PT-2026-46365

That number got my attention. I've cleaned up enough incidents to know what usually happens when a vulnerability becomes public. Attackers don't wait. Right now there are 145 WordPress plugins/themes with publicly disclosed vulnerabilities that still have no available fix. If you're running any o...

CVE-2026-7862

The Eupago Gateway For Woocommerce WordPress plugin before 4.7.2 does not properly restrict access to its refund request handler, allowing unauthenticated attackers to initiate refunds against any WooCommerce order using the merchant's payment gateway credentials, and for applicable payment...

CVE-2026-46414 Microsoft UFO WebSocket role spoofing allows authenticated peer task hijacking

Microsoft UFO open-source framework for intelligent automation across devices and platforms. In 3.0.1-4-ge2626659, Microsoft UFO's WebSocket control plane trusts client-supplied identity and role fields in task messages. A client connection can register as a normal device, but later send a TASK...

PT-2026-44119

Name of the Vulnerable Software and Affected Versions Microsoft UFO version 3.0.1-4-ge2626659 Description The WebSocket control plane trusts client-supplied identity and role fields in task messages. An authenticated WebSocket client with a shared server token can register as a normal device and...

Analyzing Concentration, Temporal Routines and Targeting in Public Ransomware Leak Site Data

Ransomware has grown to become one of the most damaging types of cybercrime, affecting private and public organizations in any sector. While early types of ransomware targeted many victims via automated attacks, ransomware groups have started to specifically target organizations and companies in...

Malicious code in martinez-polygon-clipping-tony (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dabf04b2f99e28eb10740bd7459bf64513fac98a064b60071b1e7aabf8674dd0 Package name impersonates the legitimate martinez-polygon-clipping library: README, badges, and API surface are copied verbatim, while repository...

Important: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: dotnet9.0: aspnetcore-runtime-9.0-9.0.16-1.hum1 aarch64, x8664 aspnetcore-runtime-dbg-9.0-9.0.16-1.hum1 aarch64, x8664 aspnetcore-targeting-pack-9.0-9.0.16-1.hum1 aarch64, x8664...

Important: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: dotnet10.0: aspnetcore-runtime-10.0-10.0.8-1.hum1 aarch64, x8664 aspnetcore-runtime-dbg-10.0-10.0.8-1.hum1 aarch64, x8664 aspnetcore-targeting-pack-10.0-10.0.8-1.hum1 aarch64, x8664...

Characterizing AI-Assisted Bot Traffic in Darknet Data: Implications for ICS and IIoT Security

The rise of automated scanning tools and AI assisted reconnaissance agents has significantly altered internet background traffic patterns, threatening the baseline assumptions underlying intrusion detection systems IDS deployed in critical infrastructure networks. This paper characterizes the...

Global Crackdown Arrests 276, Shuts 9 Crypto Scam Centers, Seizes $701M

A coordinated international operation involving U.S. and Chinese authorities has arrested at least 276 suspects and shut down nine scam centers used for cryptocurrency investment fraud schemes targeting Americans, resulting in millions of dollars in losses. The crackdown was led by the Dubai...

Malicious code in paypal-payouts-bridge (npm)

Malicious npm package published by the microsop threat actor as part of a dependency-confusion campaign that impersonates internal tooling at Microsoft, Google Cloud, and PayPal using inflated semver values e.g. 99.9.x, 100.1.x to win npm resolution against private internal packages. All packages...

Amazon Linux 2023 : aspnetcore-runtime-10.0, aspnetcore-runtime-dbg-10.0, aspnetcore-targeting-pack-10.0 (ALAS2023-2026-1634)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1634 advisory. Improper verification of cryptographic signature in ASP.NET Core allows an unauthorized attacker to elevate privileges over a network. CVE-2026-40372 Tenable has extracted the preceding description blo...

Important: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: dotnet9.0: aspnetcore-runtime-9.0-9.0.15-1.hum1 aarch64, x8664 aspnetcore-runtime-dbg-9.0-9.0.15-1.hum1 aarch64, x8664 aspnetcore-targeting-pack-9.0-9.0.15-1.hum1 aarch64, x8664...

FreeScout 安全漏洞

FreeScout is a lightweight and powerful free open-source help desk and shared inbox built using PHP Laravel framework by FreeScout Inc. Versions of FreeScout prior to 1.8.214 contained security vulnerabilities. These vulnerabilities stemmed from the phone conversation creation process, which...

This fake Windows support website delivers password-stealing malware

A fake Microsoft support website is tricking people into downloading what looks like a normal Windows update. Instead, it installs malware designed to steal passwords, payment details, and account access. Because the file looks legitimate and avoids detection, it can slip past both users and...

Server-Side Request Forgery (SSRF)

github.com/charmbracelet/soft-serve is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to lack of validation in webhook URLs, which allows an attacker to create malicious webhooks that target internal services, private networks, and cloud metadata endpoints...

CVE-2026-0397

A flaw was found in the internal webserver of dnsdist and PowerDNS. When the internal webserver is enabled, a remote attacker can exploit a misconfiguration in the Cross-Origin Resource Sharing CORS policy. By tricking an administrator logged into the dashboard into visiting a malicious website,...

‘CanisterWorm’ Springs Wiper Attack Targeting Iran

A financially motivated data theft and extortion group is attempting to inject itself into the Iran war, unleashing a worm that spreads through poorly secured cloud services and wipes data on infected systems that use Iran's time zone or have Farsi set as the default language. Experts say the wip...

OFAC Sanctions DPRK IT Worker Network Funding WMD Programs Through Fake Remote Jobs

The U.S. Department of the Treasury's Office of Foreign Assets Control OFAC has sanctioned six individuals and two entities for their involvement in the Democratic People's Republic of Korea DPRK information technology IT worker scheme with an aim to defraud U.S. businesses and generate illicit...

GlassWorm Supply-Chain Attack Abuses 72 Open VSX Extensions to Target Developers

Cybersecurity researchers have flagged a new iteration of the GlassWorm campaign that they say represents a "significant escalation" in how it propagates through the Open VSX registry. "Instead of requiring every malicious listing to embed the loader directly, the threat actor is now abusing...