Aggregator

Submit #761326 / VDB-348276

Connection Hub, AI Content and Global Keynotes on This Year's Agenda
RSAC Conference 2026 will celebrate its 35th anniversary next month with new community spaces, expanded AI programming and a global keynote lineup. From agentic AI and incident response to international leaders and hands-on learning labs, this year's event spotlights the power of community.

Defense Secretary Pete Hegseth Says He Has Designated Anthropic a 'Supply Chain Risk'
The Pentagon is escalating its feud with Anthropic after the company refused to loosen safeguards on its Claude model, threatening classified AI deployments and potentially creating months-long capability gaps across defense and contractor networks.

Former Mandiant Executive Bill Robbins Targets Browser-Based AI Security Growth
New CEO Bill Robbins said Menlo Security will boost growth by focusing on securing agentic AI runtimes through the browser, leveraging its visibility into web sessions to prevent prompt injection, malware and data loss. He also plans to sustain 40% plus revenue growth and drive toward profitability.

Announcement Comes Hours After Trump Blacklists Anthropic
OpenAI said late Friday night it reached an agreement with the U.S. Department of Defense to deploy its large language models onto military classified networks. The announcement came hours after President Donald Trump instructed federal agencies to cease using AI developed by OpenAI rival Anthropic.

A vulnerability was found in Tattile Smart+, Tolling+, Smart+ Speed, Smart+ Traffic Light, Axle Counter, Vega53, Vega33, Vega11, Basic MK2 and ANPR Mobile up to 1.181.5. It has been declared as critical. The impacted element is an unknown function of the component Management Interface. The manipulation results in session expiration. This vulnerability is known as CVE-2026-26342. It is possible to launch the attack remotely. No exploit is available.

A vulnerability was found in Mautic MitigationPlease up to 4.4.18/5.2.9/6.0.7/7.0.0. It has been rated as critical. This affects an unknown function of the component API Endpoint. This manipulation causes sql injection. This vulnerability is handled as CVE-2026-3105. The attack can be initiated remotely. There is not any exploit available. Upgrading the affected component is advised.

A vulnerability identified as problematic has been detected in Devolutions Server up to 2025.3.14. Affected is an unknown function of the component DVLS REST API Endpoint. Performing a manipulation results in information disclosure. This vulnerability was named CVE-2026-3131. The attack may be initiated remotely. There is no available exploit. You should upgrade the affected component.

A vulnerability labeled as critical has been found in Mastodon up to 4.4.13/4.5.6. Affected by this vulnerability is an unknown functionality of the component FASP Feature. Executing a manipulation of the argument EXPERIMENTAL_FEATURES can lead to server-side request forgery. The identification of this vulnerability is CVE-2026-27477. The attack may be launched remotely. There is no exploit available. The affected component should be upgraded.

A vulnerability classified as critical was found in InSAT MasterSCADA BUK-TS. This issue affects some unknown processing of the component Main Web Interface. Such manipulation leads to sql injection. This vulnerability is listed as CVE-2026-21410. The attack may be performed from remote. There is no available exploit.

A vulnerability, which was classified as critical, has been found in InSAT MasterSCADA BUK-TS. Impacted is an unknown function of the component MMadmServ Web Interface. Performing a manipulation results in os command injection. This vulnerability is cataloged as CVE-2026-22553. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in gofiber fiber up to 2.52.11/3.0.x. This affects an unknown function of the component Registration Handler. The manipulation leads to improper validation of array index. This vulnerability is listed as CVE-2026-25882. The attack may be initiated remotely. There is no available exploit. It is advisable to upgrade the affected component.

A vulnerability, which was classified as critical, was found in gofiber fiber up to 3.0.x on Windows. This impacts an unknown function. The manipulation results in path traversal. This vulnerability is cataloged as CVE-2026-25891. The attack may be launched remotely. There is no exploit available. You should upgrade the affected component.

A vulnerability described as critical has been identified in Hitachi Ops Center API Configuration Manager, Configuration Manager and Device Manager. The affected element is an unknown function. Executing a manipulation can lead to sensitive information in log files. This vulnerability is handled as CVE-2025-5781. It is possible to launch the attack on the local host. There is not any exploit available. Upgrading the affected component is recommended.

A vulnerability has been found in GetSimpleCMS Community Edition up to 3.3.16/3.3.21 and classified as problematic. Affected by this vulnerability is the function safe_slash_html of the file components.php. Performing a manipulation of the argument slug results in cross site scripting. This vulnerability is identified as CVE-2026-26351. The attack can be initiated remotely. There is not any exploit available. The affected component should be upgraded.

A vulnerability was found in parse-community parse-dashboard up to 9.0.0-alpha.7. It has been classified as critical. This affects an unknown part of the file /apps/. The manipulation leads to missing authorization. This vulnerability is listed as CVE-2026-27608. The attack may be initiated remotely. There is no available exploit. Upgrading the affected component is recommended.

A vulnerability classified as problematic has been found in parse-community parse-dashboard up to 9.0.0-alpha.7. Affected is an unknown function of the file /apps/. This manipulation causes cross-site request forgery. This vulnerability is handled as CVE-2026-27609. The attack can be initiated remotely. There is not any exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in CyberArk Endpoint Privilege Manager Agent up to 25.11 and classified as critical. This issue affects some unknown processing. The manipulation results in improper authorization. This vulnerability is identified as CVE-2026-2914. The attack is only possible with local access. There is not any exploit available. It is suggested to upgrade the affected component.

A vulnerability was found in parse-community parse-dashboard up to 9.0.0-alpha.7 and classified as critical. Affected by this issue is some unknown functionality of the file /apps/. Executing a manipulation can lead to missing authentication. This vulnerability is tracked as CVE-2026-27595. The attack can be launched remotely. No exploit exists. It is suggested to upgrade the affected component.