Exploit for CVE-2016-10555

██╗██╗ ██╗████████╗ ███████╗ ██████╗ ██████╗ ███...

Attackers abuse OAuth’s built-in redirects to launch phishing and malware attacks

Attackers are abusing normal OAuth error redirects to send users from a legitimate Microsoft or Google login URL to phishing or malware pages, without ever completing a successful sign‑in or stealing tokens from the OAuth flow itself. That calls for a bit more explanation. OAuth Open Authorizatio...

High-severity Qualcomm bug hits Android devices in targeted attacks

Google has patched 129 vulnerabilities in Android in its March 2026 Android Security Bulletin, including a Qualcomm display flaw that is known to be actively exploited. You can check your device’s Android version, security update level, and Google Play system update in Settings. You should get a...

Mobile malware evolution in 2025

Starting from the third quarter of 2025, we have updated our statistical methodology based on the Kaspersky Security Network. These changes affect all sections of the report except for the installation package statistics, which remain unchanged. To illustrate trends between reporting periods, we...

EUVD-2026-9375

The /root/anaconda-ks.cfg installation configuration file in International Datacasting Corporation IDC SFX SeriesSFX2100 SuperFlex Satellite Receiver insecurely stores the hardcoded root password hash. The password itself is highly insecure and susceptible to offline dictionary attacks using the...

CVE-2026-29120

The /root/anaconda-ks.cfg installation configuration file in International Datacasting Corporation IDC SFX SeriesSFX2100 SuperFlex Satellite Receiver insecurely stores the hardcoded root password hash. The password itself is highly insecure and susceptible to offline dictionary attacks using the...

CVE-2026-29120

The /root/anaconda-ks.cfg installation configuration file in International Datacasting Corporation IDC SFX SeriesSFX2100 SuperFlex Satellite Receiver insecurely stores the hardcoded root password hash. The password itself is highly insecure and susceptible to offline dictionary attacks using the...

Cisco Secure Firewall Threat Defense和Cisco IOS XE Software 安全漏洞

Cisco Secure Firewall Threat Defense and Cisco IOS XE Software are both products of the American company Cisco. Cisco Secure Firewall Threat Defense is an integrated firewall platform. Cisco IOS XE Software is a network operating system. Both Cisco Secure Firewall Threat Defense and Cisco IOS XE...

PT-2026-23027

Name of the Vulnerable Software and Affected Versions Cisco Secure Firewall Adaptive Security Appliance ASA Software and Cisco Secure Firewall Threat Defense FTD Software affected versions not specified Description A flaw exists in the VPN web services component that may allow a remote attacker t...

Open-Source CyberStrikeAI Deployed in AI-Driven FortiGate Attacks Across 55 Countries

The threat actor behind the recently disclosed artificial intelligence AI-assisted campaign targeting Fortinet FortiGate appliances leveraged an open-source, AI-native security testing platform called CyberStrikeAI to execute the attacks. The new findings come from Team Cymru, which detected its...

Dataease SQLBot 数据伪造问题漏洞

Dataease SQLBot is a robot plugin developed by Dataease as open source. Versions of Dataease SQLBot 1.5.1 and earlier contained a data manipulation vulnerability. This vulnerability stemmed from improper verification of the encrypted signature for the validateEmbedded function in the JWT Token...

LLM-Claw 安全漏洞

LLM-Claw is an open-source AI agent framework developed by CLAW LLM. Versions 0.1.0, 0.1.1, 0.1.1a, and 0.1.1a-p1 of LLM-Claw contain security vulnerabilities. These vulnerabilities stem from a buffer overflow in the agentdeployinit function within the Agent Deployment component, which may lead t...

Blockchain Communication Vulnerabilities

Blockchains are diverse in the way they handle communications between their nodes to disseminate information, mitigate attacks, and agree on the next block. While security vulnerabilities have been identified, they rely on an attack custom-made for a specific blockchain communication protocol. To...

Multi-Agent Honeypot-Based Request-Response Context Dataset for Improved SQL Injection Detection Performance

SQL injection remains a major threat to web applications, as existing defenses often fail against obfuscation and evolving attacks because of neglecting the request-response context. This paper presents a context-enriched SQL injection detection framework, focusing on constructing a high-quality...

GHSA-JMM5-FVH5-GF4P OpenClaw has non-constant-time token comparison in hooks authentication

Summary OpenClaw hooks previously compared the provided hook token using a regular string comparison. Because this comparison is not constant-time, an attacker with network access to the hooks endpoint could potentially use timing measurements across many requests to gradually infer the token. In...

Attacks on GPS Spike Amid US and Israeli War on Iran

New analysis shows that attacks on satellite navigation systems have impacted some 1,100 ships in the Middle East since the US and Israel attacked Iran on February 28...

How to Protect Your SaaS from Bot Attacks with SafeLine WAF

Most SaaS teams remember the day their user traffic started growing fast. Few notice the day bots started targeting them. On paper, everything looks great: more sign-ups, more sessions, more API calls. But in reality, something feels off: Sign-ups increase, but users aren’t activating. Server cos...

yosys 安全漏洞

Yosys is an open-source Synthesis suite developed by Yosys Headquarters. Versions of yosys prior to 0.62 contain security vulnerabilities. These vulnerabilities stem from a heap buffer overflow in the Yosys::RTLIL::Const::set function found in the kernel/rtlil.h file, which could lead to local...

Chamilo 代码问题漏洞

Chamilo is an open-source learning management system developed by Chamilo. Versions of Chamilo prior to 1.11.30 had code vulnerabilities. These vulnerabilities stemmed from improper handling of the POST parameter openidurl in the file/index.php file, which could lead to blind SRFI attacks...

openbabel 代码问题漏洞

OpenBabel is an open-source chemistry toolkit software developed by Open Babel. Versions of OpenBabel 3.1.1 and earlier contained code vulnerabilities. These vulnerabilities stemmed from a null pointer dereferencing in the OBAtom::GetExplicitValence function in the isrc/atom.cpp file, which could...