Malicious Package

Overview eo-terminal is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorshi...

CVE-2026-9523

creationtimestamp| type| source ---|---|--- 2026-05-26 08:59:07+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmqmulzza42c...

PT-2026-47001

An issue was discovered in GnuTLS before 3.6.15. A server can trigger a NULL pointer dereference in a TLS 1.3 client if a no renegotiation alert is sent with unexpected timing, and then an invalid second handshake occurs. The crash happens in the application's error handling path, where the gnutl...

com.github.fangjinuo.agileway:agileway-shiro-redis (>=2.3.3 <=3.1.12), com.github.fangjinuo.agileway:agileway-shiro-redis-springdata2 (>=2.4.2 <=3.1.12) +19 more potentially affected by CVE-2026-43827 via org.apache.shiro:shiro-web (=3.0.0-alpha-1)

org.apache.shiro:shiro-web MAVEN version =3.0.0-alpha-1 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.shiro:shiro-web and may be impacted: - com.github.fangjinuo.agileway:agileway-shiro-redis =2.3.3, =2.4.2, =0.0.3, =0.0.3, =0.0.3, =0.0.3,...

The Alert Firehose Finally Meets Its Match

Ask a cybersecurity pro about Network Detection and Response NDR and you might still hear "Noisy," "Too much data." But ask the teams running NDR that includes agentic AI capabilities and you'll hear they're actually using it to catch threats earlier, triage faster, and chase fewer false positive...

Malicious Package

Overview chai-as-redeploy is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

CVE-2026-9407

creationtimestamp| type| source ---|---|--- 2026-05-25 03:00:26+00:00| seen| https://infosec.exchange/users/offseq/statuses/116632979036479792 2026-05-25 03:00:28+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3mmniedcwxa26...

Nezha Monitoring: RoleMember can fire other users' cron tasks via AlertRule.FailTriggerTasks (no ownership check)

Summary createAlertRule and createService and their update siblings accept FailTriggerTasks uint64 and RecoverTriggerTasks uint64 — IDs of cron tasks to fire when the alert/service trips. The validation function only validates the alert's Rules.Ignore server map; it never checks that the cron tas...

GHSA-RXF6-WJH4-JFJ6 Nezha Monitoring: RoleMember can fire other users' cron tasks via AlertRule.FailTriggerTasks (no ownership check)

Summary createAlertRule and createService and their update siblings accept FailTriggerTasks uint64 and RecoverTriggerTasks uint64 — IDs of cron tasks to fire when the alert/service trips. The validation function only validates the alert's Rules.Ignore server map; it never checks that the cron tas...

PT-2026-42859

Name of the Vulnerable Software and Affected Versions Nezha Monitoring versions 1.4.0 through 2.0.7 Description An authenticated user with RoleMember privileges can trigger cron tasks belonging to other users, including administrators. This occurs because the system fails to verify the ownership ...

CALIBURN: A Regime-Sensitivity Study of Operationally Calibrated Streaming Intrusion Detection

Streaming network intrusion detection systems must process flows continuously while keeping memory bounded, but most current methods leave alerting threshold selection as a post-hoc tuning problem poorly suited to production. Operators need alerting behaviour specifiable before deployment using...

CVE-2026-40597

creationtimestamp| type| source ---|---|--- 2026-05-22 22:24:23+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmhxykfjqe2i 2026-06-06 11:02:53+00:00| seen| https://bsky.app/profile/keiwork35.bsky.social/post/3mnmiw2dm4a2l...

CVE-2026-36227

creationtimestamp| type| source ---|---|--- 2026-05-22 15:00:15+00:00| seen| Telegram/dTfSHcoUcJaeOuFARbGp4aQ01psDVJQvBc7YPH7AO1ZEIM0...

PT-2026-42732

Name of the Vulnerable Software and Affected Versions vm2 versions prior to 3.11.4 Description Sandbox escape flaws in NodeVM allow unauthenticated remote code execution on the host server. The issue occurs because the dangerous builtin denylist in lib/builtin.js misses process and...

CVE-2026-42827

creationtimestamp| type| source ---|---|--- 2026-05-21 21:00:00+00:00| seen| https://www.govcert.gov.hk/en/alertsdetail.php?id=1886...

CVE-2026-45659

creationtimestamp| type| source ---|---|--- 2026-05-21 21:00:00+00:00| seen| https://www.govcert.gov.hk/en/alertsdetail.php?id=1886 2026-05-22 13:10:21+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mmgz25nmtv2h 2026-05-22 23:22:57+00:00| seen|...

CVE-2026-41090

creationtimestamp| type| source ---|---|--- 2026-05-21 21:00:00+00:00| seen| https://www.govcert.gov.hk/en/alertsdetail.php?id=1886 2026-05-23 04:30:28+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3mmimhgj3wo2p 2026-05-23 11:02:36+00:00| seen|...

CVE-2026-23652

creationtimestamp| type| source ---|---|--- 2026-05-21 21:00:00+00:00| seen| https://www.govcert.gov.hk/en/alertsdetail.php?id=1886 2026-05-23 03:11:44+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmii2olzgn2i 2026-05-23 06:06:34+00:00| seen|...

CVE-2026-23663

creationtimestamp| type| source ---|---|--- 2026-05-21 21:00:00+00:00| seen| https://www.govcert.gov.hk/en/alertsdetail.php?id=1886...

CVE-2026-39531

creationtimestamp| type| source ---|---|--- 2026-05-21 17:00:40+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mmevh22lgg2l...