PT-2026-33112

Velociraptor versions prior to 0.76.3 contain a vulnerability in the query plugin which allows access to all orgs with the user's current ACL token. This allows an authenticated GUI user with access in one org, to use the query plugin, in a notebook cell, to run VQL queries on other orgs which th...

PT-2026-25137

Massive ransomware attack hits US healthcare sector, exploiting MedSys CVE-2026-0456 and compromising 1.5M patient records as DarkSky demands $10M ransom, disrupting hospital operations. Ransomware https://t.co/jcKWMlplzA...

CVE-2026-1892

A security vulnerability has been detected in WeKan up to 8.20. This affects the function setBoardOrgs of the file models/boards.js of the component REST API. Such manipulation of the argument item.cardId/item.checklistId/card.boardId leads to improper authorization. The attack may be launched...

CVE-2026-1892

The CVE-2026-1892 entry concerns WeKan up to 8.20, specifically the REST API component and its boards.js function setBoardOrgs. The vulnerability arises from manipulating arguments item.cardId, item.checklistId, or card.boardId, leading to improper authorization. Exploitation could be performed r...

CVE-2025-65780

An issue was discovered in Wekan The Open Source kanban board system up to version 18.15, fixed in 18.16. Authenticated users can update their entire user document beyond profile fields, including orgs/teams and loginDisabled, due to missing server-side authorization checks; this enables privileg...

EUVD-2011-4595

Malware in sbrugna...

EUVD-2011-4479

Malware in sbrugna...

EUVD-2011-4478

Malware in sbrugna...

EUVD-2011-4481

Malware in sbrugna...

EUVD-2011-4596

Malware in sbrugna...

Malicious code in @zalastax/nolb-_dsr-rollback-org-s (npm)

The package @zalastax/nolb-dsr-rollback-org-s was found to contain malicious code...

CVE-2011-4677

One Click Orgs before 1.2.3 does not have an off autocomplete attribute for authentication fields, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation...

CVE-2011-4555

One Click Orgs before 1.2.3 does not require unique e-mail addresses for user accounts, which allows remote authenticated users to cause a denial of service login disruption or spoof votes or comments by selecting a conflicting e-mail address...

CVE-2011-4554

One Click Orgs before 1.2.3 allows remote authenticated users to trigger crafted SMTP traffic via 1 " double quote and newline characters in an org name or 2 " double quote characters in an e-mail address, related to a "2nd Order SMTP Injection" issue...

CVE-2011-4553

Multiple open redirect vulnerabilities in One Click Orgs before 1.2.3 allow 1 remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the returnto parameter, and allow 2 remote authenticated users to redirect users to arbitrary web sites and conduct phishing...

CVE-2011-4678

The password reset feature in One Click Orgs before 1.2.3 generates different error messages for failed reset attempts depending on whether the e-mail address is registered, which allows remote attackers to enumerate user accounts via a series of requests...

LAZARUS APT Using TraderTraitor Malware to Target Blockchain Orgs, Users

By Deeba Ahmed Lazarus APT group is backed by the North Korean government and is currently targeting organizations and unsuspecting users… This is a post from HackRead.com Read the original post: LAZARUS APT Using TraderTraitor Malware to Target Blockchain Orgs, Users...

Microsoft: ‘Destructive malware’ fakes ransomware to target Ukrainian orgs

By Waqas Microsoft discovered a "destructive malware" that can wipe data on dozens of computer systems and mainly target organizations… This is a post from HackRead.com Read the original post: Microsoft: Destructive malware fakes ransomware to target Ukrainian orgs...

Attackers in Executive Clothing - BEC continues to separate orgs from their money

By Nick Biasini. In today's world of threat research, the focus tends to be on the overtly malicious practice of distributing and installing malware on end systems. But this is far from the complete picture of what threats organizations face. One of the most, if not the most, costly is something...

Gitrecon - OSINT Tool To Get Information From A Github Profile And Find GitHub User'S Email Addresses Leaked On Commits

OSINT tool to get information from a github profile and find GitHub user's email addresses leaked on commits. How does this work? GitHub uses the email address associated with a GitHub account to link commits and other activity to a GitHub profile. When a user makes commits to public repos their...