MapUrlToZone Security Feature Bypass Vulnerability

Improper resolution of path equivalence in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network...

When Trusted Websites Turn Malicious: WordPress Compromises Advance Global Stealer Operation

Overview Rapid7 Labs has identified and analyzed an ongoing, widespread compromise of legitimate, potentially highly trusted WordPress websites, misused by an unidentified threat actor to inject a ClickFix implant impersonating a Cloudflare human verification challenge CAPTCHA. The lure is design...

CVE-2026-2741

CVE-2026-2741 affects Vaadin’s build process which automatically downloads and extracts Node.js when not installed locally. A path traversal flaw in specially crafted ZIP archives can make files be written outside the intended extraction directory during Node.js download/extraction for Vaadin ver...

The Zero-Day Scramble is Avoidable: A Guide to Attack Surface Reduction

You can't control when the next critical vulnerability drops. You can control how much of your environment is exposed when it does. The problem is that most teams have more internet-facing exposure than they realise. Intruder's Head of Security digs into why this happens and how teams can manage ...

Hackers may have breached FBI wiretap network via supply chain

Investigators are worried that a recent attack on a critical FBI system was more than just a random hit, and that another nation-state might have been involved. On February 17, the FBI flagged irregular network activity that led straight to its Digital Collection System Network. That system...

CVE-2026-3822

Taipower APP for Andorid developed by Taipower has an Improper Certificate Validation vulnerability. When establishing an HTTPS connection with the server, the application fails to verify the server-side TLS/SSL certificate. This flaw allows an unauthenticated remote attackers to exploit the...

What Is Exposure Management? A Modern Guide

Attackers don't just look for a single high-severity vulnerability; they look for a path of least resistance. They connect the dots between a misconfigured cloud service, an exposed credential, and an unpatched server to reach their goal. To build a strong defense, you need to see your environmen...

CVE-2026-3786

A security flaw has been discovered in EasyCMS up to 1.6. The impacted element is an unknown function of the file /RbacuserAction.class.php of the component Request Parameter Handler. The manipulation of the argument order results in sql injection. The attack can be launched remotely. The exploit...

CVE-2026-3788

A security vulnerability has been detected in Bytedesk up to 1.3.9. This impacts the function getModels of the file source-code/src/main/java/com/bytedesk/ai/springai/providers/openrouter/SpringAIOpenrouterRestService.java of the component SpringAIOpenrouterRestController. Such manipulation of th...

Regular Expression Denial of Service (ReDoS)

Overview parse-server is a version of the Parse backend that can be deployed to any infrastructure that can run Node.js. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS in the handling of $regex in the LiveQuery component. An attacker can cause the...

PT-2026-24328

Name of the Vulnerable Software and Affected Versions Azure MCP Server affected versions not specified Description An authorized attacker can exploit a server-side request forgery SSRF condition in Azure MCP Server to gain elevated privileges on a network. SSRF occurs when an application makes...

PT-2026-24416

Craft Commerce is an ecommerce platform for Craft CMS. Prior to 5.5.3, Craft Commerce is vulnerable to SQL Injection in the inventory levels table data endpoint. The sort0direction and sort0sortField parameters are concatenated directly into an addOrderBy clause without any validation or...

PT-2026-24321

Name of the Vulnerable Software and Affected Versions Windows Routing and Remote Access Service RRAS affected versions not specified Description An integer overflow or wraparound exists in Windows Routing and Remote Access Service RRAS. This condition allows an unauthorized attacker to execute co...

PT-2026-24273

Name of the Vulnerable Software and Affected Versions Microsoft Windows affected versions not specified Description A use after free issue exists in Windows Print Spooler Components. This allows an authorized attacker to execute code over a network. Recommendations At the moment, there is no...

Git for Windows 信息泄露漏洞

Git for Windows is Git version for Windows operating systems. Versions of Git for Windows prior to 2.53.02 had a vulnerability related to information leakage. This vulnerability stemmed from the possibility of tricking users into cloning malicious servers, allowing attackers to brute-force their...

Game-Theoretic Modeling of Stealthy Intrusion Defense against MDP-Based Attackers

The rapid expansion of Internet use has increased system exposure to cyber threats, with advanced persistent threats APTs being especially challenging due to their stealth, prolonged duration, and multi-stage attacks targeting high-value assets. In this study, we model APT evolution as a strategi...

PT-2026-24300

Уязвимость службы Routing and Remote Access Service RRAS операционных систем Windows связана с выходом операции за границы буфера в памяти. Эксплуатация уязвимости может позволить нарушителю, ействующему удаленно, выполнить произвольный код...

CLIOPATRA: Extracting Private Information from LLM Insights

As AI assistants become widely used, privacy-aware platforms like Anthropic's Clio have been introduced to generate insights from real-world AI use. Clio's privacy protections rely on layering multiple heuristic techniques together, including PII redaction, clustering, filtering, and LLM-based...

ROS-20260310-73-0015

A vulnerability in the ANGLE library of the Google Chrome browser is related to the ability to use memory after it has been freed. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

ROS-20260310-73-0023

Vulnerability in coredns related to unrestricted resource allocation. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...