CVE-2026-56272

Flowise before 3.0.13 uses bcrypt with default salt rounds of 5 (32 iterations), yielding a higher risk of password hash cracking. The vulnerability allows attackers to crack hashes faster on modern GPUs, potentially compromising all user accounts in a database breach. Affected component is the b...

EUVD-2008-5856

Malware in sbrugna...

CVE-2025-6995

CVE-2025-6995 refers to Ivanti Endpoint Manager and describes an improper use of encryption in the agent that enables a local authenticated attacker to decrypt other users’ passwords. The issue affects versions prior to 2024 SU3 and prior to 2022 SU8 Security Update 1 . Root cause is cryptographi...

Redline, Vidar and Raccoon Malware Stole 1 Billion Passwords in 2024

Specops 2025 Breached Password Report reveals over 1 billion passwords stolen by malware in the past year, exposing…...

FrodoPIR: New Privacy-Focused Database Querying System

The developers behind the Brave open-source web browser have revealed a new privacy-preserving data querying and retrieval system called FrodoPIR. The idea, the company said, is to use the technology to build out a wide range of use cases such as safe browsing, scanning passwords against breached...

Threat Source newsletter (Sept. 8, 2022) — Why there is no one-stop-shop solution for protecting passwords

By Jon Munshaw. Welcome to this week’s edition of the Threat Source newsletter. It seems like there’s at least one major password breach every month — if not more. Most recently, there was an incident at Plex where all users had to reset their passwords. Many users pay for a password management...

What to do when you receive an extortion email

In the last few weeks, there has been an upswing in people receiving threatening, extortion email messages, demanding payment to avoid release of sensitive information. Most of the time, these emails are what we call "sextortion" emails, as they claim that malware on your computer has captured...

This Chrome extension reveals if your password has been breached

By Waqas Okta has introduced new password manager PassProtect in its latest, This is a post from HackRead.com Read the original post: This Chrome extension reveals if your password has been breached...

Path traversal

D-Link DIR-600 Rev Bx devices with v2.x firmware allow remote attackers to read passwords via a model/showinfo.php?REQUIREFILE= absolute path traversal attack, as demonstrated by discovering the admin password...

Steamer - Import, Search, and Manage Public Password Breach Data

Import, manage, search public dumps. Do you have massive amounts of CSV, .sql, .txt, that have credentials, passwords, and hashes inside? Use Steamer to manage them! Load them into a MongoDB database, and either uses the console directly or just use the handy web interface complete with JSON...

Communication message decryption vulnerability exists in the Voyager Android app

The Voyager Android app is a mobile app for buying airline tickets. A communication message decryption vulnerability exists in the TravelSense Android app. The vulnerability stems from fixed-key hardcoding, which can be exploited by an attacker to crack the encryption algorithm and break other...

Ubuntu Forums Password Breach Exposes 1.8 Million Users

Every username, password and email address used by members of the Ubuntu Forums was accessed in a breach reported on Saturday by the free Linux distribution. More than 1.82 million accounts stored in the forums’ database were stolen, according to a notice posted on the forums’ home page Saturday...

Gawker Roadkill? How To Find Out and Recover

CLARIFICATION: This story corrects information concerning the availability of the stolen account names and passwords online. Millions of Web users are waking up to news that broke over the weekend that systems belonging to Gawker Media were hacked and password data on millions of user accounts...

Risky Chrome (The perfect cleartext password offering )

Google Chrome : The perfect password offering Tested on pair.com Webmail, might work on others as well with Google Chrome 0.2.149.27 Chrome stores saves passwords in CLEAR TEXT. 1 Goto webmail.pair.com Pair Webmail provides https and doesn't have any option on its page to save password. 2 Enter...