Rukovoditel <= 3.2.1 - Cross Site Scripting

A stored cross-site scripting XSS vulnerability in the Users Alerts feature /index.php?module=usersalerts/usersalerts of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter after clicking "Add". id:...

CVE-2026-8874

CVE-2026-8874 affects Securly Chrome Extension v3.0.7. It fetches crisis alert keywords and filtering rules over HTTP, while other endpoints use HTTPS, showing TLS inconsistency. This could allow network interception/modification of downloaded configuration data. Reported impact: confidentiality/...

Fake virus alerts are invading mobile games

Sometimes it happens. You’re happily playing a game on your phone or laptop when suddenly alarms pop up out of nowhere: " Your device is infected!" " Your iCloud is full!" " Your account is restricted for watching porn!" Some games can be played for free if you agree to watch ads, and in others y...

waf-engine

WAF & SOAR Engine A cloud-native Web Application Firewall and...

CVE-2026-2128

creationtimestamp| type| source ---|---|--- 2026-05-28 20:16:19+00:00| seen| https://www.incibe.es/incibe-cert/alerta-temprana/vulnerabilidades/cve-2026-2128 2026-05-29 09:54:06+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmybdofzag2e 2026-06-04 06:16:27+00:00| seen|...

CVE-2026-9901

creationtimestamp| type| source ---|---|--- 2026-05-28 18:00:00+00:00| seen| https://www.hkcert.org/security-bulletin/google-chrome-multiple-vulnerabilities20260529 2026-05-28 18:00:00+00:00| seen| https://www.hkcert.org/security-bulletin/microsoft-edge-multiple-vulnerabilities20260529 2026-05-29...

CVE-2026-9931

creationtimestamp| type| source ---|---|--- 2026-05-28 18:00:00+00:00| seen| https://www.hkcert.org/security-bulletin/microsoft-edge-multiple-vulnerabilities20260529 2026-05-28 18:00:00+00:00| seen| https://www.hkcert.org/security-bulletin/google-chrome-multiple-vulnerabilities20260529 2026-05-29...

Real-Time Webhook Notifications: No More Lost Security Alerts

Every security team knows the pain: a critical alert lands in someone’s inbox, buried under dozens of other emails, or filtered out by a spam rule. By the time anyone sees it, the incident is already in full swing—no ticket opened, no Slack message sent, no automated workflow triggered. The...

Devolutions Server 安全漏洞

Devolutions Server is an application system developed by the Canadian company Devolutions. It provides a fully functional solution for shared accounts and password management. Versions of Devolutions Server from 2026.1.6.0 to 2026.1.16.0, as well as versions prior to 2025.3.20.0, have security...

Devolutions Server 安全漏洞

Devolutions Server is an application system developed by the Canadian company Devolutions. It provides a fully functional solution for shared accounts and password management. Versions of Devolutions Server from 2026.1.6.0 to 2026.1.16.0, as well as versions prior to 2025.3.20.0, have security...

Catch spyware in the act with Windows Webcam Monitoring

You’re working hard late at night, replying to emails and planning the week ahead. Then suddenly, a PDF file requests access to your camera. Why would a PDF need camera access? Cybercriminals often disguise spyware inside seemingly harmless files and programs. An unexpected request for access to...

MAL-2026-4386 Malicious code in @elvatis_com/openclaw-cli-bridge-elvatis (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8ea4d389a7d7fc1ab1598f69441105d1ebe696d9d5d351f805644bded733fe7e When the OpenClaw gateway loads this plugin and starts its proxy server, code paths in dist/index.js lines 1076 and 1093 schedule outbound WhatsApp...

Malicious code in @elvatis_com/openclaw-cli-bridge-elvatis (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8ea4d389a7d7fc1ab1598f69441105d1ebe696d9d5d351f805644bded733fe7e When the OpenClaw gateway loads this plugin and starts its proxy server, code paths in dist/index.js lines 1076 and 1093 schedule outbound WhatsApp...

Astra Linux - уязвимость в firefox, thunderbird

When reusing existing popups, Firefox would have allowed them to cover the fullscreen notification UI, which could have enabled browser spoofing attacks. This vulnerability affects Thunderbird 91.9, Firefox ESR 91.9, and Firefox 100...

Astra Linux - уязвимость в firefox

A website could have obscured the fullscreen notification by using an option element, introducing a delay through a costly computational process. This could have caused confusion among users and potentially led to spoofing attacks. This vulnerability affects Firefox versions earlier than 115...

GenAI-Driven Threat Detection with Microsoft Security Copilot

Defending against today's increasingly sophisticated cyberattacks requires security analysts to continuously translate evolving attacker tradecraft into detection logic. This places defenders in a reactive posture, requiring constantly updated expertise across an increasingly fragmented security...

Detecting Offensive Cyber Agents: A Detection-In-Depth Approach

Artificial Intelligence AI agents can now orchestrate cyberattacks. This development is already increasing the speed and scale of cyber attacks, decreasing attack costs, and improving the operational autonomy of cyber capabilities. To defend against these emerging threats, actors must first devel...

CVE-2026-41091

creationtimestamp| type| source ---|---|--- 2026-05-19 21:00:00+00:00| seen| https://www.govcert.gov.hk/en/alertsdetail.php?id=1878 2026-05-20 10:16:09+00:00| seen| https://cyber.gc.ca/en/alerts-advisories/microsoft-security-advisory-av26-489 2026-05-20 14:10:08+00:00| seen|...

CVE-2026-45584

creationtimestamp| type| source ---|---|--- 2026-05-19 21:00:00+00:00| seen| https://www.govcert.gov.hk/en/alertsdetail.php?id=1878 2026-05-20 10:16:09+00:00| seen| https://cyber.gc.ca/en/alerts-advisories/microsoft-security-advisory-av26-489 2026-05-20 14:10:08+00:00| seen|...

PT-2026-41729

Name of the Vulnerable Software and Affected Versions russh versions prior to 0.58.0 russh versions 0.60.x Description An issue exists in the CryptoVec component involving unchecked capacity growth, unchecked length arithmetic, and unsafe allocation and locking paths. In versions prior to 0.58.0,...