CVE-2026-26305 Mobility46 mobility46.se Improper Restriction of Excessive Authentication Attempts

The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absence of rate limiting may allow an attacker to conduct denial-of-service attacks by suppressing or mis-routing legitimate charger telemetry, or conduct brute-force attacks to gain...

CloudCharge 安全漏洞

CloudCharge is a website for electric vehicle charging management developed by the Swedish company CloudCharge. CloudCharge has a security vulnerability, which stems from the lack of a limit on the number of authentication requests made through the WebSocket Application Programming Interface. Thi...

Chargemap 安全漏洞

Chargemap is a electric vehicle service platform website operated by the French company Chargemap. Chargemap has a security vulnerability, which stems from the lack of an authentication request limit on the WebSocket API. This vulnerability could lead to denial-of-service attacks or brute-force...

Jailbreak Foundry: From Papers to Runnable Attacks for Reproducible Benchmarking

Jailbreak techniques for large language models LLMs evolve faster than benchmarks, making robustness estimates stale and difficult to compare across papers due to drift in datasets, harnesses, and judging protocols. We introduce JAILBREAK FOUNDRY JBF, a system that addresses this gap via a...

EV Energy 安全漏洞

EV Energy is an electric vehicle charging software platform operated by the British company EV Energy. There is a security vulnerability within EV Energy; this vulnerability stems from the lack of restrictions on the number of authentication requests, which could lead to denial-of-service attacks...

EV Energy 代码问题漏洞

EV Energy is a electric vehicle charging software platform operated by the British company EV Energy. There are code vulnerabilities within EV Energy; these vulnerabilities stem from the WebSocket backend, which uses charging station identifiers to uniquely associate sessions but allows multiple...

CVE-2026-27449

Umbraco Engage (before versions 16.2.1 and 17.1.1) exposes certain API endpoints that do not enforce authentication or authorization. An unauthenticated user can query these endpoints directly (for example via an id parameter like ?id=) to enumerate and retrieve sensitive Engage data associated w...

How to understand and avoid Advanced Persistent Threats

By definition, an advanced persistent threat APT is a prolonged, targeted attack on a specific victim with the intention to compromise their system and gain information from or about that target. About a decade ago, the term was mostly used for state-sponsored threat actors. I used threat actors...

PT-2026-22240

Name of the Vulnerable Software and Affected Versions WebSocket Application Programming Interface affected versions not specified Description The WebSocket Application Programming Interface does not restrict the number of authentication requests. This lack of rate limiting could enable an attacke...

Sub2API 安全漏洞

Sub2API is an API gateway platform developed by Wesley Liddick. Versions of Sub2API prior to 0.1.85 contained security vulnerabilities; these vulnerabilities were caused by password reset attacks, which could lead to account takeover...

CVE-2026-3100

CVE-2026-3100 affects ASUSTOR ADM FTP Backup running on Linux/x86/ARM (64‑bit). The issue is improper certificate validation in ADM FTP Backup, enabling sniffing attacks over the network. Affected versions are ADM 4.1.0–4.3.3.ROF1 and 5.0.0–5.1.2.RE51. The CVSS base score is 8.3 (HIGH) with netwo...

North Korean Lazarus Group Adopts Medusa Ransomware in Global Attacks

Lazarus Group is now using Medusa ransomware in attacks on healthcare and social services, signaling a move toward profit-focused cybercrime...

Abi-smuggling-exploit

Web3 Security Research Portfolio A collection of smart contra...

CVE-2026-27521

Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior do not implement rate limiting or account lockout on failed login attempts, enabling brute-force attacks against user credentials...

CVE-2026-27521 Binardat 10G08-0800GSM Network Switch Missing Login Rate Limiting

Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior do not implement rate limiting or account lockout on failed login attempts, enabling brute-force attacks against user credentials...

Analysis of LLMs against Prompt Injection and Jailbreak Attacks

Large Language Models LLMs are widely deployed in real-world systems. Given their broader applicability, prompt engineering has become an efficient tool for resource-scarce organizations to adopt LLMs for their own purposes. At the same time, LLMs are vulnerable to prompt-based attacks. Thus,...

PT-2026-21759

Name of the Vulnerable Software and Affected Versions Binardat 10G08-0800GSM network switch firmware versions prior to V300SP10260209 Description The Binardat 10G08-0800GSM network switch firmware does not implement rate limiting or account lockout mechanisms for login attempts. This allows for...

Multiple Zero-Day Flaws in PDF Platforms Enable XSS and One-Click Attacks

16 zero-day security flaws found in Foxit and Apryse PDF platforms could lead to account takeover and RCE. Learn how AI identified these risks...

WordPress xmlrpc attacks blocker plugin <= 1.0 - Unauthenticated Stored Cross-Site Scripting via 'X-Forwarded-For' vulnerability

Unauthenticated Stored Cross-Site Scripting via 'X-Forwarded-For' vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin xmlrpc attacks blocker versions = 1.0...

Evolution Cyber Intelligence

This is a book written by indoushka that covers the evolution of cyber intelligence from historical methodologies to modern day attacks. Written in Arabic...