Lucene search
K

3795 matches found

The Hacker News
The Hacker News
added 5 hours ago3 views

Armored Likho Targets Government Agencies, Power Sector with BusySnake Stealer

A previously undocumented threat actor known as Armored Likho has been attributed to cyber attacks targeting government agencies and the electric power sector across Russia, Brazil, and Kazakhstan. "Armored Likho blends financially motivated campaigns targeting private individuals with targeted...

7.8CVSS7.7AI score0.63102EPSS
Exploits3
Circl
Circl
added yesterday7 views

CVE-2026-54477

creationtimestamp| type| source ---|---|--- 2026-07-02 17:15:07+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-26-183-03 2026-07-03 02:37:18+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mppjau64lu2s...

5.4CVSS5.8AI score
Exploits0References2
Circl
Circl
added yesterday8 views

CVE-2026-13768

creationtimestamp| type| source ---|---|--- 2026-07-02 17:15:03+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-26-183-03 2026-07-03 00:00:42+00:00| seen| https://infosec.exchange/users/offseq/statuses/116853102484273046 2026-07-03 00:00:46+00:00| seen|...

10CVSS5.8AI score
Exploits1References4
Circl
Circl
added yesterday5 views

CVE-2026-20244

creationtimestamp| type| source ---|---|--- 2026-07-02 09:45:22+00:00| seen| https://www.govcert.gov.hk/en/alertsdetail.php?id=1941 2026-07-02 13:50:32+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mpo6fqhjmd2f 2026-07-02 13:55:08+00:00| seen|...

7.5CVSS5.7AI score0.00389EPSS
Exploits0References3
Circl
Circl
added yesterday7 views

CVE-2026-20243

creationtimestamp| type| source ---|---|--- 2026-07-02 09:45:20+00:00| seen| https://www.govcert.gov.hk/en/alertsdetail.php?id=1941 2026-07-02 13:50:32+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mpo6fqhjmd2f 2026-07-02 13:55:08+00:00| seen|...

7.5CVSS5.7AI score0.00389EPSS
Exploits0References3
Circl
Circl
added 2 days ago6 views

CVE-2026-50521

creationtimestamp| type| source ---|---|--- 2026-07-01 02:43:37+00:00| seen| https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0811 2026-07-01 02:49:36+00:00| seen| https://www.govcert.gov.hk/en/alertsdetail.php?id=1939 2026-07-01 21:18:32+00:00| seen|...

8.3CVSS5.8AI score0.00822EPSS
Exploits0References6
Microsoft Secure
Microsoft Secure
added 3 days ago7 views

Accelerating the quantum-safe timeline

The quantum-safe timeline has changed For years, planning for post-quantum cryptography PQC was framed as a future problem: important, inevitable, but distant. That perspective is evolving as technology advances and organizations prepare for the scale and complexity of the transition ahead. At...

6AI score
Exploits0
The Hacker News
The Hacker News
added 4 days ago17 views

Mustang Panda Uses Zoho WorkDrive as Command Channel in Indian Government Attacks

The China-aligned espionage group Mustang Panda is running two campaigns against the Indian government and hydropower targets, deploying new malware and turning a legitimate cloud service into its command channel. Acronis Threat Research Unit found active compromises inside Indian government...

5.9AI score
Exploits0
Circl
Circl
added 2026/06/26 9:45 a.m.7 views

CVE-2026-13281

creationtimestamp| type| source ---|---|--- 2026-06-26 09:45:05+00:00| seen| https://www.govcert.gov.hk/en/alertsdetail.php?id=1937 2026-06-26 14:40:21+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mp76fcsqgb2j 2026-06-28 22:30:18+00:00| seen|...

8.3CVSS5.7AI score0.00177EPSS
Exploits0References3
Circl
Circl
added 2026/06/21 6:0 p.m.5 views

CVE-2025-48640

creationtimestamp| type| source ---|---|--- 2026-06-21 18:00:00+00:00| seen| https://www.hkcert.org/security-bulletin/android-multiple-vulnerabilities20260622 2026-06-21 21:00:00+00:00| seen| https://www.govcert.gov.hk/en/alertsdetail.php?id=1931...

8CVSS5.8AI score0.00094EPSS
Exploits0References2
Circl
Circl
added 2026/06/21 6:0 p.m.4 views

CVE-2025-48643

creationtimestamp| type| source ---|---|--- 2026-06-21 18:00:00+00:00| seen| https://www.hkcert.org/security-bulletin/android-multiple-vulnerabilities20260622 2026-06-21 21:00:00+00:00| seen| https://www.govcert.gov.hk/en/alertsdetail.php?id=1931...

7.8CVSS5.8AI score0.00084EPSS
Exploits0References2
Circl
Circl
added 2026/06/21 6:0 p.m.6 views

CVE-2025-48571

creationtimestamp| type| source ---|---|--- 2026-06-21 18:00:00+00:00| seen| https://www.hkcert.org/security-bulletin/android-multiple-vulnerabilities20260622 2026-06-21 21:00:00+00:00| seen| https://www.govcert.gov.hk/en/alertsdetail.php?id=1931...

4.3CVSS5.8AI score0.00191EPSS
Exploits0References2
The Hacker News
The Hacker News
added 2026/06/19 2:0 p.m.19 views

CISA Warns Fortinet Customers as FortiBleed Hits 86,644 FortiGate Devices

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Thursday urged Fortinet customers with FortiGate appliances to take steps to secure against ongoing malicious activity aimed at thousands of internet-accessible devices. The sweeping campaign, believed to be the work of...

6AI score
Exploits0
NVD
NVD
added 2026/06/18 5:16 p.m.9 views

CVE-2026-54103

The U.S. Government Accountability Office GAO Electronic Protest Docketing System EPDS and Civilian Board of Contract Appeals CBCA Electronic Docketing System EDS does not authenticate password change requests to the '/update-profile/N' API endpoint. A remote, unauthenticated attacker could chang...

9.8CVSS0.00427EPSS
Exploits0References4
NVD
NVD
added 2026/06/18 5:16 p.m.8 views

CVE-2026-54104

The U.S. Government Accountability Office GAO Electronic Protest Docketing System EPDS and Civilian Board of Contract Appeals CBCA Electronic Docketing System EDS trusts client-provided values for the 'epdsroleid' parameter without verification, allowing a remote, authenticated attacker to escala...

8.8CVSS0.004EPSS
Exploits0References4
NVD
NVD
added 2026/06/18 5:16 p.m.11 views

CVE-2026-54105

The U.S. Government Accountability Office GAO Electronic Protest Docketing System EPDS and Civilian Board of Contract Appeals CBCA Electronic Docketing System EDS expose sensitive account information through the 'update-profile/' API endpoint. A remote, unauthenticated attacker can submit a reque...

6.9CVSS0.003EPSS
Exploits0References4
NVD
NVD
added 2026/06/18 5:16 p.m.11 views

CVE-2026-54106

The U.S. Government Accountability Office GAO Electronic Protest Docketing System EPDS and Civilian Board of Contract Appeals CBCA Electronic Docketing System EDS do not validate X-Forwarded-For HTTP headers, allowing a remote attacker with compromised administrator credentials to bypass network...

5.1CVSS0.00289EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/18 4:13 p.m.5 views

CVE-2026-54106

The U.S. Government Accountability Office GAO Electronic Protest Docketing System EPDS and Civilian Board of Contract Appeals CBCA Electronic Docketing System EDS do not validate X-Forwarded-For HTTP headers, allowing a remote attacker with compromised administrator credentials to bypass network...

5.1CVSS5.4AI score0.00289EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/18 4:13 p.m.26 views

CVE-2026-54106 U.S. GAO EPDS and CBCA EDS network access control bypass

The U.S. Government Accountability Office GAO Electronic Protest Docketing System EPDS and Civilian Board of Contract Appeals CBCA Electronic Docketing System EDS do not validate X-Forwarded-For HTTP headers, allowing a remote attacker with compromised administrator credentials to bypass network...

5.1CVSS0.00289EPSS
Exploits0References4
CVE
CVE
added 2026/06/18 4:13 p.m.20 views

CVE-2026-54106

CVE-2026-54106 affects the U.S. GAO EPDS and CBCA EDS login flow, where X-Forwarded-For headers are not validated. The underlying issue allows a remote attacker who has compromised administrator credentials to bypass network access controls and log in, potentially gaining access to restricted doc...

5.1CVSS5.3AI score0.00289EPSS
Exploits0References4
Rows per page
Query Builder