CVE-2026-56341

AVideo prior to 26.1 (through version 26.0) exposes unauthenticated access to payment data via multiple list.json.php endpoints in payment plugins, lacking authorization checks. The issue enables retrieval of PayPal tokens, Authorize.Net webhooks, and Bitcoin transaction records, including agreem...

EUVD-2026-38130

AVideo through version 26.0 contains multiple unauthenticated list.json.php endpoints in payment plugins lacking authorization checks, exposing PayPal tokens, Authorize.Net webhooks, and Bitcoin transaction records. Unauthenticated attackers can retrieve all payment transaction data including...

Brazilian Hacker Charged for Extorting $3.2M in Bitcoin After Breaching 300,000 Accounts

A Brazilian citizen has been charged in the United States for allegedly threatening to release data stolen by hacking into a company's network in March 2020. Junior Barros De Oliveira , 29, of Curitiba, Brazil has been charged with four counts of extortionate threats involving information obtaine...