Aggregator

One of the most widely used JavaScript libraries in the world was turned into a weapon on March 30, 2026, when attackers poisoned the Axios npm package and silently deployed malware on developer machines running Windows, macOS, and Linux. With over 100 million weekly downloads, Axios is the most popular HTTP client in the JavaScript […]

The post Hackers Use Poisoned Axios Package and Phantom Dependency to Spread Cross-Platform Malware appeared first on Cyber Security News.

Tushar Subhra Dutta

UAT-10608 Collective Hijacked 700+ Next.js Servers in Hours

Penetration Testing Tools - Metepreter.org

3 weeks 4 days ago

Cybersecurity specialists have chronicled a voluminous, automated campaign for credential harvesting that, within a mere matter of hours,

The post UAT-10608 Collective Hijacked 700+ Next.js Servers in Hours appeared first on Penetration Testing Tools.

ddos

CVE-2026-5681 | itsourcecode sanitize or validate this input 1.0 Parameter /borrowedequip.php emp_id sql injection

VulDB Recent Entries

3 weeks 4 days ago

A vulnerability was found in itsourcecode sanitize or validate this input 1.0. It has been classified as critical. This impacts an unknown function of the file /borrowedequip.php of the component Parameter Handler. This manipulation of the argument emp_id causes sql injection. This vulnerability is tracked as CVE-2026-5681. The attack is possible to be carried out remotely. Moreover, an exploit is present.

vuldb.com

CVE-2026-5673 | libtheora AVI File Parser avi_parse_input_file out-of-bounds

VulDB Recent Entries

3 weeks 4 days ago

A vulnerability was found in libtheora and classified as problematic. This affects the function avi_parse_input_file of the component AVI File Parser. The manipulation results in out-of-bounds read. This vulnerability is identified as CVE-2026-5673. The attack is only possible with local access. There is not any exploit available.

vuldb.com

Legacy Shadows: OpenSSH 10.3 Eradicates Decades-Old “Berkeley rcp” Security Flaws

Penetration Testing Tools - Metepreter.org

3 weeks 4 days ago

The OpenSSH architects have promulgated version 10.3—an iteration that proves significantly more profound than a mere routine synchronization.

The post Legacy Shadows: OpenSSH 10.3 Eradicates Decades-Old “Berkeley rcp” Security Flaws appeared first on Penetration Testing Tools.

ddos

KRYBIT

Dark Feed IO

3 weeks 4 days ago

You must login to view this content

cohenido

Banning Routers Won’t Secure the Internet

Security Boulevard

3 weeks 4 days ago

Washington’s push to ban foreign-made Wi-Fi routers may sound tough on cybersecurity, but like earlier bans on foreign drones and telecom gear it risks becoming security theater that ignores the real problem: Millions of unpatched devices already sitting on American networks.

The post Banning Routers Won’t Secure the Internet appeared first on Security Boulevard.

Alan Shimel

Banning Routers Won’t Secure the Internet

不安全

3 weeks 4 days ago

好的，我现在需要帮用户总结一篇文章的内容，控制在100字以内。用户的要求很明确，不需要特定的开头，直接写文章描述。首先，我得通读整篇文章，理解其主要观点。文章讨论了Wi-Fi路由器从默默无闻到成为国家安全焦点的转变。美国FCC禁止销售外国制造的路由器，以应对潜在的安全威胁。但作者认为，这种方法并不实际，真正的问题在于固件和设备管理。接下来，我需要提炼关键点：路由器的重要性提升、政策背景、作者的批评以及解决方案。要确保在100字内涵盖这些内容。可能的结构是：先说明路由器成为焦点的原因，然后指出政策问题，最后提出正确的解决方向。这样既简洁又全面。最后，检查字数是否符合要求，并确保语言流畅自然。 Wi-Fi路由器从默默无闻的家庭设备转变为国家安全焦点。美国FCC以安全风险为由禁止销售外国制造的路由器，但作者认为这一政策忽视了真正的安全问题——固件和设备管理漏洞。作者建议应关注设备维护和更新而非制造地限制。

Submit #792708: SourceCodester Clinic's Patient Management System in PHP/PDO Free Source Code V1.0 SQL Injection [Duplicate]

Vuldb Submit

3 weeks 4 days ago

Submit #792708 / VDB-273620

sqlmap961

Digital Wraiths: How Android’s “God Mode” is Turning Smartphones into Banking Trojans

Penetration Testing Tools - Metepreter.org

3 weeks 4 days ago

Digital marauders have devised methodologies to transmute mundane Android smartphones into entirely subjugated apparatuses. Indian authorities report that

The post Digital Wraiths: How Android’s “God Mode” is Turning Smartphones into Banking Trojans appeared first on Penetration Testing Tools.

ddos

Submit #792688: itsourcecode Construction Management System V1.0 SQL Injection [Accepted]

Vuldb Submit

3 weeks 4 days ago

Submit #792688 / VDB-355508

lllyyy123

CVE-2026-5679 | Totolink A3300R 17.0.0cu.557_B20221024 /cgi-bin/cstecgi.cgi vsetTr069Cfg stun_pass os command injection

VulDB Recent Entries

3 weeks 4 days ago

A vulnerability has been found in Totolink A3300R 17.0.0cu.557_B20221024 and classified as critical. The impacted element is the function vsetTr069Cfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument stun_pass leads to os command injection. This vulnerability is referenced as CVE-2026-5679. The attack needs to be initiated within the local network. Furthermore, an exploit is available.

vuldb.com

CVE-2026-5678 | Totolink A7100RU 7.4cu.2313_b20191024 /cgi-bin/cstecgi.cgi setScheduleCfg mode os command injection

VulDB Recent Entries

3 weeks 4 days ago

A vulnerability, which was classified as critical, was found in Totolink A7100RU 7.4cu.2313_b20191024. The affected element is the function setScheduleCfg of the file /cgi-bin/cstecgi.cgi. Executing a manipulation of the argument mode can lead to os command injection. The identification of this vulnerability is CVE-2026-5678. The attack may be launched remotely. Furthermore, there is an exploit available.

vuldb.com