CVE-2026-5234 LatePoint <= 5.3.2 - Insecure Direct Object Reference to Unauthenticated Sensitive Financial Data Exposure via Sequential Invoice ID

The LatePoint plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.3.2. The vulnerability exists because the OsStripeConnectController::createpaymentintentfortransaction action is registered as a public action no authentication required an...

JanelaRAT: a financial threat targeting users in Latin America

Background JanelaRAT is a malware family that takes its name from the Portuguese word "janela" which means "window". JanelaRAT looks for financial and cryptocurrency data from specific banks and financial institutions in the Latin America region. JanelaRAT is a modified variant of BX RAT that has...

CVE-2026-30576

CVE-2026-30576 affects SourceCodester Pharmacy Product Management System 1.0. The vulnerability is in add-stock.php where there is no validation of the txtprice and txttotalcost parameters during stock entry, allowing submission of negative financial values and leading to corruption of financial ...

The Silent Spill: Measuring Sensitive Data Leaks across Public URL Repositories

A large number of URLs are made public by various platforms for security analysis, archiving, and paste sharing -- such as VirusTotal, URLScan.io, Hybrid Analysis, the Wayback Machine, and RedHunt. These services may unintentionally expose links containing sensitive information, as reported in so...

Betterment data breach might be worse than we thought

Betterment LLC is an investment advisor registered with US Securities and Exchange Commission SEC. The company disclosed a January 2026 incident in which an attacker used social engineering to access a third‑party platform used for customer communications, then abused it to send crypto‑themed...

CediPay Affected by Improper Input Validation in Payment Processing

A vulnerability in CediPay allows attackers to bypass input validation in the transaction API. Affected users: All deployments running versions prior to the patched release. Risk: Exploitation could result in unauthorized transactions, exposure of sensitive financial data, and compromise of payme...

CVE-2026-25947

Worklenz is a project management tool. Prior to 2.1.7, there are multiple SQL injection vulnerabilities were discovered in backend SQL query construction affecting project and task management controllers, reporting and financial data endpoints, real-time socket.io handlers, and resource allocatio...

CVE-2025-69216 OpenSTAManager has an SQL Injection in Scadenzario Print Template

OpenSTAManager is an open source management software for technical assistance and invoicing. In 2.9.8 and earlier, an authenticated SQL injection vulnerability in OpenSTAManager's Scadenzario Payment Schedule print template allows any authenticated user to extract sensitive data from the database...

CVE-2025-68112

ChurchCRM is an open-source church management system. In versions prior to 6.5.3, a SQL injection vulnerability in ChurchCRM's Event Attendee Editor allows authenticated users to execute arbitrary SQL commands, leading to complete database compromise, administrative credential theft, and potentia...

CVE-2025-68112

ChurchCRM is an open-source church management system. In versions prior to 6.5.3, a SQL injection vulnerability in ChurchCRM's Event Attendee Editor allows authenticated users to execute arbitrary SQL commands, leading to complete database compromise, administrative credential theft, and potentia...

Top 10 Data Anonymization Solutions for 2026

Every business today has to deal with private information – whether it is about customers, employees, or financial…...

Akira Ransomware Claims It Stole 23GB from Apache OpenOffice

The Akira ransomware group claims to have stolen 23GB of data from Apache OpenOffice, including employee and financial records, though the breach remains unverified...

Mango discloses data breach at third-party provider

Mango has reported a data breach at one of its external marketing service providers. The Spanish fashion retailer says that only personal contact information has been exposed—no financial data. The breach took place at the service provider and did not affect Mango’s own systems. According to the...

Personal Identifying Information (PII) Fields Detected

This is an informational notice that the scanner was able to detect forms with fields collecting Personal Identifying Information PII data. Examples of PII data include, but are not limited to, names, email addresses, phone numbers, social security numbers, and financial information. No source da...

Jeep and Dodge Parent Company Stellantis Confirms Customer Data Breach

Stellantis, parent of Jeep, Chrysler, Dodge and FIAT, confirms data breach through third-party vendor. Contact info exposed, financial data not affected...

UK Rail Operator LNER Confirms Cyber Attack Exposing Passenger Data

LNER cyber attack exposes passenger contact details and journey data. No financial information or passwords were taken, but…...

Qilin Ransomware Gang Claims 4TB Data Breach at Nissan CBI

Qilin ransomware claims a 4TB data breach at Nissan CBI, leaking car design files, financial data, 3D models,…...

New Fake Marketplace From China Mimics Top Retail Brands for Fraud

Silent Push exposes thousands of fake e-commerce websites spoofing major brands like Apple and Michael Kors. Learn how this Chinese phishing scam targets shoppers and steals financial data, impacting global consumers...

Zoomcar Data Breach Exposes Personal Info of 8.4 Million Users

Zoomcar confirms 2025 breach affecting 8.4M users, echoing its 2018 data leak. Personal info exposed, financial data safe, investigation ongoing...

Lazarus Group Targets Crypto-Wallets and Financial Data While Employing New Tradecrafts

This report presents a comprehensive analysis of a malicious software sample, detailing its architecture, behavioral characteristics, and underlying intent. Through static and dynamic examination, the malware core functionalities, including persistence mechanisms, command-and-control communicatio...