108 matches found
CVE-2026-25089
creationtimestamp| type| source ---|---|--- 2026-06-10 05:00:00+00:00| seen| https://www.cert.se/2026/06/patchtisdag-juni-2026-samlad-information-om-manadens-sakerhetsuppdateringar.html 2026-06-10 09:00:04+00:00| published-proof-of-concept| Telegram/ZHpMnVOz2cJfIOonPjLT3mqz43XsQAtrT-ty2tkYMtXDqE...
[Webinar] How to Close Identity Gaps in 2026 Before AI Exploits Enterprise Risk
In the rapid evolution of the 2026 threat landscape, a frustrating paradox has emerged for CISOs and security leaders: Identity programs are maturing, yet the risk is actually increasing. According to new research from the Ponemon Institute , hundreds of applications within the typical enterprise...
CVE-2026-5279
creationtimestamp| type| source ---|---|--- 2026-03-31 17:00:00+00:00| seen| https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0385/ 2026-04-01 18:00:00+00:00| seen| https://www.hkcert.org/security-bulletin/google-chrome-multiple-vulnerabilities20260402 2026-04-02 01:18:12+00:00| seen|...
CVE-2026-32291
creationtimestamp| type| source ---|---|--- 2026-03-18 17:04:14+00:00| seen| https://t.me/truesecator/8008...
CVE-2026-32294
creationtimestamp| type| source ---|---|--- 2026-03-18 17:04:14+00:00| seen| https://t.me/truesecator/8008...
CVE-2025-61675
creationtimestamp| type| source ---|---|--- 2025-12-14 15:00:08+00:00| published-proof-of-concept| Telegram/OHr82OtRsE7SrX-5JX0BTKOCwGseELWPcAGkyhObfyZN6dU 2025-12-15 13:32:00+00:00| seen| https://thehackernews.com/2025/12/freepbx-authentication-bypass-exposed.html 2025-12-15 15:57:55+00:00| seen...
CVE-2025-11371
creationtimestamp| type| source ---|---|--- 2025-10-10 07:34:00+00:00| seen| https://thehackernews.com/2025/10/from-lfi-to-rce-active-exploitation.html 2025-10-10 08:10:45+00:00| seen| https://www.acn.gov.it/portale/w/gladinet-rilevato-sfruttamento-in-rete-della-cve-2025-11371 2025-10-10...
CVE-2025-53693
creationtimestamp| type| source ---|---|--- 2025-08-29 14:35:14+00:00| seen| https://vulnerability.circl.lu/bundle/b0453b3f-aa70-494d-8cbf-b4217e22de4a 2025-08-29 15:22:00+00:00| seen| https://thehackernews.com/2025/08/researchers-warn-of-sitecore-exploit.html 2025-08-29 21:26:35+00:00| seen|...
CVE-2023-42770
creationtimestamp| type| source ---|---|--- 2025-06-11 14:31:29+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/18078 2025-10-15 04:50:00+00:00| seen| https://thehackernews.com/2025/10/two-cvss-100-bugs-in-red-lion-rtus.html 2025-10-16 04:34:04+00:00| seen|...
CVE-2014-2120
creationtimestamp| type| source ---|---|--- 2024-11-12 18:40:00+00:00| seen| https://infosec.exchange/users/screaminggoat/statuses/113471442114730989 2024-11-12 19:24:16+00:00| seen| https://feedsin.space/feed/CISAKevBot/items/2659503 2024-11-12 21:10:02+00:00| seen|...
Microsoft, OpenAI Warn of Nation-State Hackers Weaponizing AI for Cyber Attacks
Nation-state actors associated with Russia, North Korea, Iran, and China are experimenting with artificial intelligence AI and large language models LLMs to complement their ongoing cyber attack operations. The findings come from a report published by Microsoft in collaboration with OpenAI, both ...
Malware Using Google MultiLogin Exploit to Maintain Access Despite Password Reset
Information stealing malware are actively taking advantage of an undocumented Google OAuth endpoint named MultiLogin to hijack user sessions and allow continuous access to Google services even after a password reset. According to CloudSEK, the critical exploit facilitates session persistence and...
DarkGate and PikaBot Malware Resurrect QakBot's Tactics in New Phishing Attacks
Phishing campaigns delivering malware families such as DarkGate and PikaBot are following the same tactics previously used in attacks leveraging the now-defunct QakBot trojan. "These include hijacked email threads as the initial infection, URLs with unique patterns that limit user access, and an...
Microsoft Patch Tuesday July 2023: Vulristics improvements, Office RCE, SFB SmartScreen and Outlook, EoP MSHTML and ERS, other RCEs
Microsoft Patch Tuesday July 2023: Vulristics improvements, Office RCE, SFB SmartScreen and Outlook, EoP MSHTML and ERS, other RCEs. Hello everyone! This episode will be about Microsoft Patch Tuesday for July 2023, including vulnerabilities that were added between June and July Patch Tuesdays...
Join Our Webinar: Learn How to Defeat Ransomware with Identity-Focused Protection
Are you concerned about ransomware attacks? You're not alone. In recent years, these attacks have become increasingly common and can cause significant damage to organizations of all sizes. But there's good news - with the right security measures in place, such as real-time MFA and service account...
OpenSSH Releases Patch for New Pre-Auth Double Free Vulnerability
The maintainers of OpenSSH have released OpenSSH 9.2 to address a number of security bugs, including a memory safety vulnerability in the OpenSSH server sshd. Tracked as CVE-2023-25136, the shortcoming has been classified as a pre-authentication double free vulnerability that was introduced in...
New Ursnif Variant Likely Shifting Focus to Ransomware and Data Theft
The Ursnif malware has become the latest malware to shed its roots as a banking trojan to revamp itself into a generic backdoor capable of delivering next-stage payloads, joining the likes of Emotet, Qakbot, and TrickBot. "This is a significant shift from the malware's original purpose to enable...
New EvilProxy Phishing Service Allowing Cybercriminals to Bypass 2-Factor Security
A new phishing-as-a-service PhaaS toolkit dubbed EvilProxy is being advertised on the criminal underground as a means for threat actors to bypass two-factor authentication 2FA protections employed against online services. "EvilProxy actors are using reverse proxy and cookie injection methods to...
Critical LFI Vulnerability Reported in Hashnode Blogging Platform
Researchers have disclosed a previously undocumented local file inclusion LFI vulnerability in Hashnode, a developer-oriented blogging platform, that could be abused to access sensitive data such as SSH keys, server's IP address, and other network information. "The LFI originates in a Bulk Markdo...
WordPress plugins affected by critical vulnerability impacting 84,000 websites
THREAT LEVEL: Amber. For a detailed advisory, download the pdf file here. WordPress powers over 43.0% of all the websites on the Internet. A Cross-Site Request Forgery vulnerability CVE-2022-0215 was discovered in three plugins of WordPress. This flaw made it possible for an attacker to update...