Decoding Q1 2026’s $152.9 Billion Crypto Custody Concentration

Crypto Custody Concentration hits $152.9B as institutions shift to derivatives, consolidating capital on top exchanges amid Q1 market slowdown...

New PXA Stealer Malware Targets Banks, Uses Telegram to Exfiltrate Data

CyberProof researchers have detected a 10% surge in PXA Stealer attacks targeting financial institutions in Q1 2026. Learn…...

EUVD-2025-208441

An issue pertaining to CWE-78: Improper Neutralization of Special Elements used in an OS Command was discovered in linagora Twake v2023.Q1.1223...

GHSA-H4M4-XP33-37MJ Liferay Portal vulnerable to Reflected XSS with the referer and forward parameter

A reflected cross-site scripting XSS vulnerability in the Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q4.0 through 2024.Q4.3, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12 and 7.4 GA through update 92 allows an remote non-authenticated...

Liferay Portal和Liferay DXP 安全漏洞

Liferay Portal and Liferay DXP are both products of Liferay, Inc.Liferay Portal is a J2EE based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP...

CVE-2025-43737

A reflected cross-site scripting XSS vulnerability in the Liferay Portal 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.8 and 2025.Q1.0 through 2025.Q1.15 allows a remote authenticated user to inject JavaScript code via comliferayjournalwebportletJournalPortletbackURL parameter...

CVE-2025-7361

A code injection vulnerability due to an improper initialization check exists in NI LabVIEW that may result in arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI using a CIN node. This vulnerability affects 32-bit NI LabVIEW 2025 Q1...

Optimistic MEV in Ethereum Layer 2s: Why Blockspace Is Always in Demand

Layer 2 rollups are rapidly absorbing DeFi activity, securing over $40 billion and accounting for nearly half of Ethereum's DEX volume by Q1 2025, yet their MEV dynamics remain understudied. We address this gap by defining and quantifying optimistic MEV, a form of speculative, on-chain cyclic...

Progress Telerik Document Processing Libraries 安全漏洞

Progress Telerik Document Processing Libraries is a document processing library from Progress USA. A security vulnerability exists in Progress Telerik Document Processing Libraries prior to version 2025 Q1, which originates from the ability to export the contents of a file in an arbitrary path to...

CVE-2024-4081

A memory corruption issue due to an improper length check in NI LabVIEW may disclose information or result in arbitrary code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI. This vulnerability affects NI LabVIEW 2024 Q1 and prior versions...

Progress Software Telerik Report Server 安全漏洞

Progress Software Telerik Report Server is an enterprise-level report management and distribution solution from Progress Software. A security vulnerability exists in Progress Software Telerik Report Server version 2024 Q1 and prior versions. An attacker exploited the vulnerability to read system...

PT-2024-5247 · National Instruments · Labview

Name of the Vulnerable Software and Affected Versions: LabVIEW versions prior to 2024 Q1 Description: A memory corruption issue due to an improper length check in LabVIEW tdcore.dll may disclose information or result in arbitrary code execution. Successful exploitation requires an attacker to...

Progress Software Telerik Report Server Code Issue Vulnerability

Progress Software Telerik Report Server is an enterprise-class report management and distribution solution from Progress Software. A security vulnerability exists in Progress Software Telerik Report Server 2024 Q1 10.0.24.130 and prior versions that originated from a vulnerability that allows an...

PT-2024-3248 · Progress · Progress Telerik Reporting

Name of the Vulnerable Software and Affected Versions: Progress Telerik Reporting versions prior to 2024 Q1 18.0.24.130 Description: The issue is related to an insecure deserialization vulnerability in the ObjectReader class of Progress Telerik Reporting, which can be exploited by a local threat...

PT-2024-3249 · Progress · Progress Telerik Reporting

Name of the Vulnerable Software and Affected Versions: Progress Telerik Reporting versions prior to 2024 Q1 18.0.24.130 Description: The issue is related to an insecure deserialization vulnerability in the ObjectReader class of Progress Telerik Reporting, which can be exploited by a remote threat...

CVE-2024-23609

An improper error handling vulnerability in LabVIEW may result in remote code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI. This vulnerability affects LabVIEW 2024 Q1 and prior versions...

CVE-2024-23612

An improper error handling vulnerability in LabVIEW may result in remote code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI. This vulnerability affects LabVIEW 2024 Q1 and prior versions...