CVE-2026-45154

Nextcloud Collectives vulnerability: from version 2.6.0 through before 4.3.0, if a collective page was deleted and the collective was shared view‑only, guests with access could directly retrieve the deleted pages from the trashbin. Root cause: improper access control. A fix is available in versio...

CVE-2026-45154 Nextcloud: Improper Access Control in Collectives

Nextcloud is an open source content collaboration platform. From version 2.6.0 to before version 4.3.0, when a previous collective pages was deleted and the collective was shared view-only, guests with access to the collective were able to access the deleted pages directly from the trashbin. This...

PT-2026-45470

Nextcloud is an open source content collaboration platform. From version 2.6.0 to before version 4.3.0, when a previous collective pages was deleted and the collective was shared view-only, guests with access to the collective were able to access the deleted pages directly from the trashbin. This...

NextCloud Collectives Access Control Vulnerability

NextCloud Collectives is an open-source collaboration and knowledge management tool developed by NextCloud. In versions 2.6.0 to 4.3.0 of NextCloud Collectives, there was a security vulnerability related to access control. This vulnerability stemmed from a lack of permission checks, which could...

View-only guests could see deleted Collectives pages in the trashbin

None...

Nextcloud: View-only guests could see deleted Collectives pages in the trashbin

A vulnerability was discovered where view-only guests could see deleted Collectives pages in the trashbin...

Chinese Cyber Espionage Targets Telecom Operators in Asia Since 2021

Cyber espionage groups associated with China have been linked to a long-running campaign that has infiltrated several telecom operators located in a single Asian country at least since 2021. "The attackers placed backdoors on the networks of targeted companies and also attempted to steal...

Cybersecurity Agencies Sound Alarm on Rising TrueBot Malware Attacks

Cybersecurity agencies have warned about the emergence of new variants of the TrueBot malware. This enhanced threat is now targeting companies in the U.S. and Canada with the intention of extracting confidential data from infiltrated systems. These sophisticated attacks exploit a critical...

IC3 Warns of Cyber Attacks Focused on Law Enforcement and Public Officials

The Internet Crime Complaint Center IC3 has issued an alert warning that law enforcement personnel and public officials may be at an increased risk of cyber attacks. Doxing—the act of gathering and publishing individuals’ personal information without permission—has been observed. Hacking...

Hacking Crew Attacks German National Cyber Defense Center

Germany’s newly created National Cyber Defense Center was attacked by a group of hackers referring to themselves as the “n0n4m3 cr3w” No Name Crew in early July, according to a report from the IDG News Service. The group broke into the National Cyber Defense Center’s network and stole information...