Aggregator

CVE-2026-28354 | MacWarrior clipbucket-v5 up to up to 5.5.2 add_to_collection.php removeItemFromCollection authorization (GHSA-6wf8-rw5f-c9mv / EUVD-2026-9062)

1 month ago

A vulnerability categorized as problematic has been discovered in MacWarrior clipbucket-v5 up to up to 5.5.2. Impacted is the function removeItemFromCollection of the file /actions/add_to_collection.php. Such manipulation leads to authorization bypass. This vulnerability is listed as CVE-2026-28354. The attack may be performed from remote. There is no available exploit. It is advisable to upgrade the affected component.

vuldb.com

Phobos Ransomware admin faces up to 20 years after guilty plea

Security Affairs

1 month ago

Russian national Evgenii Ptitsyn (43) pleaded guilty in the U.S. for his role in the Phobos ransomware operation. Russian national Evgenii Ptitsyn pleaded guilty in the US to wire fraud conspiracy for his role in the Phobos ransomware scheme. The man was arrested in South Korea in 2024 and extradited to the United States. He […]

Pierluigi Paganini

What's Actually in an Anti-Kidnapping Kit and Why High-Risk Individuals Should Care

Dark Web Informer - Cyber Threat Intelligence

1 month ago

What's Actually in an Anti-Kidnapping Kit and Why High-Risk Individuals Should Care

Dark Web Informer

Threat Actors Using Fake Claude Code Download to Deploy Infostealer

Cyber Security News

1 month ago

Cybercriminals have found a new way to target developers and IT professionals by setting up fake download pages that impersonate Claude Code, a legitimate AI coding assistant. These deceptive pages trick users into downloading what appears to be an official installation package, but instead silently deploy an infostealer malware onto the victim’s system. The use […]

The post Threat Actors Using Fake Claude Code Download to Deploy Infostealer appeared first on Cyber Security News.

Tushar Subhra Dutta

WordPress membership plugin bug exploited to create admin accounts

Bleeping Computer.

1 month ago

Hackers are exploiting a critical vulnerability in the User Registration & Membership plugin, which is installed on more than 60,000 WordPress sites. [...]

Bill Toulas

Submit #765096: DefaultFuction Jeson CRM V1.0.0 SQL Injection [Accepted]

Vuldb Submit

1 month ago

Submit #765096 / VDB-349234

Practice

FBI arrests suspect linked to $46M crypto theft from US Marshals

Bleeping Computer.

1 month ago

A U.S. government contractor's son, accused of stealing more than $46 million in cryptocurrency from the U.S. Marshals Service, was arrested Wednesday on the island of Saint Martin. [...]

Sergiu Gatlan

5 Best Next Gen Endpoint Protection Platforms in 2026

Hack Read

1 month ago

Discover the best next-gen endpoint protection platforms in 2026, built to detect modern threats, stop credential abuse, and secure enterprise devices.

Owais Sultan

Brain Cipher

Dark Feed IO

1 month ago

You must login to view this content

cohenido

Handala

Dark Feed IO

1 month ago

You must login to view this content

cohenido

Brain Cipher

Dark Feed IO

1 month ago

You must login to view this content

cohenido

Threat Actors Use New RingH23 Arsenal to Compromise MacCMS and CDN Infrastructure at Scale

Cyber Security News

1 month ago

A cybercriminal group known as Funnull — previously sanctioned by the U.S. Treasury — has returned with a dangerous new toolkit called RingH23, silently compromising CDN nodes and poisoning the MacCMS content management system to redirect millions of users to illegal websites. The campaign marks a significant escalation in Funnull’s capabilities, moving beyond simply hijacking […]

The post Threat Actors Use New RingH23 Arsenal to Compromise MacCMS and CDN Infrastructure at Scale appeared first on Cyber Security News.

Tushar Subhra Dutta

Submit #755341: Wavlink NU516U1 V240425 Stack-based Buffer Overflow [Accepted]

Vuldb Submit

1 month ago

Submit #755341 / VDB-349221

haimianbaobao

Submit #755339: Wavlink NU516U1 V240425 Command Injection [Duplicate]

Vuldb Submit

1 month ago

Submit #755339 / VDB-325131

haimianbaobao

Submit #755033: Wavlink NU516U1 V240425 Stack-based Buffer Overflow [Duplicate]

Vuldb Submit

1 month ago

Submit #755033 / VDB-346174

haimianbaobao

Submit #754671: Wavlink NU516U1 V240425 Stack-based Buffer Overflow [Duplicate]

Vuldb Submit

1 month ago

Submit #754671 / VDB-346172

haimianbaobao

Submit #754668: Wavlink NU516U1 V240425 Command Injection [Accepted]

Vuldb Submit

1 month ago

Submit #754668 / VDB-349220

haimianbaobao

Ukrainian women fleeing war exploited in multimillion-dollar gambling fraud scheme

The Record

1 month ago

A criminal network in Spain exploited dozens of Ukrainian women displaced by Russia’s war to carry out a multimillion-dollar fraud gambling scheme, Europol said Thursday.

Submit #748710: HSC Cybersecurity mailinspector 5.3.2-3 Cross Site Scripting [Accepted]

Vuldb Submit

1 month ago

Submit #748710 / VDB-349219

gabriel

Любой пользователь — админ. Коротко о критической дыре в библиотеке pac4j-jwt

Securitylab.ru

1 month ago

Уязвимость CVE-2026-29000 получила 10 баллов по шкале CVSS.

Aggregator

Managed ad