EUVD-2026-34937

An authenticated format string vulnerability exists in the ONVIF Subscribe service in Tapo C520WS v2 due to improper handling of externally supplied parameters within formatting functions. An attacker may inject crafted format strings into event subscription requests or notification generation pa...

CVE-2026-6242

An authenticated format string vulnerability exists in the ONVIF Subscribe service in Tapo C520WS v2 due to improper handling of externally supplied parameters within formatting functions. An attacker may inject crafted format strings into event subscription requests or notification generation pa...

Storm Infostealer Sold as Service, Targets Browsers, Wallets and Accounts

New research from Varonis Threat Labs reveals Storm infostealer, a malicious subscription service that bypasses Google Chrome encryption.…...

EUVD-2025-20510

Malicious code in bioql PyPI...

Cybercriminals Increasingly Using EvilProxy Phishing Kit to Target Executives

Threat actors are increasingly using a phishing-as-a-service PhaaS toolkit dubbed EvilProxy to pull off account takeover attacks aimed at high-ranking executives at prominent companies. According to Proofpoint, an ongoing hybrid campaign has leveraged the service to target thousands of Microsoft...

Twitter and two-factor authentication: What's changing?

Twitter is making some dramatic shake ups to its currently available security settings. From March 19, users of Twitter wont be able to use SMS-based two-factor authentication 2FA unless they have a subscription to the paid Twitter Blue service. If you use text-based 2FA, the important thing here...

CVE-2020-22427

NagiosXI 5.6.11 is affected by a remote code execution RCE vulnerability. An authenticated nagiosadmin user can inject additional commands into a request. NOTE: the vendor disputes whether the CVE and its references are actionable because all technical details are omitted, and the only option is ...

Remote code execution

NagiosXI 5.6.11 is affected by a remote code execution RCE vulnerability. An authenticated nagiosadmin user can inject additional commands into a request. NOTE: the vendor disputes whether the CVE and its references are actionable because all technical details are omitted, and the only option is ...

StoreFront - Citrix Subscriptions Store service not starting up on one storefront server in server group

When launching a published application an error message israndomly seen . "Your apps are not available at this time. Please try again in a few minutes or contact your help desk with this information: Cannot contact Storefront" The issue is caused by subscription service store service not starting...

The Unhappiest Subscribers on Earth? Disney+ Accounts Hacked & Hijacked

The highly anticipated Disney+ streaming service launched last week – and was promptly targeted by hackers looking to compromise users’ accounts. Around 4,000 customer account credentials have shown up for sale on hacking forums for around $3 each, according to reports. An investigation by ZDNet...

Ollance Member Login Script Multiple Vulnerabilities

Exploit for php platform in category web applications Exploit Title: Ollance login script Multiple Vulnerabilities Vendor: www.ollance.com Date: 1st july,2011 Google Dork: Powered by Ollance Member Login Script BRIEF DESCRIPTION Ollance Member Login is a PHP membership management system. Your...