CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

The Hacker News•added 2026/05/08 3:8 p.m.•7 views

Fake Call History Apps Stole Payments From Users After 7.3 Million Play Store Downloads

Cybersecurity researchers have discovered fraudulent apps on the official Google Play Store for Android that falsely claimed to offer access to call histories for any phone number, only to trick users into joining a subscription that provided fake data and incurred financial loss. The 28 apps hav...

The Hacker News•added 2026/05/04 9:27 a.m.•6 views

Critical cPanel Vulnerability Weaponized to Target Government and MSP Networks

A previously unknown threat actor has been observed targeting government and military entities in Southeast Asia, alongside a smaller cluster of managed service providers MSPs and hosting providers in the Philippines, Laos, Canada, South Africa, and the U.S., by exploiting the recently disclosed...

9.8CVSS6.4AI score0.90762EPSS

Exploits59

Trend Micro Simply Security•added 2026/04/30 12:0 a.m.•2 views

Inside Shadow-Earth-053: A China-Aligned Cyberespionage Campaign Against Government and Defense Sectors in Asia

A China-aligned threat group is exploiting unpatched Microsoft Exchange vulnerabilities to conduct cyberespionage against government and critical infrastructure targets across Asia and beyond...

HackRead•added 2026/04/23 4:42 p.m.•3 views

Harvester APT Expands Spying Operations with New GoGra Linux Malware

New GoGra Linux malware linked to Harvester APT targets systems in South Asia, using fake PDFs and Microsoft APIs for covert command and control...

The Hacker News•added 2026/04/22 3:28 p.m.•6 views

Harvester Deploys Linux GoGra Backdoor in South Asia Using Microsoft Graph API

The threat actor known as Harvester has been attributed to a new Linux version of its GoGra backdoor deployed as part of attacks likely targeting entities in South Asia. "The malware uses the legitimate Microsoft Graph API and Outlook mailboxes as a covert command-and-control C2 channel, allowing...

Securelist•added 2026/04/15 12:30 p.m.•0 views

Threat landscape for industrial automation systems in Q4 2025

Statistics across all threats The percentage of ICS computers on which malicious objects were blocked has been decreasing since the beginning of 2024. In Q4 2025, it was 19.7%. Over the past three years, the percentage has decreased by 1.36 times, and by 1.25 times since Q4 2023. Percentage of IC...

The Hacker News•added 2026/03/30 7:0 a.m.•2 views

Three China-Linked Clusters Target Southeast Asian Government in 2025 Cyber Campaign

Three threat activity clusters aligned with China have targeted a government organization in Southeast Asia as part of what has been described as a "complex and well-resourced operation." The campaigns have led to the deployment of various malware families, including HIUPAN aka USBFect, MISTCLOAK...

6.3AI score

The Hacker News•added 2026/03/11 1:15 p.m.•4 views

Meta Disables 150K Accounts Linked to Southeast Asia Scam Centers in Global Crackdown

Meta on Wednesday said it disabled over 150,000 accounts associated with scam centers in Southeast Asia as part of a coordinated effort in partnership with authorities from Thailand, the U.S., the U.K., Canada, Korea, Japan, Singapore, the Philippines, Australia, New Zealand, and Indonesia. The...

6AI score

RedhatCVE•added 2026/03/06 7:54 a.m.•2 views

CVE-2026-28063

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Asia Garden asia-garden allows PHP Local File Inclusion.This issue affects Asia Garden: from n/a through = 1.3.1...

8.1CVSS5.8AI score0.00172EPSS

EUVD•added 2026/03/05 6:30 a.m.•1 views

EUVD-2026-9723

8.1CVSS5.9AI score0.00172EPSS

Exploits0References2

NVD•added 2026/03/05 6:16 a.m.•1 views

CVE-2026-28063

8.1CVSS0.00172EPSS

Vulnrichment•added 2026/03/05 5:54 a.m.•1 views

CVE-2026-28063 WordPress Asia Garden theme <= 1.3.1 - Local File Inclusion vulnerability

8.1CVSS5.9AI score0.00172EPSS

CVE•added 2026/03/05 5:54 a.m.•6 views

CVE-2026-28063

CVE-2026-28063 refers to the ThemeREX Asia Garden WordPress theme vulnerability: an improper filename control in PHP Include/Require leading to Local File Inclusion in Asia Garden versions

8.1CVSS5.9AI score0.00172EPSS

ATTACKERKB•added 2026/03/05 5:54 a.m.•2 views

CVE-2026-28063

5.9AI score0.00172EPSS

Exploits0References2

Cvelist•added 2026/03/05 5:54 a.m.•26 views

CVE-2026-28063 WordPress Asia Garden theme <= 1.3.1 - Local File Inclusion vulnerability

8.1CVSS0.00172EPSS

CNNVD•added 2026/03/05 12:0 a.m.•2 views

WordPress plugin Asia Garden 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

8.1CVSS5.8AI score0.00172EPSS

Positive Technologies•added 2026/03/05 12:0 a.m.•2 views

PT-2026-23343

5.9AI score0.00172EPSS

Exploits0References2

The Hacker News•added 2026/03/04 8:14 a.m.•6 views

APT41-Linked Silver Dragon Targets Governments Using Cobalt Strike and Google Drive C2

Cybersecurity researchers have disclosed details of an advanced persistent threat APT group dubbed Silver Dragon that has been linked to cyber attacks targeting entities in Europe and Southeast Asia since at least mid-2024. "Silver Dragon gains its initial access by exploiting public-facing...

6.3AI score