3795 matches found
Armored Likho Targets Government Agencies, Power Sector with BusySnake Stealer
A previously undocumented threat actor known as Armored Likho has been attributed to cyber attacks targeting government agencies and the electric power sector across Russia, Brazil, and Kazakhstan. "Armored Likho blends financially motivated campaigns targeting private individuals with targeted...
CVE-2026-54477
creationtimestamp| type| source ---|---|--- 2026-07-02 17:15:07+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-26-183-03 2026-07-03 02:37:18+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mppjau64lu2s...
CVE-2026-13768
creationtimestamp| type| source ---|---|--- 2026-07-02 17:15:03+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-26-183-03 2026-07-03 00:00:42+00:00| seen| https://infosec.exchange/users/offseq/statuses/116853102484273046 2026-07-03 00:00:46+00:00| seen|...
CVE-2026-20244
creationtimestamp| type| source ---|---|--- 2026-07-02 09:45:22+00:00| seen| https://www.govcert.gov.hk/en/alertsdetail.php?id=1941 2026-07-02 13:50:32+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mpo6fqhjmd2f 2026-07-02 13:55:08+00:00| seen|...
CVE-2026-20243
creationtimestamp| type| source ---|---|--- 2026-07-02 09:45:20+00:00| seen| https://www.govcert.gov.hk/en/alertsdetail.php?id=1941 2026-07-02 13:50:32+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mpo6fqhjmd2f 2026-07-02 13:55:08+00:00| seen|...
CVE-2026-50521
creationtimestamp| type| source ---|---|--- 2026-07-01 02:43:37+00:00| seen| https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0811 2026-07-01 02:49:36+00:00| seen| https://www.govcert.gov.hk/en/alertsdetail.php?id=1939 2026-07-01 21:18:32+00:00| seen|...
Accelerating the quantum-safe timeline
The quantum-safe timeline has changed For years, planning for post-quantum cryptography PQC was framed as a future problem: important, inevitable, but distant. That perspective is evolving as technology advances and organizations prepare for the scale and complexity of the transition ahead. At...
Mustang Panda Uses Zoho WorkDrive as Command Channel in Indian Government Attacks
The China-aligned espionage group Mustang Panda is running two campaigns against the Indian government and hydropower targets, deploying new malware and turning a legitimate cloud service into its command channel. Acronis Threat Research Unit found active compromises inside Indian government...
CVE-2026-13281
creationtimestamp| type| source ---|---|--- 2026-06-26 09:45:05+00:00| seen| https://www.govcert.gov.hk/en/alertsdetail.php?id=1937 2026-06-26 14:40:21+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mp76fcsqgb2j 2026-06-28 22:30:18+00:00| seen|...
CVE-2025-48640
creationtimestamp| type| source ---|---|--- 2026-06-21 18:00:00+00:00| seen| https://www.hkcert.org/security-bulletin/android-multiple-vulnerabilities20260622 2026-06-21 21:00:00+00:00| seen| https://www.govcert.gov.hk/en/alertsdetail.php?id=1931...
CVE-2025-48643
creationtimestamp| type| source ---|---|--- 2026-06-21 18:00:00+00:00| seen| https://www.hkcert.org/security-bulletin/android-multiple-vulnerabilities20260622 2026-06-21 21:00:00+00:00| seen| https://www.govcert.gov.hk/en/alertsdetail.php?id=1931...
CVE-2025-48571
creationtimestamp| type| source ---|---|--- 2026-06-21 18:00:00+00:00| seen| https://www.hkcert.org/security-bulletin/android-multiple-vulnerabilities20260622 2026-06-21 21:00:00+00:00| seen| https://www.govcert.gov.hk/en/alertsdetail.php?id=1931...
CISA Warns Fortinet Customers as FortiBleed Hits 86,644 FortiGate Devices
The U.S. Cybersecurity and Infrastructure Security Agency CISA on Thursday urged Fortinet customers with FortiGate appliances to take steps to secure against ongoing malicious activity aimed at thousands of internet-accessible devices. The sweeping campaign, believed to be the work of...
CVE-2026-54103
The U.S. Government Accountability Office GAO Electronic Protest Docketing System EPDS and Civilian Board of Contract Appeals CBCA Electronic Docketing System EDS does not authenticate password change requests to the '/update-profile/N' API endpoint. A remote, unauthenticated attacker could chang...
CVE-2026-54104
The U.S. Government Accountability Office GAO Electronic Protest Docketing System EPDS and Civilian Board of Contract Appeals CBCA Electronic Docketing System EDS trusts client-provided values for the 'epdsroleid' parameter without verification, allowing a remote, authenticated attacker to escala...
CVE-2026-54105
The U.S. Government Accountability Office GAO Electronic Protest Docketing System EPDS and Civilian Board of Contract Appeals CBCA Electronic Docketing System EDS expose sensitive account information through the 'update-profile/' API endpoint. A remote, unauthenticated attacker can submit a reque...
CVE-2026-54106
The U.S. Government Accountability Office GAO Electronic Protest Docketing System EPDS and Civilian Board of Contract Appeals CBCA Electronic Docketing System EDS do not validate X-Forwarded-For HTTP headers, allowing a remote attacker with compromised administrator credentials to bypass network...
CVE-2026-54106
The U.S. Government Accountability Office GAO Electronic Protest Docketing System EPDS and Civilian Board of Contract Appeals CBCA Electronic Docketing System EDS do not validate X-Forwarded-For HTTP headers, allowing a remote attacker with compromised administrator credentials to bypass network...
CVE-2026-54106 U.S. GAO EPDS and CBCA EDS network access control bypass
The U.S. Government Accountability Office GAO Electronic Protest Docketing System EPDS and Civilian Board of Contract Appeals CBCA Electronic Docketing System EDS do not validate X-Forwarded-For HTTP headers, allowing a remote attacker with compromised administrator credentials to bypass network...
CVE-2026-54106
CVE-2026-54106 affects the U.S. GAO EPDS and CBCA EDS login flow, where X-Forwarded-For headers are not validated. The underlying issue allows a remote attacker who has compromised administrator credentials to bypass network access controls and log in, potentially gaining access to restricted doc...