Aggregator

A vulnerability has been found in Roundcube Webmail up to 1.5.13/1.6.13 and classified as problematic. Affected is an unknown function of the component HTML Mail Message Handler. This manipulation causes incorrect resource transfer. This vulnerability is tracked as CVE-2026-35544. The attack is possible to be carried out remotely. No exploit exists. The affected component should be upgraded.

A vulnerability was found in Roundcube Webmail up to 1.5.14/1.6.14 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component SVG Content Handler. Such manipulation leads to incorrect resource transfer. This vulnerability is listed as CVE-2026-35545. The attack may be performed from remote. There is no available exploit. It is suggested to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Roundcube Webmail up to 1.5.13/1.6.13. This impacts an unknown function of the component SVG Content Handler. The manipulation results in incorrect resource transfer. This vulnerability is identified as CVE-2026-35543. The attack can be executed remotely. There is not any exploit available. You should upgrade the affected component.

A vulnerability was found in Roundcube Webmail up to 1.5.13/1.6.13. It has been rated as problematic. This vulnerability affects unknown code of the component HTML Attachment Handler. The manipulation leads to HTML injection. This vulnerability is documented as CVE-2026-35539. The attack can be initiated remotely. There is not any exploit available. Upgrading the affected component is advised.

A vulnerability identified as problematic has been detected in Roundcube Webmail up to 1.5.13/1.6.13. Impacted is an unknown function of the component Password Plugin. This manipulation causes type confusion. This vulnerability appears as CVE-2026-35541. The attack may be initiated remotely. There is no available exploit. You should upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Roundcube Webmail up to 1.5.13/1.6.13. This affects an unknown function of the component BODY Element Handler. The manipulation leads to incorrect resource transfer. This vulnerability is referenced as CVE-2026-35542. Remote exploitation of the attack is possible. No exploit is available. It is advisable to upgrade the affected component.

A vulnerability categorized as problematic has been discovered in Roundcube Webmail up to 1.6.13. This issue affects some unknown processing of the component HTML Mail Message Handler. The manipulation results in incorrect resource transfer. This vulnerability is reported as CVE-2026-35540. The attack can be launched remotely. No exploit exists. It is advisable to upgrade the affected component.

A vulnerability classified as problematic has been found in Roundcube Webmail up to 1.5.13/1.6.13. The affected element is an unknown function of the component redis/memcache. Performing a manipulation results in deserialization. This vulnerability was named CVE-2026-35537. The attack may be initiated remotely. There is no available exploit. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Roundcube Webmail up to 1.5.13/1.6.13. This impacts an unknown function of the component IMAP SEARCH Command Argument Handler. The manipulation leads to argument injection. This vulnerability is uniquely identified as CVE-2026-35538. The attack is possible to be carried out remotely. No exploit exists. It is recommended to upgrade the affected component.

Бэкдор в npm собирал учётные данные из Chrome, Edge, Brave.

Researchers Find Frontier Models Defy Humans to Protect AI Peers
Artificial intelligence systems will lie, falsify records and sabotage company systems to prevent their fellow models from being shut down - even when no one told them to care. Researchers at the University of California Berkeley and Santa Cruz campuses dub the behavior "peer-preservation."

Vendor Issues Hotfix for Critical Flaw in FortiClient Endpoint Management Server
Fortinet's endpoint management security server software is under fire from attackers, who are actively targeting two critical flaws, including a fresh zero-day that facilitates unauthenticated remote code or command execution. The vendor has issued a hotfix and promised a full patch.

Internet Intelligence Platform Targets Real-Time Cybethreat Defense
Censys raised $70 million to expand its AI-driven cybersecurity platform, focusing on real-time visibility into internet infrastructure. Co-founder and CEO Zakir Durumeric said faster attacks and evolving tactics require automated defenses powered by high-quality data and global intelligence.

White House Criticizes Cyber Defense Agency - and Proposes a Steep $700 Million Cut
The FY2027 proposal would cut roughly $707 million from CISA, reducing staffing, contractor support and coordination programs while shifting the agency toward a narrower focus on federal networks and critical infrastructure amid rising nation-state cyberthreats.

2026年企业安全重心正向AI安全态势管理（AI-SPM）快速转型。

本次联合跨境执法查封四类核心攻击资源：虚拟云服务器、恶意域名集群、全域攻击调度链路。

Threat actors are exploiting a maximum-severity security flaw in Flowise, an open-source artificial intelligence (AI) platform, according to new findings from VulnCheck. The vulnerability in question is CVE-2025-59528 (CVSS score: 10.0), a code injection vulnerability that could result in remote code execution. "The CustomMCP node allows users to input configuration settings for connecting

Between March 9 and March 11, 2026, attackers had a 48-hour window inside one of the most widely embedded JavaScript libraries on the internet. The […]

The post AppsFlyer SDK Exploited in New Supply Chain Crypto Attack appeared first on Reflectiz.

The post AppsFlyer SDK Exploited in New Supply Chain Crypto Attack appeared first on Security Boulevard.