Wiz ZeroDay.Cloud Event Reveals 20-Year-Old PostgreSQL Vulnerabilities

Researchers revealed 20-year-old PostgreSQL flaws at Wiz ZeroDay.Cloud event, exposing critical bugs in pgcrypto and prompting urgent patches for database security...

Astra Linux - уязвимость в open-iscsi

An issue was discovered in uIP 1.0, as used in Contiki 3.0 and other products. When the Urgent flag is set in a TCP packet, and the stack is configured to ignore the urgent data, the stack attempts to use the value of the Urgent pointer bytes to separate the Urgent data from the normal data, by...

CVE-2026-33032: Nginx UI Missing MCP Authentication

Overview On March 30, 2026, a security advisory was published for a critical vulnerability affecting Nginx UI. Nginx UI is an open-source web interface to centralize the management of Nginx configurations and SSL certificates. The critical vulnerability, CVE-2026-33032, was reported in early Marc...

PT-2026-28798

OpenClaw before 2026.3.22 contains a policy bypass vulnerability where queued node actions are not revalidated against current command policy when delivered. Attackers can exploit stale allowlists or declarations that survive policy tightening to execute unauthorized commands...

The March Madness scam playbook

March Madness is the annual men's and women's NCAA Division I basketball tournament, where 68 teams play in a single-elimination bracket for the US national championship. But March Madness doesn’t just bring buzzer beaters and busted brackets. It also kicks off a short, intense season for scammer...

The Agentic Security Crisis: Why You Need to Act Now

...

Watch out for tax-season robocalls pushing fake “relief programs”

While Americans are sorting through paperwork to get their taxes filed in time, scammers are working overtime to grab a piece of the action. As tax season ramps up, so does scam activity. Our telemetry shows a spike in robocalls impersonating tax resolution firms, tax relief agencies, and vaguely...

Fedora 44 : valkey (2026-ca1077dd2e)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-ca1077dd2e advisory. Valkey 9.0.3 - February 23, 2026 Upgrade urgency SECURITY: This release includes security fixes we recommend you apply as soon as possible. Security...

PT-2026-8383

Apple recently patched the missing piece in the userland part of the Dec'25 full-chain exploit. CVE-2026-20700: dyld memory corruption to PAC bypass This bug completes the chain of CVE-2026-43529 jsc UAF RCE, PoC public and CVE-2026-14174 Angle OOB EoP, no working PoC yet. Patched in iOS 26.3...

MiracleLinux 4 : kernel-2.6.32-696.3.1.el6 (AXSA:2017-1700:04)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2017-1700:04 advisory. The kernel package contains the Linux kernel vmlinuz, the core of any Linux operating system. The kernel handles the basic functions of the operating system:...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002770)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002770 advisory. The tcpspliceread function in net/ipv4/tcp.c in the Linux kernel before 4.9.11 allows remote attackers to cause a denial of service infinite loop and soft lockup via...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003475)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003475 advisory. The tcpspliceread function in net/ipv4/tcp.c in the Linux kernel before 4.9.11 allows remote attackers to cause a denial of service infinite loop and soft lockup via...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001619)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001619 advisory. The tcpspliceread function in net/ipv4/tcp.c in the Linux kernel before 4.9.11 allows remote attackers to cause a denial of service infinite loop and soft lockup via...

React2Shell (CVE-2025-55182): Everything You Need to Know About the Critical React Vulnerability

Detect and mitigate React2Shell CVE-2025-55182, critical RCE vulnerability in React and Next.js exploited in the wild. Organizations should patch urgently...

MAL-2025-110236 Malicious code in urgent_jackal-gooddev (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 04f08ca5d149f977be76ec178d42cd13af2f5e92a1a56596c15fe599edbf622e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-78005

Malicious code in urgentcodz3n npm...

EUVD-2025-78004

Malicious code in urgentcrocodilez3n npm...

EUVD-2025-78006

Malicious code in urgentbobcatz3n npm...

MAL-2025-110234 Malicious code in urgent_crocodile_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0750122d6e3500929751c8317f0b6c30001095fe7e0ce5e7e6f784c789737498 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-80157

Malicious code in urgentshrewdumbs npm...