57 matches found
The End of Trust: How Agentic AI Breaks Security Assumptions
For decades, the security of digital interaction has rested on an unacknowledged economic constraint. Attackers faced a tradeoff between the fidelity of a deception and the scale at which it could be deployed. Convincing impersonation required sustained human effort and was confined to a narrow s...
CVE-2026-26345
SPIP before 4.4.8 contains a stored cross-site scripting XSS vulnerability in the public area triggered in certain edge-case usage patterns. The echapperhtmlsuspect function does not adequately sanitize user-controlled content, allowing authenticated users with content-editing privileges e.g.,...
CVE-2026-26345
SPIP before 4.4.8 contains a stored cross-site scripting XSS vulnerability in the public area triggered in certain edge-case usage patterns. The echapperhtmlsuspect function does not adequately sanitize user-controlled content, allowing authenticated users with content-editing privileges e.g.,...
CVE-2026-26345
SPIP before 4.4.8 contains a stored cross-site scripting XSS vulnerability in the public area triggered in certain edge-case usage patterns. The echapperhtmlsuspect function does not adequately sanitize user-controlled content, allowing authenticated users with content-editing privileges e.g.,...
CVE-2026-26345 SPIP < 4.4.8 Cross-Site Scripting in Public Area
SPIP before 4.4.8 contains a stored cross-site scripting XSS vulnerability in the public area triggered in certain edge-case usage patterns. The echapperhtmlsuspect function does not adequately sanitize user-controlled content, allowing authenticated users with content-editing privileges e.g.,...
CVE-2026-26345 SPIP < 4.4.8 Cross-Site Scripting in Public Area
SPIP before 4.4.8 contains a stored cross-site scripting XSS vulnerability in the public area triggered in certain edge-case usage patterns. The echapperhtmlsuspect function does not adequately sanitize user-controlled content, allowing authenticated users with content-editing privileges e.g.,...
CVE-2026-26345
SPIP CVE-2026-26345 is a stored XSS in SPIP
CVE-2025-71246
...
SPIP 安全漏洞
SPIP is an open-source software developed by SPIP for creating Internet websites. Versions of SPIP prior to 4.4.8 contained a security vulnerability caused by insufficient cleanup of the echapperhtmlsuspect function, which could lead to stored-xss attacks...
PT-2026-20844
SPIP before 4.4.8 allows Cross-Site Scripting XSS in the public area for certain edge-case usage patterns. The echapper html suspect function does not adequately detect all forms of malicious content, permitting an attacker to inject scripts that execute in a visitor's browser. This vulnerability...
PT-2026-20854
Name of the Vulnerable Software and Affected Versions SPIP versions prior to 4.4.8 Description SPIP before version 4.4.8 contains a Cross-Site Scripting XSS issue in the public area due to insufficient detection of malicious content by the echapper html suspect function. This allows an attacker t...
Operation Endgame Hits Rhadamanthys, VenomRAT, Elysium Malware, seize 1025 servers
Europol-led Operation Endgame seizes 1,025 servers and arrests a key suspect in Greece, disrupting three major global malware and hacking tools, including Rhadamanthys, VenomRAT and Elysium botnet...
Ukrainian Conti Ransomware Suspect Extradited to US from Ireland
Ukrainian man accused of helping run Conti ransomware extradited from Ireland to the U.S. to face charges over global cyberattacks and $150M in ransom payments...
Charlie Kirk Shooting Suspect Identified as 22-Year-Old Utah Man
Authorities have named Tyler Robinson as a suspect in the murder of right-wing influencer Charlie Kirk, citing Discord messages as evidence of his alleged role...
Malicious code in callisto-subscription-selenology-cybernetics (npm)
The package callisto-subscription-selenology-cybernetics was found to contain malicious code...
Malicious code in project-w5hfn-india (npm)
The package project-w5hfn-india was found to contain malicious code...
MAL-2025-25900 Malicious code in mantheon (npm)
The package mantheon was found to contain malicious code...
Moldovan Police Arrest Suspect in €4.5M Ransomware Attack on Dutch Research Agency
Moldovan law enforcement authorities have arrested a 45-year-old foreign man suspected of involvement in a series of ransomware attacks targeting Dutch companies in 2021. "He is wanted internationally for committing several cybercrimes ransomware attacks, blackmail, and money laundering against...
Police Arrest UnitedHealthcare CEO Shooting Suspect, App Developer Luigi Mangione
Luigi Mangione, a 26-year-old graduate of the University of Pennsylvania, was apprehended on Monday after visiting a McDonald's in Altoona, Pennsylvania...
The vulnerability of the ApexOne Security Agent for antivirus software from Trend Micro’s Apex One and Apex One as a Service allows attackers to execute arbitrary code and gain elevated privileges.
The vulnerability of the ApexOne Security Agent in antivirus software products Trend Micro Apex One and Apex One as a Service is related to deficiencies in access control for the Suspect folder. Exploiting this vulnerability can allow attackers to execute arbitrary code and increase their...