CVE-2026-31471

In CVE-2026-31471, the Linux kernel’s xfrm: iptfs path had a use-after-free-like issue during IPTFS clone state setup. iptfs_clone_state() stored x->mode_data before allocating the reorder window; if allocation failed, the code freed the cloned state but left x->mode_data pointing at freed ...

CVE-2026-4966

A flaw has been found in itsourcecode Free Hotel Reservation System 1.0. Impacted is an unknown function of the file /admin/modroom/index.php?view=edit. Executing a manipulation of the argument ID can lead to sql injection. The attack can be launched remotely. The exploit has been published and m...

Space Bears Ransomware Claims Comcast Data Theft Through Quasar Breach

Space Bears ransowmare claims it obtained Comcast files through a breach at Quasar Inc, with threats to publish the data and separate leaks promised from Quasar itself...

MAL-2025-191292 Malicious code in @posthog/icons (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3ec3f66a4ef6f7c760c258152acb9b9fc90fb32ce30c847704723e1729e33b7c The package @posthog/icons was found to contain malicious code. Source: google-open-source-security...

MAL-2025-190845 Malicious code in github-action-for-generator (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 456b535e2ac0dbf2257fbb995ee5d72a53c3cfc544a0c9fb477f0c7eb20477d1 The package github-action-for-generator was found to contain malicious code. Source: ghsa-malware...

Malicious code in @ctrl/ngx-emoji-mart (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware cdebc530fc545378519ecba24f04dd771e806c5e76fa5160d3d6bba03ee0cfd8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Breaking Anonymity at Scale: Re-Identifying the Trajectories of 100K Real Users in Japan

Mobility traces represent a critical class of personal data, often subjected to privacy-preserving transformations before public release. In this study, we analyze the anonymized Yjmob100k dataset, which captures the trajectories of 100,000 users in Japan, and demonstrate how existing anonymizati...

Cross-site Scripting vulnerability in SimpleXLSXEx::readThemeColors, SimpleXLSXEx::getColorValue and SimpleXLSX::toHTMLEx

Impact When calling the extended toHTMLEx method, it is possible to execute arbitrary JavaScript code. Patches The supplied patch resolves this vulnerability for SimpleXLSX. Use 1.1.13 Workarounds Don't use data publication via toHTMLEx This vulnerability was discovered by Aleksey Solovev Positiv...

CVE-2023-40570

Summary: CVE-2023-40570 affects Datasette 1.0 alpha to 1.0a3 with authentication enabled. The /-/api API explorer endpoint could disclose the names of databases and tables to unauthenticated users, without exposing contents. The issue is mitigated in Datasette 1.0a4, which blocks the API explorer...

CVE-2023-32760

An issue in Archer Platform before v.6.13 fixed in v.6.12.0.6 and v.6.13.0 allows an authenticated attacker to obtain sensitive information via API calls related to data feeds and data publication...

CVE-2023-32760

An issue in Archer Platform before v.6.13 fixed in v.6.12.0.6 and v.6.13.0 allows an authenticated attacker to obtain sensitive information via API calls related to data feeds and data publication...

CVE-2023-32760

CVE-2023-32760 affects Archer Platform prior to version 6.13, with fixes in 6.12.0.6 and 6.13.0. An authenticated attacker could access sensitive information via API calls related to data feeds and data publication. The vulnerability’s impact and exact exploited components are described in the li...

Meta Fined €265 million in Facebook Data Scraping Case in the EU

By Habiba Rashid The incident led to the publication of data on Irish police, sitting judges, prison officers, social workers, journalists, and others, leading to a spike in scam calls and texts in Ireland. This is a post from HackRead.com Read the original post: Meta Fined €265 million in Facebo...

North Korean threat actor targets small and midsize businesses with H0lyGh0st ransomware

A group of actors originating from North Korea that Microsoft Threat Intelligence Center MSTIC tracks as DEV-0530 has been developing and using ransomware in attacks since June 2021. This group, which calls itself H0lyGh0st, utilizes a ransomware payload with the same name for its campaigns and h...

NSA Officials Say Snowden Used Legitimate Access to Steal Data

It’s taken more than six months, but top officials at the National Security Agency are finally discussing some of the details of how former agency contractor Edward Snowden got access to all of the documents he stole and what kind of damage they believe the publication of the information they...

CVE-2012-3873

Multiple SQL injection vulnerabilities in Open Constructor 3.12.0 allow remote authenticated users to execute arbitrary SQL commands via the id parameter to 1 data/gallery/edit.php, 2 data/guestbook/edit.php, 3 data/file/edit.php, 4 data/htmltext/edit.php, 5 data/publication/edit.php, or 6...

Sql injection

Multiple SQL injection vulnerabilities in Open Constructor 3.12.0 allow remote authenticated users to execute arbitrary SQL commands via the id parameter to 1 data/gallery/edit.php, 2 data/guestbook/edit.php, 3 data/file/edit.php, 4 data/htmltext/edit.php, 5 data/publication/edit.php, or 6...

The inside story of the HBGary hack by Anonymous Hackers !

It has been an embarrassing week for security firm HBGary and its HBGary Federal offshoot. HBGary Federal CEO Aaron Barr thought he had unmasked the hacker hordes of Anonymous and was preparing to name and shame those responsible for co-ordinating the group's actions, including the...