Aggregator

Anthropic Updated Privacy Policy to Include Identity Verification for Claude Users

Cyber Security News
11 hours 23 minutes ago

Anthropic has updated its privacy policy for Claude, adding explicit terminology that allows the company to perform age and identity verification on consumer users. The change signals a tighter security and compliance stance across Claude Free, Pro, and Max plans. It is scheduled to take effect on July 8, 2026. In the revised policy, Anthropic […]

The post Anthropic Updated Privacy Policy to Include Identity Verification for Claude Users appeared first on Cyber Security News.

Abinaya

One-Click Microsoft 365 Copilot Flaw Could Have Let Attackers Steal Emails, Files, and MFA Codes

The Hackers News
11 hours 29 minutes ago
A single click on a trusted Microsoft link could have let an attacker pull emails, calendar details, and indexed files out of Microsoft 365 Copilot Enterprise Search. Researchers at Varonis Threat Labs chained three bugs into a one-click exfiltration path they call SearchLeak. Because the link pointed to a real microsoft.com domain, traditional anti-phishing and URL filtering tools were
The Hacker News

CVE-2026-40992 | Vmware Spring Boot up to 3.4.16/3.5.14/4.0.6 Configuration certificate validation (CNNVD-202606-3065)

Vuldb Updates
11 hours 32 minutes ago
A vulnerability was found in Vmware Spring Boot up to 3.4.16/3.5.14/4.0.6. It has been classified as problematic. Affected is an unknown function of the component Configuration Handler. Performing a manipulation results in improper certificate validation. This vulnerability is reported as CVE-2026-40992. The attack is possible to be carried out remotely. No exploit exists. Upgrading the affected component is recommended.
vuldb.com

CVE-2026-40986 | Vmware Spring Web Flow up to 2.5.1/3.0.1/4.0.0 cross site scripting (CNNVD-202606-3067)

Vuldb Updates
11 hours 32 minutes ago
A vulnerability marked as problematic has been reported in Vmware Spring Web Flow up to 2.5.1/3.0.1/4.0.0. Impacted is an unknown function. Performing a manipulation results in cross site scripting. This vulnerability was named CVE-2026-40986. The attack may be initiated remotely. There is no available exploit. It is suggested to upgrade the affected component.
vuldb.com

CVE-2026-40987 | Vmware Spring Integration up to 7.0.4 /SFTP/SMB path traversal (CNNVD-202606-3066)

Vuldb Updates
11 hours 32 minutes ago
A vulnerability described as critical has been identified in Vmware Spring Integration up to 5.5.20/6.3.14/6.4.11/6.5.8/7.0.4. The affected element is an unknown function of the file /SFTP/SMB. Executing a manipulation can lead to path traversal. The identification of this vulnerability is CVE-2026-40987. The attack may be launched remotely. There is no exploit available. Upgrading the affected component is recommended.
vuldb.com

CVE-2026-10795 | davidanderson UpdraftPlus Plugin up to 1.26.4 on WordPress wp_loaded signature verification (EUVD-2026-36215 / CNNVD-202606-3068)

Vuldb Updates
11 hours 32 minutes ago
A vulnerability, which was classified as problematic, was found in davidanderson UpdraftPlus Plugin up to 1.26.4 on WordPress. The impacted element is the function UpdraftPlus_Remote_Communications_V2::wp_loaded. The manipulation results in improper verification of cryptographic signature. This vulnerability is cataloged as CVE-2026-10795. The attack may be launched remotely. There is no exploit available.
vuldb.com

CVE-2026-2827 | 100plugins Open User Map PRO Plugin up to 1.4.31 on WordPress versions oum_location_notification cross site scripting (EUVD-2026-36198 / CNNVD-202606-3071)

Vuldb Updates
11 hours 32 minutes ago
A vulnerability categorized as problematic has been discovered in 100plugins Open User Map PRO Plugin up to 1.4.31 on WordPress. This issue affects the function versions. The manipulation of the argument oum_location_notification results in cross site scripting. This vulnerability was named CVE-2026-2827. The attack may be performed from remote. There is no available exploit.
vuldb.com

CVE-2026-35273 | Oracle PeopleSoft Enterprise PeopleTools 8.61/8.62 Updates Environment Management missing authentication (EUVD-2026-36199 / CNNVD-202606-3070)

Vuldb Updates
11 hours 32 minutes ago
A vulnerability labeled as very critical has been found in Oracle PeopleSoft Enterprise PeopleTools 8.61/8.62. The affected element is an unknown function of the component Updates Environment Management. Such manipulation leads to missing authentication. This vulnerability is referenced as CVE-2026-35273. It is possible to launch the attack remotely. Furthermore, an exploit is available. The affected component should be upgraded.
vuldb.com

CVE-2026-40985 | Vmware Spring Web Flow up to 2.5.1/3.0.1/4.0.0 expression language injection (EUVD-2026-36200 / CNNVD-202606-3069)

Vuldb Updates
11 hours 32 minutes ago
A vulnerability was found in Vmware Spring Web Flow up to 2.5.1/3.0.1/4.0.0. It has been classified as problematic. The impacted element is an unknown function. This manipulation causes improper neutralization of special elements used in an expression language statement. This vulnerability appears as CVE-2026-40985. The attack may be initiated remotely. There is no available exploit. Upgrading the affected component is recommended.
vuldb.com

Critical Microsoft 365 Copilot Vulnerability Allows Attackers to Steal Data in One Click

Cyber Security News
11 hours 35 minutes ago

A critical vulnerability chain in Microsoft 365 Copilot Enterprise that let attackers steal sensitive corporate data, MFA codes, email contents, calendar details, and confidential files with nothing more than a single click on a link pointing to a legitimate Microsoft domain. Dubbed SearchLeak, uncovered by Varonis Threat Labs and tracked as CVE-2026-42824, the flaw earned […]

The post Critical Microsoft 365 Copilot Vulnerability Allows Attackers to Steal Data in One Click appeared first on Cyber Security News.

Guru Baran

CVE-2026-5233 | MIA Pizzy Library prior 1.3.9.26250 improper control of interaction frequency

VulDB Recent Entries
11 hours 40 minutes ago
A vulnerability categorized as problematic has been discovered in MIA Pizzy Library. This issue affects some unknown processing. Executing a manipulation can lead to improper control of interaction frequency. The identification of this vulnerability is CVE-2026-5233. The attack may be launched remotely. There is no exploit available. It is advisable to upgrade the affected component.
vuldb.com

CVE-2026-6517 | Mattermost Desktop App up to 5.5.13/6.1.x insufficiently protected credentials

VulDB Recent Entries
11 hours 40 minutes ago
A vulnerability was found in Mattermost Desktop App up to 5.5.13/6.1.x. It has been classified as problematic. Affected by this issue is some unknown functionality. This manipulation causes insufficiently protected credentials. This vulnerability is handled as CVE-2026-6517. The attack can be initiated remotely. There is not any exploit available. Upgrading the affected component is recommended.
vuldb.com

Managed ad