PT-2026-21199

Name of the Vulnerable Software and Affected Versions WP FullCalendar versions through 1.6 Description The WP FullCalendar software contains a missing authorization flaw. This allows exploitation of incorrectly configured access control security levels. No information is available regarding the...

A Bootiful Podcast: The Vaadin team, live from Vaadin Create 2025

Hi, Spring fans! In this installment, I had the privilege to sit down with Vaadin legends Joonas Lehtinen, Marcus Hellberg, and Leif Åstrand at the amazing Vaadin Create 2025 event in Frankfurt, Germany...

Ubuntu: Security Advisory (USN-7363-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2025-22576

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Marcus Downing Site PIN site-pin allows Reflected XSS.This issue affects Site PIN: from n/a through = 1.3...

Drupal AI (Artificial Intelligence) module < 1.0.2 - Unauthenticated Cross Site Request Forgery (CSRF) vulnerability

Unauthenticated Cross Site Request Forgery CSRF vulnerability discovered by Marcus Johansson in WordPress Module AI Artificial Intelligence versions 1.0.2...

CVE-2025-22576

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Marcus Downing Site PIN site-pin allows Reflected XSS.This issue affects Site PIN: from n/a through = 1.3...

CVE-2025-22576 WordPress Site PIN Plugin <= 1.3 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Marcus Downing Site PIN allows Reflected XSS.This issue affects Site PIN: from n/a through 1.3...

CVE-2025-22576 WordPress Site PIN Plugin <= 1.3 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Marcus Downing Site PIN site-pin allows Reflected XSS.This issue affects Site PIN: from n/a through = 1.3...

A Bootiful Podcast: Vaadin developer advocacy legend Marcus Hellberg

Hi, Spring fans! In this installment, I talk to Vaadin developer advocacy legend Marcus Hellberg about the lates-and-greatest in the wide and wonderful world of Spring...

ShinyHunters Leak 33M Twilio Authy Phone Numbers, Neiman Marcus and Truist Bank Data

ShinyHunters hackers have taken responsibility for three high-profile data breaches involving Neiman Marcus, Truist Bank, and Twilio Authy,…...

A week in security (June 24 &#8211; June 30)

Last week on Malwarebytes Labs: TEMU sued for being "dangerous malware" by Arkansas Attorney General Driving licences and other official documents leaked by authentication service used by Uber, TikTok, X, and more "Poseidon" Mac stealer distributed via Google ads Federal Reserve "breached" data m...

Neiman Marcus confirms breach. Is the customer data already for sale?

Luxury retail chain Neiman Marcus has begun to inform customers about a cyberattack it discovered in May. The attacker compromised a database platform storing customers personal information. The letter tells customers: “Promptly after learning of the issue, we took steps to contain it, including ...

Widely-Used PuTTY SSH Client Found Vulnerable to Key Recovery Attack

The maintainers of the PuTTY Secure Shell SSH and Telnet client are alerting users of a critical vulnerability impacting versions from 0.68 through 0.80 that could be exploited to achieve full recovery of NIST P-521 ecdsa-sha2-nistp521 private keys. The flaw has been assigned the CVE identifier...

marcus-nehring.de Improper Access Control vulnerability OBB-3819988

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

marcusgoncalves.com Improper Access Control vulnerability OBB-3804617

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

marcusdaviesphotography.com Improper Access Control vulnerability OBB-3804616

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

davidmarcus.com Improper Access Control vulnerability OBB-3796938

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Spring Tips: Vaadin Flow and Spring Boot 3

Hi, Spring fans! In this installment, we'll look at the fantastic Vaadin Flow library, which has recently been updated for Spring Boot 3, and how it can help you be happier. the code is available, as usual, here this episode features special guest Marcus Hellberg, VP developer relations from...

madisonmarcus.com.au Cross Site Scripting vulnerability OBB-2834038

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

FBI's Email System Hacked to Send Out Fake Cyber Security Alert to Thousands

The U.S. Federal Bureau of Investigation FBI on Saturday confirmed unidentified threat actors have breached one of its email servers to blast hoax messages about a fake "sophisticated chain attack." The incident, which was first publicly disclosed by threat intelligence non-profit SpamHaus,...