Assessing Cybersecurity Risks and Traffic Impact in Connected Autonomous Vehicles

Given the promising future of autonomous vehicles, it is foreseeable that self-driving cars will soon emerge as the predominant mode of transportation. While autonomous vehicles offer enhanced efficiency, they remain vulnerable to external attacks. In this research, we sought to investigate the...

WordPress plugin MailChimp Campaigns 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

GHSA-QHP6-6P8P-2RQH Wildfly Elytron integration susceptible to brute force attacks via CLI

Impact A flaw was found in Wildfly Elytron integration. The component does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it more susceptible to brute force attacks via CLI. Patches The default behaviour has been changed in...

CVE-2026-26219

newbee-mall stores and verifies user passwords using an unsalted MD5 hashing algorithm. The implementation does not incorporate per-user salts or computational cost controls, enabling attackers who obtain password hashes through database exposure, backup leakage, or other compromise vectors to...

CVE-2026-26219 newbee-mall Unsalted MD5 Password Hashing Enables Offline Credential Cracking

newbee-mall stores and verifies user passwords using an unsalted MD5 hashing algorithm. The implementation does not incorporate per-user salts or computational cost controls, enabling attackers who obtain password hashes through database exposure, backup leakage, or other compromise vectors to...

Active Directory Attacks Demystified: Pass-the-Hash (PtH), Pass-the-Ticket (PtT), and Beyond

Key Takeaways Active Directory attacks are identified as a significant threat in enterprise environments, with 74% of breaches involving compromised identities according to the Verizon DBIR 2025. Pass-the-Hash PtHattacks facilitate lateral movement by allowing the reuse of stolen NTLM hashes...

Apple Fixes Exploited Zero-Day Affecting iOS, macOS, and Other Devices

Apple on Wednesday released iOS, iPadOS, macOS Tahoe, tvOS, watchOS, and visionOS updates to address a zero-day flaw that it said has been exploited in sophisticated cyber attacks. The vulnerability, tracked as CVE-2026-20700 CVSS score: 7.8, has been described as a memory corruption issue in dyl...

ClipBucket 代码问题漏洞

ClipBucket is an open-source PHP script developed by MacWarrior. It is available for free download and used to create video-sharing websites. Versions of ClipBucket prior to v5.5.3 had code vulnerabilities. These vulnerabilities stemmed from the remote playback feature, which allowed the creation...

PT-2026-7888

Name of the Vulnerable Software and Affected Versions newbee-mall affected versions not specified Description The software stores and verifies user passwords using an unsalted MD5 hashing algorithm. This implementation lacks per-user salts and computational cost controls. Attackers obtaining...

RLSA-2026:1226 Important: python3.12-urllib3 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

PT-2026-7658

Name of the Vulnerable Software and Affected Versions XWEB Pro versions prior to 1.12.1 MSHTML affected versions not specified Description An OS command injection issue exists in XWEB Pro, allowing a user with network access to execute code remotely by injecting malicious input into the request...

set-in 安全漏洞

set-in is a JavaScript library developed by Mikey personally. Versions of set-in 2.0.1 to 2.0.5 had security vulnerabilities due to insufficient input validation. These vulnerabilities could allow for attacks through specially crafted input that contaminated the Object.prototype prototype, leadin...

New Cybercrime Group 0APT Accused of Faking Hundreds of Breach Claims

Researchers reveal the new 0APT cyber group is fabricating attacks on large organisations. Learn how they use fake data to trick companies into paying...

CVE-2026-2098

AgentFlow developed by Flowring has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing attacks...

CVE-2026-2098

AgentFlow (Flowring) CVE-2026-2098 describes a Reflected Cross-site Scripting vulnerability that allows unauthenticated remote attackers to run arbitrary JavaScript in a user’s browser via phishing. The entry specifies network attack vector, low attack complexity, and user interaction required (a...

Microsoft Azure DevOps Server 代码问题漏洞

Microsoft Azure DevOps Server is a software development collaboration tool provided by the American company Microsoft. This product includes features such as shared code, work tracking, and software release management. There are code-related vulnerabilities in Microsoft Azure DevOps Server...

Microsoft NTLM 安全漏洞

Microsoft NTLM is an authentication protocol used by Microsoft on networks that include systems running the Windows operating system, as well as standalone systems. There are security vulnerabilities in Microsoft NTLM. Attackers exploit these vulnerabilities to carry out phishing attacks. The...

Microsoft Outlook 信息泄露漏洞

Microsoft Outlook is a suite of e-mail applications from the American company Microsoft. An information disclosure vulnerability exists in Microsoft Outlook. The vulnerability stems from the application's inadequate protection of sensitive information and can be exploited by an attacker to conduc...

SAP BusinessObjects Enterprise 跨站脚本漏洞

SAP BusinessObjects Enterprise is a business intelligence platform developed by the German company SAP. SAP BusinessObjects Enterprise has a cross-site scripting vulnerability, which stems from insufficient user-controlled input encoding. This vulnerability may lead to storage-based cross-site...

Microsoft Outlook 代码问题漏洞

Microsoft Outlook is an email application developed by the American company Microsoft. There are code-related vulnerabilities in Microsoft Outlook. Attackers utilize these vulnerabilities to carry out deceptive attacks. The following products and versions are affected: Microsoft Office LTSC 2021...