFA 2026 World Cup across the US, Canada, and Mexico.

Dark Reading
MEDIUMVulnerability

Stryker Seeks to Dismiss Class Action Lawsuit in Cyberattack

<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/stryker-seeks-to-dismiss-class-action-lawsuit-in-cyberattack-image_small-9-a-32063.jpg" align=right hspace=4><b>Medtech Firm Argues PII of Employees Filing Lawsuit Was Not Compromised</b><br>Stryker is asking a court to dismiss proposed class action litigation filed by current and former employees who allege their personal informa

Bank Info Security
MEDIUMVulnerability

Thredd rolls out Visa Cloud Connect in Asia Pacific

Thredd, the AI-first issuer processing platform, today announced the implementation of Visa Cloud Connect (VCC) in the Asia Pacific, marking a significant regional milestone in the company’s broader cloud transformation strategy.

Finextra
MEDIUMSupply Chain

Three ‘cybercrime as a service’ operations undercut by Microsoft, law enforcement

Microsoft touted its latest action against malware infrastructure as a new approach aimed at the full cybercrime "supply chain." Europol said more than 300 servers were targeted.

The Record
MEDIUMVulnerability

Latin America&#39;s largest card processor CSU Digital lands in the US

CSU Digital is Latin America’s largest independent card processor, managing more than 50 million cards and processing nearly $100 billion in annual transactions.

Finextra
MEDIUMVulnerability

Do CISOs Need a Code of Ethics?

Kickbacks, no-show jobs, "dirty" VCs, and shelf ware — industry expert Robert "RSnake" Hansen explains why he thinks its time for a CISO code of ethics to ensure cybersecurity bosses aren't engaged in self-dealing that could risk enterprise, and even national, security.

Dark Reading
MEDIUMMalware

Infostealers StealC and Amadey Disrupted in Police Crackdown

<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/infostealers-stealc-amadey-disrupted-in-police-crackdown-image_small-7-a-32062.jpg" align=right hspace=4><b>$41M in Crypto Assets Blocked, 27M Login Credentials Recovered</b><br>Malware-as-a-service offerings Amadey and StealC have been targeted in an international law enforcement crackdown that also hit dropper/loader SocGholish,

Bank Info Security
CRITICALZero Day

Malicious hackers exploit Cisco zero-day for highest access level at communications service provider

Mandiant detailed the incident in a blog post Wednesday, but it’s unclear who was behind it or if they managed to get broad visibility into the victim’s internal traffic. The post Malicious hackers exploit Cisco zero-day for highest access level at communications service provider appeared first on CyberScoop .

CyberScoop
MEDIUMVulnerability

Modern Treasury partners Sardine to help businesses detect fraud earlier

Modern Treasury today announced a partnership with Sardine to enhance transaction monitoring and fraud prevention capabilities for businesses moving money across the U.S. and globally.

Finextra
MEDIUMAi

When Information Becomes the Attack Surface &#8211; Understanding AI Agent Traps

From hidden content injections to cognitive state poisoning, attackers are turning trusted data sources into traps for autonomous AI. The post When Information Becomes the Attack Surface &#8211; Understanding AI Agent Traps appeared first on SecurityWeek .

SecurityWeek
HIGHRansomware

Scattered Spider duo convicted over $38M Transport for London attack

Two members of the Scattered Spide r cybercrime collective have admitted launching a cyberattack against Transport for London (TfL) that caused millions in damages. Thalha Jubair, 20, from East London, and Owen Flowers, 18, from Walsall, West Midlands, were due to stand trial for computer hacking offences at Woolwich Crown Court on Monday but changed their pleas to guilty on the first day of what

CSO Online
CRITICALVulnerability

CISA Warns Critical Lantronix EDS5000 Flaw Is Being Actively Exploited

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday warned of active exploitation of a critical security flaw impacting Lantronix EDS5000 Series devices, urging Federal Civilian Executive Branch (FCEB) agencies to apply the fixes by June 26, 2026. The vulnerability in question is CVE-2025-67038 (CVSS score: 9.8), a code injection flaw that could result in the execution

CVE-2025-67038
The Hacker News
CRITICALVulnerability

NVD CRITICAL: CVE-2026-54906 — concurrent-ruby is a modern concurrency tools for Ruby. Prior to 1.3.7, Concurre...

concurrent-ruby is a modern concurrency tools for Ruby. Prior to 1.3.7, Concurrent::ReadWriteLock#release_write_lock does not verify that the calling thread acquired the write lock. Any thread with access to the lock object can release an active write lock held by another thread. A second writer can then enter its critical section while the first writer is still running. Concurrent::ReadWriteLock#

CVE-2026-54906
NIST NVD
HIGHVulnerability

NVD HIGH: CVE-2026-54904 — concurrent-ruby is a modern concurrency tools for Ruby. Prior to 1.3.7, Concurre...

concurrent-ruby is a modern concurrency tools for Ruby. Prior to 1.3.7, Concurrent::AtomicReference#update can enter a permanent busy retry loop when the current value is Float::NAN. The issue is caused by the interaction between AtomicReference#update, which retries until compare_and_set(old_value, new_value) succeeds; Numeric compare_and_set, which checks old == old_value before attempting the u

CVE-2026-54904
NIST NVD
MEDIUMSupply Chain

More Malicious OpenClaw Skills Threaten AI Supply Chain

OpenClaw removed five packages from ClawHub, its skills marketplace, that bypassed security checks even though they included infostealers and other threats.

Dark Reading
CRITICALVulnerability

NVD CRITICAL: CVE-2026-56121 — Feast before 0.63.0 contains an unsafe deserialization vulnerability that allows...

Feast before 0.63.0 contains an unsafe deserialization vulnerability that allows unauthenticated or unauthorized attackers to achieve remote code execution by sending a crafted gRPC request to the registry server. The user_defined_function.body field of an OnDemandFeatureView spec is decoded from base64 and passed to dill.loads() before any authorization check is performed, enabling attackers to e

CVE-2026-56121
NIST NVD
CRITICALVulnerability

NVD CRITICAL: CVE-2026-56111 — Marlin Firmware through 2.1.2.7, fixed in commit 1f255d1, when built with MESH_B...

Marlin Firmware through 2.1.2.7, fixed in commit 1f255d1, when built with MESH_BED_LEVELING enabled, contains an out-of-bounds write vulnerability in the M421 G-code handler that allows attackers to corrupt firmware memory by supplying out-of-range X and Y grid indices. Attackers can send a single crafted G-code command via USB serial, network interface, or malicious gcode file to write an attacke

CVE-2026-56111
NIST NVD
MEDIUMAi

Researchers Trick AI Browsers Into Leaking Credentials

LayerX tricked AI browsers including ChatGPT Atlas and Comet into bypassing their guardrails

Infosecurity Magazine
MEDIUMAi

Mastercard and PrivatBank complete Ukraine’s first payment executed by an AI agent

Mastercard and PrivatBank have completed Ukraine’s first agentic transaction, through Mastercard Agent Pay.

Finextra
MEDIUMAi

The New Boardroom Mandate: Building Barriers to Limit Cyber Impact

As agentic AI expands the attack surface and accelerates cyberattacks, organizations must focus on containing breaches rather than preventing every intrusion, says Akamai's Mani Sundaram. He explores AI-powered segmentation, securing AI factories and the convergence of browser security.

Bank Info Security
MEDIUMAi

Preparing Education Institutions for the Next Wave of Generative AI

<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/future-generative-ai-in-public-sector-image_file-2-a-28166.jpg" align=right hspace=4><b>An OnDemand Webinar from Elastic</b><br>

Bank Info Security
MEDIUMVulnerability

Infosecurity Europe 2026: Security in the Age of AI

<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/infosecurity-europe-2026-security-in-age-ai-image_small-4-a-32061.jpg" align=right hspace=4><b>Compendium Features Dozens of In-Depth Interviews With CEOs, CISOs and Researchers</b><br>Welcome to Information Security Media Group's Infosecurity Europe 2026 Compendium featuring cybersecurity insights from industry's top researchers,

Bank Info Security
MEDIUMVulnerability

Five Eyes Warn the Frontier AI Cyberthreat Is Months Away

<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/five-eyes-warn-frontier-ai-cyber-threat-months-away-image_small-4-a-32054.jpg" align=right hspace=4><b>Allied Cyber Agencies Urge Leaders to Act Now as Frontier Models Reshape Risk</b><br>A rare joint statement from the Five Eyes cyber agencies is warning that frontier artificial intelligence will transform offensive hacking in ju

Bank Info Security
LOWAi

Microsoft Weighs DeepSeek for Copilot Amid Security Debate

<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/microsoft-weighs-deepseek-for-copilot-amid-security-debate-image_small-5-a-32055.jpg" align=right hspace=4><b>Lower-Cost AI Model Could Cut Agent Costs But Raise Enterprise Risks</b><br>Microsoft is testing alternative AI models, including China's DeepSeek v4, to reduce the cost of running Copilot Cowork's agentic workloads. While

Bank Info Security
CRITICALRansomware

Amadey and StealC Malware Network Disrupted, 27M Stolen Credentials Recovered

A coordinated law enforcement operation, in partnership with private sector companies, including Bitdefender, Bitsight, ESET, and Microsoft, has resulted in the takedown of criminal infrastructure powering Amadey and StealC. "The main common goal was to disrupt the 'assembly lines' cybercriminals use to launch ransomware, financial fraud, and attacks on critical infrastructure," Europol said in

The Hacker News
MEDIUMVulnerability

Worldpay suffers outage during England vs Ghana World Cup game

Some Brits were unable to make card payments at pubs and shops during the World Cup game between England and Ghana on Tuesday evening after processor Worldpay was hit by an outage.

Finextra
MEDIUMVulnerability

Entrust takes on AI-driven account takeover

Entrust, a global leader in identity-centric security, today introduced a new approach to preventing account takeover in the age of AI. As attackers increasingly target high-risk moments like account recovery, device changes, and large transactions, organizations need to modernize authentication from verifying access to verifying the real human behind the transaction.

Finextra
MEDIUMVulnerability

Europol-Led Operation Endgame Takes Down StealC and Amadey Infostealers

Operation Endgame seized around 50 domains and nearly 200 active IP-based servers associated with the infostealers

Infosecurity Magazine
MEDIUMVulnerability

Fintech Scotland launches innovvation challengge on responsible AI

Fintech companies from around the world with innovative AI solutions can now apply to the award-winning Financial Regulation Innovation Lab’s new innovation call – on responsible AI in financial services.

Finextra
HIGHVulnerability

NVD HIGH: CVE-2026-11877 — An unauthorized user can modify configuration through API calls that affects the...

An unauthorized user can modify configuration through API calls that affects the OpenText Access Manager. This issue affects Access Manager before 5.1.3.

CVE-2026-11877
NIST NVD
MEDIUMMalware

Microsoft and Allies Smash Shared Infrastructure of Amadey and StealC Malware

Hundreds of C&#038;C servers were disrupted in an operation involving law enforcement and several cybersecurity companies. The post Microsoft and Allies Smash Shared Infrastructure of Amadey and StealC Malware appeared first on SecurityWeek .

SecurityWeek
HIGHVulnerability

CISA warns of max severity Ubiquiti flaws exploited in attacks

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning of hackers actively exploiting flaws in Ubiquity UniFi OS and Lantronix serial-to-ethernet servers. [...]

BleepingComputer
HIGHRansomware

Amadey, StealC malware operations disrupted in Operation Endgame action

Microsoft, Europol, and international partners have disrupted infrastructure used by the Amadey and StealC malware operations as part of Operation Endgame, which targets cybercriminal services and ransomware gangs. [...]

BleepingComputer
MEDIUMSupply Chain

Exclusive: Meet AIVEX, a New Triage Model Built to Reduce Supply Chain Threat and Risk

The new framework seeks to help security teams identify which software supply chain vulnerabilities pose the greatest operational, safety, and business risks in AI-driven environments. The post Exclusive: Meet AIVEX, a New Triage Model Built to Reduce Supply Chain Threat and Risk appeared first on SecurityWeek .

SecurityWeek
MEDIUMVulnerability

German rail services resume after wireless communications outage

Deutsche Bahn said a nationwide disruption of railway services was tied to a malfunction in its 2G-based GSM-R communications system.

The Record
MEDIUMVulnerability

Digital euro clears European Parliament hurdle

Europe has taken another step towards the launch of a digital euro in 2029 after a key parliamentary committee backed the plan.

Finextra
MEDIUMVulnerability

Securing the service desk: Why social engineering attacks keep succeeding

Service desks have become a favored target for attackers seeking password resets, MFA changes, and access to corporate accounts. Specops Software breaks down how service desk social engineering attacks work and how organizations can defend against them. [...]

BleepingComputer
MEDIUMAi

macOS Backdoor Uses Prompt Injection to Evade AI Triage

SentinelLabs found a North Korea-linked macOS backdoor using prompt injection on AI triage tools

Infosecurity Magazine
HIGHData Breach

Hillcrest Convalescent Center Settles Class Action Data Breach Litigation

Hillcrest Convalescent Center, a short-term inpatient rehabilitation and skilled nursing facility in Durham, North Carolina, has agreed to settle class [&#8230;] The post Hillcrest Convalescent Center Settles Class Action Data Breach Litigation appeared first on The HIPAA Journal .

HIPAA Journal
MEDIUMVulnerability

macOS Weaknesses Chained to Silently Disable Endpoint Security Agents

A standard non-admin account is sufficient to conduct an attack that exploits legitimate OS behavior rather than software vulnerabilities. The post macOS Weaknesses Chained to Silently Disable Endpoint Security Agents appeared first on SecurityWeek .

SecurityWeek
LOWData Breach

How Hackers Broke into Madison Square Garden

Joseph Cox reports: The hackers that stole a large cache of data from Madison Square Garden called a low level employee and tricked them into letting the hackers into MSG’s systems, according to the hackers and 404 Media’s review of the stolen data. &#8230; 404 Media downloaded the full 45GB data dump and found the... Source

DataBreaches.net
MEDIUMVulnerability

Vermiculus appoint COO and deputy CEO

Vermiculus Financial Technology today announced that the company’s Board of Directors and CEO have appointed Chris Dorougidenis as Chief Operating Officer (COO) and Henrik Rouet-Leduc as Deputy CEO.

Finextra
HIGHRansomware

Indian auto giant Bajaj Auto hit by ransomware incident

The company said in a regulatory filing that it became aware of the incident on Tuesday morning and had taken precautionary measures to contain its impact.

The Record
HIGHVulnerability

NVD HIGH: CVE-2026-56370 — ImageMagick before 7.1.2-19 contains an out-of-bounds access vulnerability in Co...

ImageMagick before 7.1.2-19 contains an out-of-bounds access vulnerability in ConnectedComponentsImage() when processing connected-components artifacts with invalid indices. Attackers can trigger access violations by specifying malformed connected-components definitions via CLI, causing denial of service or potential code execution.

CVE-2026-56370
NIST NVD
HIGHVulnerability

NVD HIGH: CVE-2026-56368 — ImageMagick before 7.1.2-15 contains a memory leak vulnerability in multiple cod...

ImageMagick before 7.1.2-15 contains a memory leak vulnerability in multiple coders that write raw pixel data where allocated objects are not properly freed. Attackers can trigger this leak by processing specially crafted images, causing memory exhaustion and denial of service.

CVE-2026-56368
NIST NVD
HIGHVulnerability

NVD HIGH: CVE-2026-56351 — n8n before version 2.4.0 contains a sql injection vulnerability in MySQL, Postgr...

n8n before version 2.4.0 contains a sql injection vulnerability in MySQL, PostgreSQL, and Microsoft SQL nodes that allows authenticated users to inject arbitrary SQL through unescaped identifier values in node configuration parameters. Attackers with workflow creation permissions can supply specially crafted table or column names to execute unauthorized database commands and compromise data integr

CVE-2026-56351
NIST NVD
HIGHVulnerability

NVD HIGH: CVE-2026-56270 — Flowise before 3.1.0 (versions 3.0.13 and earlier) contains a missing authentica...

Flowise before 3.1.0 (versions 3.0.13 and earlier) contains a missing authentication vulnerability in the /api/v1/loginmethod endpoint that allows unauthenticated users to retrieve an organization's complete SSO configuration, including OAuth client secrets in cleartext, by providing an organizationId parameter. Remote attackers can send a GET request to harvest sensitive API credentials for Googl

CVE-2026-56270
NIST NVD
HIGHVulnerability

NVD HIGH: CVE-2026-56257 — Capgo before 12.128.2 allows direct patching of public.apps.owner_org through Po...

Capgo before 12.128.2 allows direct patching of public.apps.owner_org through PostgREST, bypassing the transfer_app() workflow and creating split-brain ownership. Attackers can directly update apps.owner_org while leaving app_versions.owner_org unchanged, enabling old-org keys to retain access to version data while new-org keys control the app record.

CVE-2026-56257
NIST NVD
HIGHVulnerability

NVD HIGH: CVE-2026-56245 — Supabase Capgo before 12.128.2 contains an authorization bypass vulnerability in...

Supabase Capgo before 12.128.2 contains an authorization bypass vulnerability in the SECURITY DEFINER record_build_time RPC function that allows unauthenticated attackers to insert arbitrary build-time records. Attackers can exploit this by calling POST /rest/v1/rpc/record_build_time with a public API key to poison billing and quota data for any organization, enabling resource exhaustion and cross

CVE-2026-56245
NIST NVD
HIGHVulnerability

NVD HIGH: CVE-2026-56244 — Capgo before 12.128.2 allows non-admin API keys to read webhook signing secrets ...

Capgo before 12.128.2 allows non-admin API keys to read webhook signing secrets via Supabase REST due to insufficient row-level security policies on the webhooks table. Attackers can retrieve the webhook secret and forge valid X-Capgo-Signature headers to send authenticated webhook events to configured receivers, breaking webhook authenticity and integrity.

CVE-2026-56244
NIST NVD
CRITICALVulnerability

NVD CRITICAL: CVE-2026-56237 — Capgo before 12.128.2 contains a broken authentication vulnerability in its API ...

Capgo before 12.128.2 contains a broken authentication vulnerability in its API key generation mechanism. API keys are exposed in frontend requests, and the backend fails to validate that keys are securely generated and bound to the authenticated user. An attacker can tamper with the API key parameter in the generation request and supply arbitrary values, generating custom API keys without proper

CVE-2026-56237
NIST NVD
HIGHVulnerability

NVD HIGH: CVE-2026-56232 — Capgo before 12.128.2 fails to enforce limited_to_orgs and limited_to_apps const...

Capgo before 12.128.2 fails to enforce limited_to_orgs and limited_to_apps constraints on subkeys provided via x-limited-key-id header in middlewareKey function. Attackers can bypass subkey scope restrictions by referencing their own subkeys, causing all downstream route handlers to use the unrestricted parent key instead of the scoped subkey.

CVE-2026-56232
NIST NVD
HIGHVulnerability

NVD HIGH: CVE-2026-56231 — Capgo before 12.128.2 contains a broken object level authorization (BOLA) vulner...

Capgo before 12.128.2 contains a broken object level authorization (BOLA) vulnerability in the POST /build/start/:jobId and POST /build/cancel/:jobId endpoints. The handlers authorize the request based only on the attacker-controlled app_id supplied in the request body and never verify that the jobId in the URL belongs to that app_id (or the same tenant/org) before issuing privileged builder comma

CVE-2026-56231
NIST NVD
HIGHVulnerability

NVD HIGH: CVE-2026-56223 — Capgo before 12.128.2 contains a cross-domain SSO account takeover vulnerability...

Capgo before 12.128.2 contains a cross-domain SSO account takeover vulnerability in the provision-user endpoint that allows attackers to merge arbitrary victim accounts based on email match without validating SSO provider domain authorization. An attacker with enterprise org admin access and a malicious IdP can forge SAML assertions containing victim email addresses to trigger account merge and ga

CVE-2026-56223
NIST NVD
HIGHVulnerability

NVD HIGH: CVE-2025-71361 — picklescan before 0.0.29 fails to detect malicious idlelib.calltip.Calltip.fetch...

picklescan before 0.0.29 fails to detect malicious idlelib.calltip.Calltip.fetch_tip calls in pickle files, allowing remote code execution. Attackers can embed undetected payloads in pickle files that execute arbitrary code when loaded via pickle.load().

CVE-2025-71361
NIST NVD
HIGHVulnerability

NVD HIGH: CVE-2025-71332 — Flowise through 2.2.7 contains a SQL injection vulnerability in the importChatfl...

Flowise through 2.2.7 contains a SQL injection vulnerability in the importChatflows API. Due to insufficient validation of the chatflow.id value, an authenticated user can supply a crafted JSON import file whose id field is concatenated unsanitized into a SQL IN clause, allowing arbitrary SQL to be executed, including blind and error-based extraction of data from the credential table.

CVE-2025-71332
NIST NVD
HIGHData Breach

LastPass says hackers stole customer support case data during Klue breach

Password manager LastPass is still dealing with the settlement from its 2022 data breach (see Related Posts, below, for background on that), but now it has another breach to disclose. Zack Whittaker reports: Password manager maker LastPass is notifying customers that their personal information and customer support case records were stolen during a recent hack... Source

DataBreaches.net
MEDIUMVulnerability

A Note to Our Customers and Partners

A note to our customers and partners about Snyk's AI transformation and organizational changes.

Snyk
MEDIUMVulnerability

Third DraftKings Hacker Sentenced to 18 Months in Prison

Nathan Austad has been ordered to pay roughly $1.8 million in forfeiture and restitution, and the sentence also includes 3 years of supervised release. The post Third DraftKings Hacker Sentenced to 18 Months in Prison appeared first on SecurityWeek .

SecurityWeek
CRITICALSupply Chain

Cordyceps CI/CD Flaws Expose 300+ GitHub Repositories to Supply-Chain Attacks

Cybersecurity researchers have flagged a new class of CI/CD workflow weakness that allows attackers to hijack workflows and compromise open-source supply chains. The "critical exploitable pattern" has been codenamed Cordyceps by Novee Security. The issue can allow full attacker control of repositories at dozens of the largest organizations worldwide, including Microsoft, Google, Apache, and

The Hacker News
MEDIUMVulnerability

KDDI Breach Affects Six Japanese ISPs, Exposes 14.2 Email Credentials

Customers of the affected Japanese email services are “strongly advised” to change their email passwords

Infosecurity Magazine
MEDIUMVulnerability

British Scattered Spider Hacker Pleads Guilty to Cyberattacks on TfL; SSM Health Care; Sutter Health

Two British hackers have pleaded guilty to a cyberattack on Transport for London (TfL), one of whom also admitted to [&#8230;] The post British Scattered Spider Hacker Pleads Guilty to Cyberattacks on TfL; SSM Health Care; Sutter Health appeared first on The HIPAA Journal .

HIPAA Journal
MEDIUMMalware

ESET takes part in Operation Endgame to disrupt Amadey and Stealc

ESET researchers assisted in the global disruption of the Amadey botnet and Stealc infostealer, providing technical analysis, infrastructure tracking, and affiliate-level insights

WeLiveSecurity (ESET)
CRITICALVulnerability

Critical Ubiquiti Vulnerabilities in Attackers&#8217; Crosshairs

The flaws allow remote, unauthenticated attackers to make system changes, access underlying accounts, and inject commands. The post Critical Ubiquiti Vulnerabilities in Attackers&#8217; Crosshairs appeared first on SecurityWeek .

SecurityWeek
MEDIUMMalware

In a first, a court takedown goes after two cybercrime tools at once

Microsoft, with law enforcement and industry partners, disrupted more than 200 command and control servers for Amadey and StealC, often used in conjunction. The post In a first, a court takedown goes after two cybercrime tools at once appeared first on CyberScoop .

CyberScoop
MEDIUMVulnerability

Apple's MacOS Gap Lets Users Disable Security Tools

Attackers can exploit the issue to disable security and integrated browser tools without needing administrator privileges or kernel exploits.

Dark Reading
MEDIUMAi

Agentic AI Security: Wrong Context, Wrong Decisions at Machine Speed

Context is the central plank of AI in general, and agentic AI in particular. If an AI system doesn’t have the correct context, it cannot make the correct decisions. The post Agentic AI Security: Wrong Context, Wrong Decisions at Machine Speed appeared first on SecurityWeek .

SecurityWeek
HIGHRansomware

Iran-Linked MuddyWater Poses as Ransomware Gang to Mask Cyber Espionage

An NCC Group report warns state-backed hackers are attempting to hide activity by posing as ransomware groups and deploying commercially available malware

Infosecurity Magazine
MEDIUMVulnerability

Using SASE in a Modern TIC 3.0 Solution

<p><a class="c-button" href="https://www.cisa.gov/sites/default/files/2026-06/The_Journey_to_Zero_Trust_Using_SASE_in_a_Modern_TIC-3.0_Solution_CB_Approved.pdf">Using SASE in a Modern TIC 3.0 Solution</a></p> <p>CISA’s guidance, The Journey to Zero Trust – Using Secure Access Service Edge in a Modern TIC 3.0 Solution, details how the Trusted Internet Connections (TIC) 3.0 initiative is helping age

CISA Advisories
MEDIUMVulnerability

SBI Holdings launches yen-backed stablecoin

Japanese financial conglomerate SBI Holdings has officially issued $JPYSC, Japan's first trust bank-backed yen stablecoin.

Finextra
HIGHRansomware

New &#8216;Mistic&#8217; RAT Opens Door to Several Ransomware Families

Mistic is used by Woodgnat, an initial access broker working with Qilin, Interlock, Rhysida, Akira, 8Base, and Black Basta. The post New &#8216;Mistic&#8217; RAT Opens Door to Several Ransomware Families appeared first on SecurityWeek .

SecurityWeek
MEDIUMVulnerability

Iceland to join Target Instant Payment Settlement System

Iceland is the latest non-European country to join the Eurosystem’s Target Instant Payment Settlement System (Tips), paving the way for payments in Icelandic kr&#243;na to be settled instantly in central bank money as of 2028.

Finextra
CRITICALVulnerabilityPOC

Attackers exploit Cisco Unified CM flaw weeks after patch release

A critical Cisco Unified CM vulnerability is now under active exploitation, weeks after the company issued patches warning it could allow attackers to gain root access. Threat intelligence firm Defused reported the exploitation on June 23. The company said it observed the activity over the weekend. “This is currently being exploited from a single source using an unvetted PoC, with genuinely-format

CVE-2026-20230
CSO Online
LOWAi

Dawn of the Apex Agentic Adversary

We are standing at the end of an era we never thought to mourn: the era of human-speed threats. For years, cybersecurity moved to a rhythm organizations could follow. A researcher found a bug, a CVE was cataloged, a vendor navigated a patch cycle, and weeks or even months later, a fix was deployed. In this era, dwell time was measured in days, sometimes weeks. We are now approaching an

The Hacker News
MEDIUMVulnerability

UBS joins $16 million round in private market data and matchmaking service Caplight

UBS has joined in a $16 million funding round for Caplight, a startup that offers pricing data and matchmaking services for shares of private companies.

Finextra
MEDIUMVulnerability

CVE-2026-20971: Samsung Android kernel UAF affecting Galaxy S9-S25

[object Object]

CVE-2026-20971
r/netsec
LOWSupply Chain

Exploitable CI/CD Vulnerabilities Expose Millions of Repositories to Hijacking

The security defects allow unauthenticated users to take control of the open source software supply chain. The post Exploitable CI/CD Vulnerabilities Expose Millions of Repositories to Hijacking appeared first on SecurityWeek .

SecurityWeek
HIGHRansomware

Stealthy Mistic backdoor linked to ransomware access broker KongTuke

A new backdoor dubbed Mistic has been observed in financially motivated attacks targeting organizations in the insurance, education, IT, and professional services sectors. [...]

BleepingComputer
CRITICALSupply Chain

How a malicious AI agent skill passed security checks and reached 26,000 users

A fake AI agent skill that passed security checks reached over 26,000 users through Instagram, highlighting new risks as enterprises rely on AI-driven tools. Some of the agents involved were tied to corporate accounts, AIR said . The company said a similar attack could have exposed private conversations and internal systems. AIR said no agents were harmed in the research and that the test payload

CSO Online
MEDIUMVulnerability

MoonPay acquires AI bookkeeping platform Entendre

We're pleased to announce the acquisition of Entendre, an AI-enabled finance operations platform built for companies moving, settling, or holding value onchain.

Finextra
HIGHData Breach

BeyondTrust, LastPass Impacted by Klue-Salesforce Incident

Over a dozen Klue customers have confirmed that hackers stole data from their Salesforce instances. The post BeyondTrust, LastPass Impacted by Klue-Salesforce Incident appeared first on SecurityWeek .

SecurityWeek
HIGHData Breach

Data Breaches Announced by Florida Retina Center; Acadia Healthcare Company

Florida Retina Center has identified unauthorized access to systems containing the protected health information of more than 13,600 patients. Acadia [&#8230;] The post Data Breaches Announced by Florida Retina Center; Acadia Healthcare Company appeared first on The HIPAA Journal .

HIPAA Journal
MEDIUMMalware

StrikeShark: investigating a new campaign delivering Cobalt Strike through SharkLoader

Kaspersky researchers analyze a new global campaign dubbed StrikeShark that delivers Cobalt Strike Beacon via custom SharkLoader malware.

Securelist (Kaspersky)
LOWVulnerability

Anchorbase raises $2 million

Canadian payments automation platform Anchorbase has raised $2 million to help mid-market businesses automate back-office workflows using AI.

Finextra
MEDIUMVulnerability

Zeller enters the cloud point-of-sale software market with AI-first system built for SMEs

Australian fintech Zeller has today released a new point-of-sale (POS) app aimed at small and medium-sized businesses, expanding its offering beyond fintech into core business operations software.

Finextra
MEDIUMVulnerability

Navi UPI bolsters fraud detection

Navi UPI, one of India’s fastest-growing UPI apps, introduced Navi Secure, a unified safety framework that brings together the platform’s existing fraud prevention, risk monitoring and user protection capabilities under a single trust and security proposition.

Finextra
MEDIUMVulnerability

Interpolitan Money offers early access to fixed income treasury product

Interpolitan Money has launched early access to its new Fixed Income solution, marking the next stage in the expansion of its Asset Management proposition and cross-border capital infrastructure

Finextra
MEDIUMVulnerability

AI Is Making Attacks Cheaper, Faster and More Covert, Says ReliaQuest

New ReliaQuest study reveals the six ways AI is practically being used in attacks today

Infosecurity Magazine
LOWVulnerability

PayPoint acquires Aperidata

PayPoint has completed the acquisition of UK credit reference agency and open banking provider AperiData following a previous &#163;1 million strategic investment.

Finextra
MEDIUMVulnerability

Open-source security is posing challenges governments can&#8217;t easily solve

A diffuse landscape, fruitful targets, companies not stepping up, AI’s influence and flagging U.S. government efforts all figure into a shifting threat. The post Open-source security is posing challenges governments can&#8217;t easily solve appeared first on CyberScoop .

CyberScoop
CRITICALPhishing

Kahneman, ‘Where’s Waldo’ and the Nexus pass: A CISO’s mental model for the AI era

Security awareness training as a defense against phishing is dead. It has been dead for a while. The industry never held a funeral because the training budget is comfortable, the compliance box gets checked and no CISO wants to tell the board that the program everyone funds does not work. The premise was simple. With enough education, users would learn to spot the tells. Misspelled words. Awkward

CSO Online
MEDIUMVulnerability

DoJ Seizes Huione Cloud Account Tied to Cyber Scam Money Laundering

The U.S. Department of Justice (DoJ) on Tuesday announced the seizure of a cloud computing account put to use by subsidiaries of Cambodia-based corporate conglomerate HuiOne Group, as the Treasury unveiled fresh sanctions against nine individuals and 26 entities linked to Prince Group. "These subsidiaries are alleged to have assisted individuals and organizations in transferring proceeds of

The Hacker News
MEDIUMVulnerability

CERT-In’s AI Vulnerability Blueprint: Why Indian CISOs Need Machine-Speed Risk Operations in the Post-Mythos Era

A Qualys India perspective on CERT-In&#8217;s blueprint, the post-Mythos threat landscape&#160;India faces, and why the operating model needs to change.&#160; Key Takeaways Mythos-class AI changes the vulnerability equation from CVE matching to autonomous exploit discovery, turning known, unpatched weaknesses into weaponized exploits at machine speed. CERT-In’s 2026 blueprint expects 12-hour conta

Qualys Blog
MEDIUMVulnerability

UK Museums Face Cybersecurity Risks, MPs Warn

Public Accounts Committee (PAC) warns that museums and galleries aren’t getting enough government support on cyber

Infosecurity Magazine
HIGHVulnerability

NVD HIGH: CVE-2026-7761 — The Ultimate Member plugin for WordPress is vulnerable to Account Takeover via P...

The Ultimate Member plugin for WordPress is vulnerable to Account Takeover via Password Reset Link Disclosure in all versions up to and including 2.11.4. This is due to a chain of three logic bugs: (1) an MD5 hash fallback in get_directory_by_hash() that allows any post to be used as a member directory by computing SUBSTRING(MD5(post_id), 11, 5), (2) a strstr() parsing logic flaw in post_data() th

CVE-2026-7761
NIST NVD
HIGHVulnerability

NVD HIGH: CVE-2026-9643 — The WP Meta SEO plugin for WordPress is vulnerable to Unauthenticated Stored Cro...

The WP Meta SEO plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting via the REQUEST_URI server variable in all versions up to, and including, 4.5.18. When the plugin's `wpmsTemplateRedirect()` hook detects a 404, it concatenates `$_SERVER['HTTP_HOST']` with the raw `$_SERVER['REQUEST_URI']` and inserts that value verbatim into the `wp_wpms_links.link_url` column via `

CVE-2026-9643
NIST NVD
HIGHVulnerability

NVD HIGH: CVE-2026-9179 — The WP Forms Connector plugin for WordPress is vulnerable to SQL Injection via t...

The WP Forms Connector plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the /wp-json/wp/v3/post/list REST endpoint in versions up to and including 1.8. This is due to insufficient escaping on the user-supplied 'order' parameter (read directly from $_GET['order'] into $shorting) and the lack of sufficient preparation on the existing SQL query in the listPost() functi

CVE-2026-9179
NIST NVD
HIGHVulnerability

NVD HIGH: CVE-2026-4297 — The Welcome Software Publishing plugin for WordPress is vulnerable to Arbitrary ...

The Welcome Software Publishing plugin for WordPress is vulnerable to Arbitrary Options Update in all versions up to and including 0.0.31. This is due to a missing capability check in the nc_setOption() function, which is exposed via the nc.setOption XML-RPC method. The function authenticates the user via $wp_xmlrpc_server->login() (verifying credentials are valid) but does not perform any authori

CVE-2026-4297
NIST NVD
CRITICALVulnerability

NVD CRITICAL: CVE-2026-12417 — The SignUp & SignIn plugin for WordPress is vulnerable to Authentication Bypass ...

The SignUp & SignIn plugin for WordPress is vulnerable to Authentication Bypass via Weak Password Reset Validation leading to Account Takeover in versions up to, and including, 1.0.0. This is due to the `pravel_change_password()` AJAX handler — registered via `wp_ajax_nopriv_pravel_change_password` and therefore accessible to unauthenticated users — performing no nonce verification, no capability

CVE-2026-12417
NIST NVD
CRITICALVulnerability

NVD CRITICAL: CVE-2026-12416 — The Invoice Generator plugin for WordPress is vulnerable to Account Takeover via...

The Invoice Generator plugin for WordPress is vulnerable to Account Takeover via Password Reset in all versions up to, and including, 1.0.0. This is due to the `pravel_invoice_change_password()` function being registered as a nopriv AJAX handler with no nonce verification and no authorization check, and performing a loose equality comparison between the supplied `reset_activation_code` POST parame

CVE-2026-12416
NIST NVD
HIGHVulnerability

NVD HIGH: CVE-2026-12100 — The URL Preview plugin for WordPress is vulnerable to Server-Side Request Forger...

The URL Preview plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.0 via the 'url' parameter. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.

CVE-2026-12100
NIST NVD
HIGHVulnerability

NVD HIGH: CVE-2026-12095 — The Kargo Takip plugin for WordPress is vulnerable to Server-Side Request Forger...

The Kargo Takip plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.2 via the 'api_url' parameter. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. The script echoes internal API response d

CVE-2026-12095
NIST NVD
HIGHVulnerability

NVD HIGH: CVE-2026-10091 — The Email JavaScript Cloak plugin for WordPress is vulnerable to Stored Cross-Si...

The Email JavaScript Cloak plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'email' shortcode in all versions up to, and including, 1.03 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that wi

CVE-2026-10091
NIST NVD
LOWZero Day

AI-SPM buyer’s guide: 14 tools to secure your AI infrastructure

Widespread enterprise adoption of AI has created a pressing need for security solutions — a tall order given that AI’s reach into organizational infrastructure and data is enormous and continues to grow. Moreover, where an organization sits on the AI maturity curve impacts its security needs. Trail of Bits CEO Dan Guide describes the AI journey as a migration from AI-assisted, where AI tools are u

CSO Online
CRITICALVulnerability

Cisco Unified CM Flaw Exploited After PoC Reveals File-Write Path to Root

Threat actors have begun to exploit a recently disclosed critical security flaw impacting Cisco Unified Communications Manager (Unified CM) and Unified Communications Manager Session Management Edition (Unified CM SME). The vulnerability, tracked as CVE-2026-20230 (CVSS score: 8.6), is a case of improper input validation for specific HTTP requests that could allow an unauthenticated, remote

CVE-2026-20230
The Hacker News
MEDIUMMalware

Linux Process Name Masquerading, (Wed, Jun 24th)

In a previous diary, I talked about stack strings&&#x23&#x3b;x26&#x3b;&#x23&#x3b;x5b&#x3b;1&&#x23&#x3b;x26&#x3b;&#x23&#x3b;x5d&#x3b; with a practical example of them. Since my SEC670 class, I&&#x23&#x3b;x26&#x3b;&#x23&#x3b;xe2&#x3b;&&#x23&#x3b;x26&#x3b;&#x23&#x3b;x80&#x3b;&&#x23&#x3b;x26&#x3b;&#x23&#x3b;x99&#x3b;m even more interested&&#x23&#x3b;x26&#x3b;&#x23&#x3b;xc2&#x3b;&&#x23&#x3b;x26&#x3b;&#

SANS ISC
CRITICALVulnerability

CVE-2026-41089: CVE-2026-41089 PoC — Netlogon CLDAP stack buffer overflow (CVSS 9.8 CRITICAL) - only a Denial of Service PoC not RCE

[object Object]

CVE-2026-41089
r/blueteamsec
LOWVulnerability

From Langflow to Monero: Inside CVE-2026-33017 Cryptominer

[object Object]

CVE-2026-33017
r/blueteamsec
MEDIUMVulnerabilityPOC

Hackers Exploiting Cisco Unified CM Vulnerability

Cisco noted that a PoC had been available for CVE-2026-20230 when it announced patches in early June. The post Hackers Exploiting Cisco Unified CM Vulnerability appeared first on SecurityWeek .

CVE-2026-20230
SecurityWeek
MEDIUMVulnerability

Weekly Update 509

I know enough about home cinema audiovisual to know there&apos;s a lot I don&apos;t know. It&apos;s conscious incompetence, if you like, which is different to the unconscious incompetence most people have on the topic. That&apos;s not to sound derogatory (it&apos;s

Troy Hunt
HIGHVulnerability

NVD HIGH: CVE-2026-3652 — The ARForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting vi...

The ARForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `value` parameter of the `arf_save_incomplete_form_data` AJAX action in all versions up to, and including, 7.1.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts that will execute whenever an administrator views the "P

CVE-2026-3652
NIST NVD
MEDIUMAi

Anthropic’s Mythos Model Found Vulnerabilities in Classified US Government Systems, Official Says

Come vulnerabilities were found within hours, but that does not mean the model was able to exploit them within that time, the official said. The post Anthropic’s Mythos Model Found Vulnerabilities in Classified US Government Systems, Official Says appeared first on SecurityWeek .

SecurityWeek
CRITICALData Breach

Meta pauses employee monitoring program after data protections fail

An extensive program at Meta to gather a wide range of data from employees to train its AI model has been frozen after employees reportedly broke through its guardrails and accessed restricted data, and then did so again after Meta claimed to have fixed the vulnerability. Whether or not the data collection by the $201 billion owner of Facebook was a good idea, analysts argue that the data protecti

CSO Online
CRITICALSupply Chain

Hole in widely-used FFmpeg codec could crash media servers or enable RCE

A newly discovered critical vulnerability in the FFmpeg media processing framework bundled in a huge number of open source and commercial applications points, again, to the need for CSOs to have strategies to deal with software supply chain vulnerabilities, which should include demanding a software bill of materials for all products. Found by researchers at JFrog , the hole ( CVE-2026-8461 ) is a

CVE-2026-8461
CSO Online