Aggregator

A vulnerability has been found in E2Pdf Plugin up to 1.28.15 on WordPress and classified as critical. This vulnerability affects unknown code. The manipulation leads to missing authorization. This vulnerability is traded as CVE-2026-32442. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability has been found in webaways NEX-Forms Plugin up to 9.1.9 on WordPress and classified as critical. This affects the function deactivate_license. This manipulation causes missing authorization. This vulnerability is tracked as CVE-2026-1948. The attack is possible to be carried out remotely. No exploit exists.

A vulnerability was found in Wavlink WL-WN579A3 220323. It has been classified as critical. This issue affects the function SetName/GuestWifi of the file /cgi-bin/wireless.cgi of the component POST Request Handler. Performing a manipulation results in command injection. This vulnerability is cataloged as CVE-2026-4163. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. Upgrading the affected component is recommended.

INTERPOL dismantled 45,000 malicious IPs and servers and arrested 94 suspects in a global cybercrime operation. INTERPOL announced a global cybercrime operation (codenamed Operation Synergia III) involving 72 countries that dismantled 45,000 malicious IP addresses and servers linked to phishing, malware, and ransomware. The international law enforcement operation led to 94 arrests, 110 ongoing investigations, […]

Submit #765328 / VDB-351070

Submit #765327 / VDB-351070

JFrog security researchers Guy Korolevski and Meitar Palas uncovered a sophisticated supply chain attack on the npm ecosystem on March 12, 2026, in which threat actors disguised an information-stealing malware as a legitimate Roblox script executor. The campaign, self-named Cipher stealer, used two malicious packages bluelite-bot-manager and test-logsmodule-v-zisko, to deliver a Windows executable capable of harvesting Discord credentials, […]

The post Malicious npm Packages Posing as Solara Executor Target Discord, Browsers, and Crypto Wallets appeared first on Cyber Security News.

Спецслужбы вскрыли схемы, которые годами пользовались огромным спросом у хакеров.

重要的还是能和工作场景打通。

In a major escalation of supply chain attacks, the GlassWorm malware campaign has evolved to infect developer environments using transitive dependencies. On March 13, 2026, the Socket Research Team reported identifying at least 72 new malicious Open VSX extensions linked to this campaign. Instead of placing the malicious payload directly into an initial extension, threat […]

The post GlassWorm Campaign Uses 72 Malicious Open VSX Extensions to Broaden Reach appeared first on Cyber Security News.

Bug Bounty Reconnaissance Framework The Bug Bounty Reconnaissance Framework (BBRF) can be used to coordinate your reconnaissance workflows

The post Bug Bounty Reconnaissance Framework: help you coordinate your reconnaissance workflows across multiple devices appeared first on Penetration Testing Tools.

According to a report promulgated by IBM, ransomware syndicates have commenced experimenting with artificial intelligence. Specialists have unearthed

The post Sloppy but Swift: How Hive0163’s AI-Generated “Slopoly” Malware is Reshaping Ransomware appeared first on Penetration Testing Tools.

An enigmatic foreign hacker successfully infiltrated a United States Federal Bureau of Investigation server, gaining access to sensitive

The post The Epstein Files Breach: How an FBI “Human Error” Let a Hacker Into the Vault appeared first on Penetration Testing Tools.

The Sednit collective, renowned for a series of high-profile cyber-espionage incursions in preceding years, has once again resurfaced,

The post Echoes of Xagent: How the Sednit Collective is Weaponizing Legacy Code for 2026 Espionage appeared first on Penetration Testing Tools.

A diverse array of nascent Android malware lineages has emerged, aggressively pursuing user financial assets, banking applications, and

The post The Silent Hijack: How AI-Powered Android Trojans Are Intercepting Real-Time Payments appeared first on Penetration Testing Tools.

Security vanguards at SonicWall have unmasked a nascent campaign disseminating the VioletRAT malware. This offensive orchestrates a multi-tiered

The post The Invisible Thread: Inside the Multi-Stage Python Injection Powering VioletRAT appeared first on Penetration Testing Tools.

The workday at the Irish headquarters of medical equipment titan Stryker culminated with jarring abruptness. Over 5,000 employees

The post The Kill Switch: How Handala Hacked Microsoft Intune to Wipe 200,000 Stryker Devices appeared first on Penetration Testing Tools.

Стратегическая отрасль России оказалась под беспрецедентным ударом.

A vulnerability has been found in PHPEMS 11.0 and classified as problematic. The affected element is an unknown function of the file /index.php?ask=app-ask. Performing a manipulation of the argument askcontent results in cross site scripting. This vulnerability is reported as CVE-2026-3946. The attack is possible to be carried out remotely. Moreover, an exploit is present.

A vulnerability identified as critical has been detected in Forcepoint NGFW Engine up to 6.10.19/7.1.10/7.2.4/7.3.0. This affects an unknown part. The manipulation leads to execution with unnecessary privileges. This vulnerability is traded as CVE-2025-12690. An attack has to be approached locally. There is no exploit available.