FBI’s 2025 Internet Crime Report

The 2025 Internet Crime Report was published a few weeks ago, but I only just saw it. Lots of interesting statistics. Press release. News articles...

CVE-2026-7078

creationtimestamp| type| source ---|---|--- 2026-05-27 12:07:08+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mmthtpldq22r...

CVE-2026-7079

creationtimestamp| type| source ---|---|--- 2026-05-27 10:07:08+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mmtb54njo225...

blog-coeur (>=0.0.12 <=0.0.19), chat-portal (>=0.1.0 <=0.2.1) +8 more potentially affected by unknown CVE via instagrapi (>=2.0.0 <=2.6.6)

instagrapi PYPI version =2.0.0, =0.0.12, =0.1.0, =0.0.1, =0.1.0, =1.0.0, =1.3.7, =0.1.0, =0.1.0, =2.2.0, =1.0.2, =2.8.50 Source cves: unknown CVE Source advisory: OSV:GHSA-GGXF-37HM-9WQF...

Friday Squid Blogging: Regulating Squid Fishing in the South Pacific

The South Pacific Regional Fisheries Management Organization SPRFMO needs to regulate squid fishing in the South Pacific. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Blog moderation policy...

Malicious Package

Overview polymarket-ai-agent is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

This Is a Hold-Up: Financial Services Under Attack

...

CVE-2026-44295

creationtimestamp| type| source ---|---|--- 2026-05-19 23:07:08+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mmaiyj6d3p26...

10 Top OSINT Tools Every Investigator Should Know in 2026

Modern OSINT platforms rely more on AI and automation, while older social tracking methods keep losing access due to privacy and API restrictions...

GHSA-2M69-JMVH-6CHR CI4MS: Stored XSS in Blog Content via Broken `html_purify` Validation Rule

Summary The custom htmlpurify validation rule used to sanitize blog post bodies relies on by-reference mutation ?string &$str, but CodeIgniter 4's validator passes a local copy of the value, so the sanitized text is silently discarded. The Blog controller writes $lanData'content' directly into...

CI4MS: Stored XSS in Blog Content via Broken `html_purify` Validation Rule

Summary The custom htmlpurify validation rule used to sanitize blog post bodies relies on by-reference mutation ?string &$str, but CodeIgniter 4's validator passes a local copy of the value, so the sanitized text is silently discarded. The Blog controller writes $lanData'content' directly into...

Continuous Detection, Continuous Response: Mate Security Redefines the Modern SOC

New York, USA, 18th May 2026, CyberNewswire...

CVE-2026-6637

creationtimestamp| type| source ---|---|--- 2026-05-18 06:01:20+00:00| seen| https://www.acn.gov.it/portale/w/risolte-vulnerabilita-in-postgresql-1 2026-05-18 17:37:08+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mm5g3ixq2d2p 2026-05-22 10:24:18+00:00| seen|...

CVE-2026-30903

creationtimestamp| type| source ---|---|--- 2026-05-18 00:07:07+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mm3lfxd3kz2y...

PT-2026-41688

Summary The custom html purify validation rule used to sanitize blog post bodies relies on by-reference mutation ?string &$str, but CodeIgniter 4's validator passes a local copy of the value, so the sanitized text is silently discarded. The Blog controller writes $lanData'content' directly into...

PT-2026-41539

A weakness has been identified in Z-BlogPHP 1.7.4.3430. This affects the function CheckComment of the file zb system/function/c system event.php of the component Commend Approval Handler. This manipulation causes improper authorization. The attack may be initiated remotely. The exploit has been...

Stored Cross-Site Scripting

XWiki Blog Application is vulnerable to Stored Cross-Site Scripting XSS. The vulnerability is due to improper escaping of blog post titles before insertion into the HTML tag, allowing attackers with blog editing permissions to inject malicious JavaScript that executes in the browser of users...

Friday Squid Blogging: Bigfin Squid

Article about the bigfin squid. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Blog moderation policy...

CVE-2026-43908

creationtimestamp| type| source ---|---|--- 2026-05-15 19:37:08+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mlw3fddr3e2w...

CVE-2026-42891

creationtimestamp| type| source ---|---|--- 2026-05-12 16:38:43+00:00| seen| https://www.thezdi.com/blog/2026/5/12/the-may-2026-security-update-review 2026-05-13 01:08:48+00:00| seen| https://www.acn.gov.it/portale/w/aggiornamenti-mensili-microsoft-20...