Biometrics, diagnoses, and bank details exposed in major healthcare breach

NYC Health + Hospitals NYC H+H posted a data breach notice about a months‑long breach via a third‑party vendor that exposed highly sensitive patient and employee data for at least 1.8 million people, including medical records, government IDs, geolocation data, and even fingerprint and palm‑print...

CVE-2026-4911

The Booking Package plugin for WordPress is vulnerable to Price Manipulation in versions up to, and including, 1.7.06 This is due to the intentForStripe function passing user-controlled $POST'amount' directly to the Stripe PaymentIntent API without validation, and the commitStripe function ignori...

CVE-2026-1305

The Japanized for WooCommerce plugin for WordPress is vulnerable to Improper Authentication in versions up to, and including, 2.8.4. This is due to a flawed permission check in the paidywebhookpermissioncheck function that unconditionally returns true when the webhook signature header is omitted...

CVE-2025-14461

The Xendit Payment plugin for WordPress is vulnerable to unauthorized order status manipulation in all versions up to, and including, 6.0.2. This is due to the plugin exposing a publicly accessible WooCommerce API callback endpoint wcxenditcallback that processes payment callbacks without any...

Improving Methodologies for Agentic Evaluations across Domains: Leakage of Sensitive Information, Fraud and Cybersecurity Threats

The rapid rise of autonomous AI systems and advancements in agent capabilities are introducing new risks due to reduced oversight of real-world interactions. Yet agent testing remains nascent and is still a developing science. As AI agents begin to be deployed globally, it is important that they...

CVE-2025-12903

The CVE-2025-12903 concerns the WordPress plugin Payment Plugins Braintree For WooCommerce. It affects all versions up to 3.2.78 and arises from a missing capability check on the REST endpoint wc-braintree/v1/3ds/vaulted_nonce, registered with permission_callback set to __return_true. This allows...

PT-2025-46580

Name of the Vulnerable Software and Affected Versions Braintree For WooCommerce versions up to and including 3.2.78 Description The Payment Plugins Braintree For WooCommerce plugin for WordPress is susceptible to authorization bypass. This is caused by a missing capability check on the...

Invoicely Database Leak Exposes 180,000 Sensitive Records

Cybersecurity researcher Jeremiah Fowler discovered nearly 180,000 files, including PII and banking details, left exposed on an unprotected database linked to the Invoicely platform. Read about the identity theft and financial fraud risks for over 250,000 businesses worldwide...

EUVD-2015-5364

Malware in sbrugna...

EUVD-2015-5363

Malware in sbrugna...

EUVD-2017-17931

Malware in sbrugna...

EUVD-2018-18812

Malware in sbrugna...

EUVD-2018-18811

Malware in sbrugna...

EUVD-2017-17932

Malware in sbrugna...

Italian hotels breached for tens of thousands of scanned IDs

The Computer Emergency Response Team CERT for Italy's "Agenzia per l’Italia Digitale" AGID issued a warning that cybercriminals are selling stolen identity documents from hotels operating in Italy. This summer, a criminal hacker group named “mydocs” infiltrated the booking systems of at least ten...

Exploring the Susceptibility to Fraud of Monetary Incentive Mechanisms for Strengthening FOSS Projects

Free and open source software FOSS is ubiquitous on modern IT systems, accelerating the speed of software engineering over the past decades. With its increasing importance and historical reliance on uncompensated contributions, questions have been raised regarding the continuous maintenance of FO...

GHSA-PQQ3-Q84H-PJ6X Sylius PayPal Plugin Payment Amount Manipulation Vulnerability

A vulnerability allows users to manipulate the final payment amount processed by PayPal. If a user modifies the item quantity in their shopping cart after initiating the PayPal Checkout process, PayPal will not receive the updated total amount. As a result, PayPal captures only the initially...

CVE-2025-29788

The Syliud PayPal Plugin is the Sylius Core Team’s plugin for the PayPal Commerce Platform. A vulnerability in versions prior to 1.6.1, 1.7.1, and 2.0.1 allows users to manipulate the final payment amount processed by PayPal. If a user modifies the item quantity in their shopping cart after...

CVE-2025-29788 Sylius PayPal Plugin Payment Amount Manipulation Vulnerability

The Syliud PayPal Plugin is the Sylius Core Team’s plugin for the PayPal Commerce Platform. A vulnerability in versions prior to 1.6.1, 1.7.1, and 2.0.1 allows users to manipulate the final payment amount processed by PayPal. If a user modifies the item quantity in their shopping cart after...

CVE-2025-29788 Sylius PayPal Plugin Payment Amount Manipulation Vulnerability

The Syliud PayPal Plugin is the Sylius Core Team’s plugin for the PayPal Commerce Platform. A vulnerability in versions prior to 1.6.1, 1.7.1, and 2.0.1 allows users to manipulate the final payment amount processed by PayPal. If a user modifies the item quantity in their shopping cart after...