Adversarial Exposure Validation Turns Security Visibility into Confident Prioritization

For security teams, the findings never stop, but confidence in knowing which ones matter is becoming harder to maintain. The problem is no longer visibility. It's validation. Security teams must decide which findings warrant action while operating under constant pressure and incomplete informatio...

CVE-2026-7523

The CVE-2026-7523 entry concerns the Alba Board WordPress plugin (

CVE-2026-46104

A flaw was found in the Linux kernel's SELinux Security-Enhanced Linux socket permission helpers. In configurations where multiple Linux Security Modules LSMs are active, the system may incorrectly access socket security data. This can lead to invalid security identifiers SIDs and class values...

Rapid7 Quarterly Threat Landscape Report: Zero-clicks, geopolitical tensions, and some wins for law enforcement

The first quarter of 2026 reinforced that attackers are moving faster, operating with greater coordination, and exploiting weaknesses before most organizations can respond effectively. From escalating geopolitical tensions to increasingly aggressive ransomware operations, the latest quarterly...

EUVD-2007-5471

Malware in sbrugna...

Exploit for CVE-2025-52357

CVE-2025-52357 : Security Advisory: XSS in FD602GW-DX-R410 Rou...

PUB-A-394726109

Analysis: Access Vector: Local Layer: Userland Root Causes: Heap Buffer Overflow SRS Categories: - Android Security SRS Category: Memory Safety Writeup: A stack trace alone with PoC app is insufficient to determine if this represents a genuine memory corruption vulnerability reachable by an...

New HardBit Ransomware 4.0 Uses Passphrase Protection to Evade Detection

Cybersecurity researchers have shed light on a new version of a ransomware strain called HardBit that comes packaged with new obfuscation techniques to deter analysis efforts. "Unlike previous versions, HardBit Ransomware group enhanced the version 4.0 with passphrase protection," Cybereason...

Iranian State-Sponsored OilRig Group Deploys 3 New Malware Downloaders

The Iranian state-sponsored threat actor known as OilRig deployed three different downloader malware throughout 2022 to maintain persistent access to victim organizations located in Israel. The three new downloaders have been named ODAgent, OilCheck, and OilBooster by Slovak cybersecurity company...

Oracle Linux 5 : setroubleshoot (ELSA-2008-0061)

The remote Oracle Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2008-0061 advisory. setroubleshoot: 2.0.5-3.0.1.el5 - replace missed references to bugzilla.redhat.com with linux.oracle.com 2.0.5-3 - Resolve: bug 436564: socket.getsocko...

Part 1: An In-Depth Look at the Latest Vulnerability Threat Landscape

The number of vulnerabilities is steadily increasing over the years, as evidenced by the 206,000 vulnerabilities reported and still counting in the National Vulnerability Database NVD. With each subsequent year, this trend has persisted since 2016, surpassing the previous vulnerability count. In...

K44611310: MySQL vulnerability CVE-2015-0411

Security Advisory Description Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier, and 5.6.21 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Server : Security : Encryption. CVE-2015-0411 Impact Through...

Researchers warn of FFDroider and Lightning info-stealers targeting users in the wild

Cybersecurity researchers are warning of two different information-stealing malware, named FFDroider and Lightning Stealer, that are capable of siphoning data and launching further attacks. "Designed to send stolen credentials and cookies to a Command & Control server, FFDroider disguises itself ...

OpenMRS Platform 2.24.0 - Insecure Object Deserialization

OpenMRS Platform 2.24.0 - Insecure Object Deserialization Insecure Object Deserialization on the OpenMRS Platform Vulnerability Details CVE ID: CVE-2018-19276 Access Vector: Remote Security Risk: Critical Vulnerability: CWE-502 CVSS Base Score: 10.0 CVSS vector:...

AudioCode 400HD Cross Site scripting

CVE-2018-10091 Stored XSS vulnerabilities in AudioCode IP phones Description The AudioCodes 400HD series of IP phones is a range of easy-to-use, feature-rich desktop devices for the service provider hosted services, enterprise IP telephony and contact center markets. Most of user inputs in the CG...

Gespage 7.4.8 - SQL Injection

CVE-2017-7997 Gespage SQL Injection vulnerability Description Gespage is a web solution providing a printer portal. Official Website: http://www.gespage.com/ The web application does not properly filter several parameters sent by users, allowing authenticated SQL code injection Stacked Queries -...

UCOPIA Wireless Appliance Restricted Shell Escape

CVE-2017-11321 UCOPIA Wireless Appliance You can also retrieve the IP address of the outgoing interface. For this, you need to log in to the terminal of the virtual machine with the following username and password: admin/bhu85tgb, and then execute the interface command. By logging in within these...

ViMbAdmin 3.0.15 - Multiple Cross-Site Request Forgery Vulnerabilities

CVE-2017-6086 Multiple CSRF vulnerabilities in ViMbAdmin version 3.0.15 Product Description ViMbAdmin is a web-based interface used to manage a mail server with virtual domains, mailboxes and aliases. It is an open source solution developed by Opensolutions and distributed under the GNU/GPL licen...

EON 5.0 SQL Injection

CVE-2017-6088 EON 5.0 Multiple SQL Injection Description EyesOfNetwork "EON" is an OpenSource network monitoring solution. SQL injection authenticated The Eonweb code does not correctly filter arguments, allowing authenticated users to inject arbitrary SQL requests. CVE ID: CVE-2017-6088 Access...

SPIP 3.1.2 Cross Site Scripting Vulnerability

Exploit for php platform in category web applications SPIP 3.1.2 Reflected Cross-Site Scripting CVE-2016-7981 Product Description SPIP is a publishing system for the Internet, which put importance on collaborative working, multilingual environments and ease of use. It is free software, distribute...