CVE-2026-9862

creationtimestamp| type| source ---|---|--- 2026-06-15 16:30:14+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3modpfnfc6n2a 2026-06-15 16:30:18+00:00| seen| https://infosec.exchange/users/offseq/statuses/116755071710658685 2026-06-15 16:42:13+00:00| seen|...

CVE-2026-48613

Affects phpBB forums that were upgraded from versions prior to 3.3.8 and have not been updated to 3.3.11 or newer. The issue lies in the profile field migration process where user-supplied profile field data is not properly sanitized, allowing an SQL injection. The vulnerability enables execution...

CVE-2026-40229

Helpy contains a stored cross-site scripting vulnerability in the post author display logic. Any registered user can persist arbitrary HTML in their account name field and cause it to be rendered unescaped in public forum threads where they participate, in the admin ticket view, and in HTML...

CVE-2026-33398

NamelessMC is website software for Minecraft servers. In version 2.2.4, modules/Forum/pages/forum/getquotes.php only checks whether the caller is logged in, then reads a post by attacker-controlled post ID and returns its content. The backend helper in modules/Forum/classes/Forum.php does not...

iFood Confirms Data Breach Affecting 1.2 Million Users in Brazil

iFood confirms a data breach affecting 1.2 million customers in Brazil, while hackers on BreachForums claim the actual theft is much larger...

CVE-2026-33398

NamelessMC is website software for Minecraft servers. In version 2.2.4, modules/Forum/pages/forum/getquotes.php only checks whether the caller is logged in, then reads a post by attacker-controlled post ID and returns its content. The backend helper in modules/Forum/classes/Forum.php does not...

CVE-2026-33398

NamelessMC is website software for Minecraft servers. In version 2.2.4, modules/Forum/pages/forum/getquotes.php only checks whether the caller is logged in, then reads a post by attacker-controlled post ID and returns its content. The backend helper in modules/Forum/classes/Forum.php does not...

CVE-2026-33398 Authenticated users can read hidden forum posts through `/forum/get_quotes`

NamelessMC is website software for Minecraft servers. In version 2.2.4, modules/Forum/pages/forum/getquotes.php only checks whether the caller is logged in, then reads a post by attacker-controlled post ID and returns its content. The backend helper in modules/Forum/classes/Forum.php does not...

EUVD-2026-33949

NamelessMC is website software for Minecraft servers. In version 2.2.4, modules/Forum/pages/forum/getquotes.php only checks whether the caller is logged in, then reads a post by attacker-controlled post ID and returns its content. The backend helper in modules/Forum/classes/Forum.php does not...

CVE-2026-33398 Authenticated users can read hidden forum posts through `/forum/get_quotes`

NamelessMC is website software for Minecraft servers. In version 2.2.4, modules/Forum/pages/forum/getquotes.php only checks whether the caller is logged in, then reads a post by attacker-controlled post ID and returns its content. The backend helper in modules/Forum/classes/Forum.php does not...

PT-2026-45773

NamelessMC is website software for Minecraft servers. In version 2.2.4, modules/Forum/pages/forum/get quotes.php only checks whether the caller is logged in, then reads a post by attacker-controlled post ID and returns its content. The backend helper in modules/Forum/classes/Forum.php does not...

NamelessMC 安全漏洞

NamelessMC is a free, easy-to-use, and powerful website software developed by the NamelessMC team. It’s suitable for your Minecraft server and comes with numerous features. Version 2.2.4 of NamelessMC has a security vulnerability. This vulnerability arises from the getquotes.php script, which onl...

Terminus-ai

Terminus-ai a foundation model trainthe entirety of exploit-...

First VPN Dismantled in Global Takedown Over Use by 25 Ransomware Groups

Authorities in Europe and North America have announced the dismantling of a criminal virtual private network VPN service used by criminal actors to obscure the origins of ransomware attacks, data theft, scanning, and denial-of-service attacks. Codenamed Operation Saffron, the disruption of First...

CVE-2026-40229

Helpy contains a stored cross-site scripting vulnerability in the post author display logic. Any registered user can persist arbitrary HTML in their account name field and cause it to be rendered unescaped in public forum threads where they participate, in the admin ticket view, and in HTML...

CVE-2026-4666

The wpForo Forum plugin for WordPress is vulnerable to unauthorized modification of data due to the use of extract$args, EXTROVERWRITE on user-controlled input in the edit method of classes/Posts.php in all versions up to, and including, 2.4.16. The postedit action handler in Actions.php passes...

CVE-2026-4666

CVE-2026-4666 affects the WordPress plugin wpForo Forum ≤ 2.4.16. The vulnerability arises from using extract($args, EXTR_OVERWRITE) on user-controlled input in Posts::edit(), with the post_edit action passing $_REQUEST['post'] to that method. An attacker can inject post[guestposting]=1 to overri...

CVE-2026-4666

The wpForo Forum plugin for WordPress is vulnerable to unauthorized modification of data due to the use of extract$args, EXTROVERWRITE on user-controlled input in the edit method of classes/Posts.php in all versions up to, and including, 2.4.16. The postedit action handler in Actions.php passes...

PT-2026-33399

The wpForo Forum plugin for WordPress is vulnerable to unauthorized modification of data due to the use of extract$args, EXTR OVERWRITE on user-controlled input in the edit method of classes/Posts.php in all versions up to, and including, 2.4.16. The post edit action handler in Actions.php passes...

How Hackers Are Thinking About AI

Interesting paper: "What hackers talk about when they talk about AI: Early-stage diffusion of a cybercrime innovation." Abstract: The rapid expansion of artificial intelligence AI is raising concerns about its potential to transform cybercrime. Beyond empowering novice offenders, AI stands to...