PT-2026-48865

A vulnerability was identified in Groww Stock, Mutual Fund, Gold App up to 20260805 on Android. This affects an unknown part of the component WebView URL Handler. The manipulation leads to improper authorization in handler for custom url scheme. It is possible to launch the attack on the physical...

Anthropic Releases Claude Fable 5, Its Most Powerful AI Yet, With Cyber Safeguards

On June 9, Anthropic released Claude Fable 5, the most capable model it has ever made, generally available. It also did something unusual: it shipped one model as two products, split not by capability but by a layer of safety classifiers. Fable 5 goes to the public. Its twin, Claude Mythos 5, the...

EUVD-2026-35015

A weakness has been identified in SourceCodester Class and Exam Timetabling System 1.0. This impacts an unknown function of the file /archive3.php. This manipulation of the argument sy causes sql injection. The attack may be initiated remotely. The exploit has been made available to the public an...

Technical Report: Exploring the Emerging Threats of the Agent Skill Ecosystem

We analyzed 3,984 AI agent skills from major marketplaces and found 76 confirmed malicious payloads, including credential theft, backdoor installation, and data exfiltration. 13.4% of all skills contain at least one critical-level security issue and at least 8 manually confirmed malicious skills...

EUVD-2026-31666

A weakness has been identified in code-projects Employee Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /process/applyleaveprocess.php. This manipulation of the argument ID causes sql injection. The attack can be initiated remotely. The exploit has...

How Dangerous Is Anthropic’s Mythos AI?

Last month, Anthropic made a remarkable announcement about its new model, Claude Mythos Preview: it was so good at finding security vulnerabilities in software that the company would not release it to the general public. Instead, it would only be available to a select group of companies to scan a...

EUVD-2026-4857

A weakness has been identified in code-projects Online Music Site 1.0. This affects an unknown function of the file /Administrator/PHP/AdminEditUser.php. This manipulation of the argument ID causes sql injection. It is possible to initiate the attack remotely. The exploit has been made available ...

EUVD-2025-60992

Due to a Reflected Cross-Site Scripting XSS vulnerability in SAP Business Connector, an unauthenticated attacker could generate a malicious link and make it publicly accessible. If an authenticated victim accesses this link, the injected input is processed during web page generation, resulting in...

CVE-2025-11349

A vulnerability was identified in Campcodes Online Apartment Visitor Management System 1.0. Impacted is an unknown function of the file /search-visitor.php. The manipulation of the argument searchdata leads to sql injection. The attack may be initiated remotely. The exploit is publicly available...

PT-2025-37113

Name of the Vulnerable Software and Affected Versions: lokibhardwaj PHP-Code-For-Unlimited-File-Upload versions up to 124fe96324915490c81eaf7db3234b0b4e4bab3c Description: A weakness exists in the file /f.php within the software. Manipulation of the argument h can lead to cross-site scripting...

Thorium Platform Public Availability

Today, CISA, in partnership with Sandia National Laboratories, announced the public availability of Thoriumlink is external, a scalable and distributed platform for automated file analysis and result aggregation. Thorium enhances cybersecurity teams' capabilities by automating analysis workflows...

CVE-2024-38529 Admidio Vulnerable to RCE via Arbitrary File Upload in Message Attachment

Admidio is a free, open source user management system for websites of organizations and groups. In Admidio before version 4.3.10, there is a Remote Code Execution Vulnerability in the Message module of the Admidio Application, where it is possible to upload a PHP file in the attachment. The...

U.S. Dept Of Defense: CUI labled and ████ Restricted pdf on █████

Description: A file labeled with the following "CONTROLLED BY: ██████████ CUI ████: ███ ████████ Was discovered and based on public information ███████ CUI marking it appears it shouldn't be publicly available either. If i am wrong about the markings please correct me. References...