CVE-2026-32634

Glances Central Browser mode vulnerability (CVE-2026-32634): prior to 4.5.2, Zeroconf advertising can mislead the browser into using an untrusted server name to create connection URIs, and to look up saved passwords. If a dynamic server reports itself as protected, the untrusted name is also used...

Transparent COM instrumentation for malware analysis

COM automation is a core Windows technology that allows code to access external functionality through well-defined interfaces. It is similar to traditionally loading a DLL, but is class-based rather than function-based. Many advanced Windows capabilities are exposed through COM, such as Windows...

PT-2026-26023

mdjnelson/moodle-mod customcert is a Moodle plugin for creating dynamically generated certificates with complete customization via the web browser. Prior to versions 4.4.9 and 5.0.3, a teacher who holds mod/customcert:manage in any single course can read and silently overwrite certificate element...

EUVD-2026-12641

Netskope was notified about a potential gap in its Endpoint DLP Module for Netskope Client on Windows systems. The successful exploitation of the gap can potentially allow a privileged user to trigger an integer overflow within the DLL Injector, leading to a Blue-Screen-of-Death BSOD. Successful...

CVE-2026-2809

Netskope was notified about a potential gap in its Endpoint DLP Module for Netskope Client on Windows systems. The successful exploitation of the gap can potentially allow a privileged user to trigger an integer overflow within the DLL Injector, leading to a Blue-Screen-of-Death BSOD. Successful...

CVE-2026-2809 Endpoint DLP Driver DLL

Netskope was notified about a potential gap in its Endpoint DLP Module for Netskope Client on Windows systems. The successful exploitation of the gap can potentially allow a privileged user to trigger an integer overflow within the DLL Injector, leading to a Blue-Screen-of-Death BSOD. Successful...

PT-2026-26178

Name of the Vulnerable Software and Affected Versions SiYuan versions 3.6.0 and earlier Description SiYuan, a personal knowledge management system, has an incomplete blocklist in its SanitizeSVG function. The function blocks 'data:text/html' and 'data:image/svg+xml' in 'href' attributes but fails...

EUVD-2025-208751

A local, non-privileged attacker can abuse a vulnerable IOCTL interface exposed by the OpenEDR 2.5.1.0 kernel driver to modify the DLL injection path used by the product. By redirecting this path to a user-writable location, an attacker can cause OpenEDR to load an attacker-controlled DLL into...

Glances Central Browser Autodiscovery Leaks Reusable Credentials to Zeroconf-Spoofed Servers

Summary In Central Browser mode, Glances stores both the Zeroconf-advertised server name and the discovered IP address for dynamic servers, but later builds connection URIs from the untrusted advertised name instead of the discovered IP. When a dynamic server reports itself as protected, Glances...

CVE-2025-69784

A local, non-privileged attacker can abuse a vulnerable IOCTL interface exposed by the OpenEDR 2.5.1.0 kernel driver to modify the DLL injection path used by the product. By redirecting this path to a user-writable location, an attacker can cause OpenEDR to load an attacker-controlled DLL into...

Help on the line: How a Microsoft Teams support call led to compromise

In our eighth Cyberattack Series report, Microsoft Incident Response—the Detection and Response Team DART—investigates a recent identity-first, human-operated intrusion that relied less on exploiting software vulnerabilities and more on deception and legitimate tools. After a customer reached out...

EUVD-2026-12363

A DLL search order hijacking vulnerability in Thermalright TR-VISION HOME on Windows 64-bit allows a local attacker to escalate privileges via DLL side-loading. The application loads certain dynamic-link library DLL dependencies using the default Windows search order, which includes directories...

CVE-2026-4255

A DLL search order hijacking vulnerability in Thermalright TR-VISION HOME on Windows 64-bit allows a local attacker to escalate privileges via DLL side-loading. The application loads certain dynamic-link library DLL dependencies using the default Windows search order, which includes directories...

CVE-2026-4203

A vulnerability was detected in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. Impacted is the function...

MAL-2026-1485 Malicious code in react-refresh-update (npm)

Package contains highly obfuscated code with dynamic execution using eval, a strong indicator of malicious intent. YARA rule matches confirm. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 68cf0c0bd6ed2a8c07bc175b5c0cc7f86a49133e67dd5d8f68f37309c5f1a463 The...

CVE-2026-4203 D-Link DNS-1550-04 network_mgr.cgi cgi_dhcpd command injection

A vulnerability was detected in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. Impacted is the function...

CVE-2025-69784

A local, non-privileged attacker can abuse a vulnerable IOCTL interface exposed by the OpenEDR 2.5.1.0 kernel driver to modify the DLL injection path used by the product. By redirecting this path to a user-writable location, an attacker can cause OpenEDR to load an attacker-controlled DLL into...

PISmith: Reinforcement Learning-Based Red Teaming for Prompt Injection Defenses

Prompt injection poses serious security risks to real-world LLM applications, particularly autonomous agents. Although many defenses have been proposed, their robustness against adaptive attacks remains insufficiently evaluated, potentially creating a false sense of security. In this work, we...

PT-2026-25865

Summary The MyList configuration feature in Admidio allows authenticated users to define custom list column layouts. User-supplied column names, sort directions, and filter conditions are stored in the adm list columns table via prepared statements safe storage, but are later read back and...

Malicious code in transform-dynamic-import (npm)

The package 'transform-dynamic-import' is part of the PhantomRaven supply chain attack campaign Wave 3. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...