audiopus_sys is unmaintained

audiopussys is implicitly unmaintained and holds a reference to CMake versions with which CMake 4.0 is not backwards compatible, causing cargo builds to error. An effort to contact the maintainer was made on June 10th, 2025 with no reply. A separate 2025 PR was made from a different user addressi...

Topical Shifts in the Dark Web: A Longitudinal Analysis of Content from the Cybercrime Ecosystem

The dark web hosts a dynamic ecosystem of cybercrime forums and marketplaces that adapt to law enforcement pressure, technological change, and economic incentives. Prior research has extracted cyber threat intelligence from these platforms using static snapshots, with limited attention to how...

Two Cybersecurity Professionals Get 4-Year Sentences in BlackCat Ransomware Attacks

The U.S. Department of Justice DoJ on Thursday announced the sentencing of two cybersecurity professionals to four years each in prison for their role in facilitating BlackCat ransomware attacks in 2023. Ryan Goldberg , 40, of Georgia, and Kevin Martin , 36, of Texas, were accused of deploying th...

CVE-2026-3600

The Investi plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'investi-announcements-accordion' shortcode's 'maximum-num-years' attribute in all versions up to, and including, 1.0.26. This is due to insufficient input sanitization and output escaping on user-supplied...

CVE-2026-3600 Investi <= 1.0.26 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'maximum-num-years' Shortcode Attribute

The Investi plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'investi-announcements-accordion' shortcode's 'maximum-num-years' attribute in all versions up to, and including, 1.0.26. This is due to insufficient input sanitization and output escaping on user-supplied...

CVE-2026-3600 Investi <= 1.0.26 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'maximum-num-years' Shortcode Attribute

The Investi plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'investi-announcements-accordion' shortcode's 'maximum-num-years' attribute in all versions up to, and including, 1.0.26. This is due to insufficient input sanitization and output escaping on user-supplied...

CVE-2026-3600

The CVE concerns the WordPress plugin Investi . It is vulnerable to Stored Cross-Site Scripting via the shortcode attribute maximum-num-years in the investi-announcements-accordion shortcode, affecting versions up to and including 1.0.26 . The root cause is insufficient input sanitization and out...

PT-2026-31076

Name of the Vulnerable Software and Affected Versions Investi plugin for WordPress versions up to and including 1.0.26 Description The Investi plugin for WordPress is susceptible to Stored Cross-Site Scripting through the 'maximum-num-years' attribute of the 'investi-announcements-accordion'...

WordPress Investi plugin <= 1.0.26 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'maximum-num-years' Shortcode Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'maximum-num-years' Shortcode Attribute vulnerability discovered by Gilang - DJ in WordPress Plugin Investi versions = 1.0.26...

Ubuntu: Security Advisory (USN-8034-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

AZL-77691 CVE-2026-23118 affecting package kernel 6.6.126.1-1

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix data-race warning and potential load/store tearing Fix the following: BUG: KCSAN: data-race in rxrpcpeerkeepaliveworker / rxrpcsenddatapacket which is reporting an issue with the reads and writes to -lasttxat in:...

Iran’s Digital Surveillance Machine Is Almost Complete

After more than 15 years of draconian measures, culminating in an ongoing internet shutdown, the Iranian regime seems to be staggering toward its digital surveillance endgame...

A Bootiful Podcast: Jetbrains legend Dmitry Jemerov

Hi, Spring and IntelliJ IDEA fans! This week we celebrate 25 years of Jetbrains IntelliJ IDEA, and who better to talk to us about its evolution than Dmitry Jemerov, whose been a contributor and developer for the project since 2003!...

Wiz Recognized as a 2025 Customers’ Choice in the Gartner® Peer Insights™ Voice of the Customer for CNAPP

Wiz is proud to be the only vendor recognized as a Customers’ Choice for two consecutive years...

CVE-2025-68755

In the Linux kernel, the following vulnerability has been resolved: staging: most: remove broken i2c driver The MOST I2C driver has been completely broken for five years without anyone noticing so remove the driver from staging. Specifically, commit 723de0f9171e "staging: most: remove device from...

CVE-2025-68755 staging: most: remove broken i2c driver

In the Linux kernel, the following vulnerability has been resolved: staging: most: remove broken i2c driver The MOST I2C driver has been completely broken for five years without anyone noticing so remove the driver from staging. Specifically, commit 723de0f9171e "staging: most: remove device from...

Bugs that survive the heat of continuous fuzzing

Even when a project has been intensively fuzzed for years, bugs can still survive. ​​OSS-Fuzz is one of the most impactful security initiatives in open source. In collaboration with the OpenSSF Foundation, it has helped to find thousands of bugs in open-source software. Today, OSS-Fuzz fuzzes mor...

7 Year Long ShadyPanda Attack Spied on 4.3M Chrome and Edge Users

Koi Security exposes ShadyPanda, a group that used trusted Chrome/Edge extensions to infect 4.3 million users over 7 years for deep surveillance and corporate espionage...

VulnCheck KEV: CVE-2025-22214

Landray EIS 2001 through 2006 allows Message/fimessagereceiver.aspx?replyid= SQL injection...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990154)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990154 advisory. In the Linux kernel, the following vulnerability has been resolved: irqchip/gic-v3: Fix GICRCTLR.RWP polling It turns out that our polling of RWP is totally wrong wh...