Aggregator

A vulnerability has been found in WWBN AVideo up to 23.x and classified as critical. This impacts an unknown function of the component Memcached Service. This manipulation causes improper authentication. This vulnerability appears as CVE-2026-29093. The attack may be initiated remotely. There is no available exploit. The affected component should be upgraded.

A vulnerability, which was classified as critical, was found in WWBN AVideo up to 23.x. This affects an unknown function of the component ZIP Handler. The manipulation results in unrestricted upload. This vulnerability is reported as CVE-2026-28502. The attack can be launched remotely. No exploit exists. You should upgrade the affected component.

A vulnerability, which was classified as critical, has been found in WWBN AVideo up to 23.x. The impacted element is an unknown function of the file objects/videos.json.php of the component POST Request Handler. The manipulation leads to sql injection. This vulnerability is documented as CVE-2026-28501. The attack can be initiated remotely. There is not any exploit available. It is advisable to upgrade the affected component.

Governments are preparing for 6G, the next generation of mobile networks, placing security and resilience among their top priorities. In response, seven countries participating in the Global Coalition on Telecoms (GCOT) have introduced a set of 6G Security and Resilience Principles, developed with support from industry partners. The coalition brings together the governments of the United Kingdom, the United States, Canada, Japan, and Australia. Sweden and Finland recently joined as new members. Industry partners supporting … More →

The post Western governments lay the groundwork for secure 6G networks appeared first on Help Net Security.

A vulnerability classified as problematic was found in OpenClaw up to 2026.2.13. The affected element is an unknown function of the component Direct Message Handler. Executing a manipulation can lead to incorrect authorization. This vulnerability is registered as CVE-2026-28392. It is possible to launch the attack remotely. No exploit is available. Upgrading the affected component is advised.

A vulnerability classified as critical has been found in OpenReplay up to 1.19.x. Impacted is an unknown function of the file /{projectId}/cards/search. Performing a manipulation of the argument sort.field results in sql injection. This vulnerability is cataloged as CVE-2026-28443. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability described as problematic has been identified in Cloudfoundry UAA up to 78.7.0. This issue affects some unknown processing of the component Token Revocation Endpoint. Such manipulation leads to denial of service. This vulnerability is listed as CVE-2026-22723. The attack may be performed from remote. There is no available exploit.

New CEO John Heyman Says Enterprises Need Tools to Manage Thousands of AI Agents
New OneTrust CEO John Heyman said enterprises rapidly deploying generative AI will soon manage hundreds or thousands of AI agents across their organizations. They must monitor AI agents' data flows and third-party technologies as privacy risk and security oversight increasingly converge.

Also: Trojanized RedAlert App, Tycoon 2FA Takedown, CyberStrikeAI Attacks
This week, Cisco patches and hacks. Trojanized app targeted Israelis. Bye-bye, Tycoon 2FA. Also bye-bye LeakBase. A LexisNexis breach. Woman sentenced for trafficking Microsoft licenses. Silver Dragon targeted governments. Broadcom patch. A Mississippi medical clinic resumed operations.

Compromise Affects Healthcare Clients of Co.'s Revenue Cycle Management Services
Billing services vendor Trizetto Provider Solutions is notifying 3.4 million individuals of a hacking incident discovered in October 2025 that investigators have now determined started nearly a year earlier, when threat actors accessed the company's healthcare clients' insurance related data.

Lawmakers, Industry Warn Supply-Chain Risk Label Sets Dangerous Precedent for Tech
Major tech firms, defense leaders and lawmakers are rallying behind Anthropic as the Pentagon threatens to label the AI developer a supply-chain risk after a dispute over surveillance safeguards, raising fears the move could chill AI investment and reshape government tech contracting.

A CVSS score 8.1 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Jeremy Brown' was reported to the affected vendor on: 2026-03-06, 42 days ago. The vendor is given until 2026-07-04 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 8.1 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Tyler Zars' was reported to the affected vendor on: 2026-03-06, 42 days ago. The vendor is given until 2026-07-04 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 7.2 AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by '0daystolive (Sorcery Ltd)' was reported to the affected vendor on: 2026-03-06, 42 days ago. The vendor is given until 2026-07-04 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

研究人员对APT37 Ruby Jumper活动中使用的恶意软件进行分析，识别出五款恶意工具构成的工具集。

勒索软件并非走向消亡，而是正处于转型适应阶段。

A vulnerability marked as critical has been reported in filebrowser up to 2.61.0. This vulnerability affects unknown code of the component TUS Protocol Endpoint. This manipulation causes incorrect permission assignment. This vulnerability is tracked as CVE-2026-29188. The attack is possible to be carried out remotely. No exploit exists. It is suggested to upgrade the affected component.

A vulnerability labeled as problematic has been found in perfood couch-auth 0.26.0. This affects an unknown part of the component HTTP Host Header Handler. The manipulation results in injection. This vulnerability is identified as CVE-2025-70948. The attack can be executed remotely. There is not any exploit available.

A vulnerability identified as problematic has been detected in plone Products.isurlinportal 2.0.x/3.0.x/3.x. Affected by this issue is some unknown functionality of the file /login. The manipulation of the argument came_from leads to open redirect. This vulnerability is referenced as CVE-2026-28413. Remote exploitation of the attack is possible. No exploit is available. You should upgrade the affected component.

A vulnerability categorized as critical has been discovered in graphprotocol contracts up to 2.x. Affected by this vulnerability is an unknown functionality. Executing a manipulation can lead to improper access controls. The identification of this vulnerability is CVE-2026-28410. The attack may be launched remotely. There is no exploit available. It is advisable to upgrade the affected component.