Aggregator

CVE-2026-5546 | Campcodes Complete Online Learning Management System 1.0 Crud_model.php add_lesson unrestricted upload (EUVD-2026-19040)

VulDB Recent Entries
4 weeks ago
A vulnerability has been found in Campcodes Complete Online Learning Management System 1.0 and classified as critical. This impacts the function add_lesson of the file /application/models/Crud_model.php. This manipulation causes unrestricted upload. The identification of this vulnerability is CVE-2026-5546. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.
vuldb.com

Critical Fortinet FortiClient EMS 0-Day Vulnerability Actively Exploited in the Wild

Cyber Security News
4 weeks ago

Fortinet has issued an emergency hotfix after security researchers disclosed a critical zero-day vulnerability in FortiClient EMS that is already being actively exploited by threat actors. Tracked as CVE-2026-35616 and carrying a CVSSv3 score of 9.1 (Critical), the flaw enables unauthenticated attackers to bypass API authentication and authorization controls entirely, allowing them to execute arbitrary […]

The post Critical Fortinet FortiClient EMS 0-Day Vulnerability Actively Exploited in the Wild appeared first on Cyber Security News.

Guru Baran

ShinyHunters Claims Rebooted BreachForums Now More Secure

BankInfoSecurity.com
4 weeks ago
Group Resurrects Hacker Site Despite Multiple Law Enforcement Disruptions
Drama continues to come fast and furious in BreachForums land, as the ShinyHunters group announced that it's rebooted the long-running and oft-disrupted forum yet again, just weeks after it got hacked and its databases dumped, leading the previous admin to allegedly exit scam and steal $4,000.

The Theranos Playbook Is Quietly Returning in Cybersecurity

BankInfoSecurity.com
4 weeks ago
Market Pressures Are Rewarding Storytelling More Than Validation, Operational Value
The fall of health tech company Theranos exposed how hype can outpace reality. In cybersecurity, similar pressures are emerging as vendors compete with bold claims and buyers struggle to verify outcomes. The result: a market where narrative can overshadow measurable operational value.

Mercor Breach Linked to LiteLLM Supply-Chain Attack

BankInfoSecurity.com
4 weeks ago
AI Dependency Attack Reportedly Exposes Data and Source Code
A LiteLLM supply-chain compromise enabled attackers to harvest credentials and access internal environments at scale at Mercor. The firm was the first to confirm a LiteLLM breach, and researchers are warning about growing AI system exposure and limited visibility.

One-Time Passcodes Are Gateway for Financial Fraud Attacks

BankInfoSecurity.com
4 weeks ago
Report Reveals Growing Trend of Fraudsters Intercepting SMS-Based Verification
Financial institutions have historically relied on one-time passcodes as a primary authentication control for their accountholders. But OTP verification is less reliable as fraudsters increasingly exploit SMS-based verification weaknesses to carry out account takeover and payment fraud schemes.

New Progress ShareFile Bugs Let Attackers Take Over Servers Without Logging In

Cyber Security News
4 weeks ago

A dangerous attack chain in Progress ShareFile that can allow attackers to take over exposed on-premises servers without first logging in. The issues affect customer-managed ShareFile Storage Zones Controller 5.x deployments, and Progress says customers should upgrade to version 5.12.4 or move to any 6.x release, which is not impacted. According to Progress and WatchTower, […]

The post New Progress ShareFile Bugs Let Attackers Take Over Servers Without Logging In appeared first on Cyber Security News.

Abinaya

Managed ad