Aggregator

The Zed Attack Proxy (ZAP) team has rolled out version 0.3.0 of the OWASP PenTest Kit (PTK) add-on, introducing a transformative workflow upgrade for application security testing. This new release bridges the critical gap between traditional proxy-level scanning and modern client-side execution by mapping in-browser security findings directly into native ZAP alerts. ZAP has traditionally […]

The post New ZAP PTK Add-On Maps Browser Security Findings as Native Alert Into ZAP appeared first on Cyber Security News.

A vulnerability, which was classified as very critical, was found in rauc up to 1.15.1. This affects an unknown function. The manipulation results in unsigned to signed conversion error. This vulnerability is cataloged as CVE-2026-34155. The attack may be launched remotely. There is no exploit available. You should upgrade the affected component.

9 апреля 2026 года компания Ideco проведет вебинар, посвященный выходу новой версии межсетевого экрана Ideco NGFW Novum.

A vulnerability, which was classified as problematic, was found in yhirose cpp-httplib up to 0.39.x. The affected element is an unknown function of the component HTTP Request Handler. Executing a manipulation can lead to http request smuggling. This vulnerability is registered as CVE-2026-34441. It is possible to launch the attack remotely. No exploit is available. You should upgrade the affected component.

A vulnerability described as problematic has been identified in Corosync. This impacts an unknown function of the component UDP Packet Handler. The manipulation results in integer overflow. This vulnerability is known as CVE-2026-35092. It is possible to launch the attack remotely. No exploit is available.

A vulnerability classified as problematic was found in libinput. This vulnerability affects unknown code. Executing a manipulation can lead to expired pointer dereference. This vulnerability is handled as CVE-2026-35094. It is possible to launch the attack on the local host. There is not any exploit available.

A vulnerability, which was classified as critical, has been found in libinput. This issue affects some unknown processing of the component Lua Handler. The manipulation leads to code injection. This vulnerability is uniquely identified as CVE-2026-35093. Local access is required to approach this attack. No exploit exists.

Apple has extended security updates to a wider range of devices still running iOS 18, aiming to protect users from the DarkSword exploit kit. This is not the first time Apple has backported fixes for older devices based on vulnerability severity. Allowing iOS 18 users to receive patches without upgrading to iOS 26, however, signals a shift in its long-standing security approach following the discovery of the DarkSword and Coruna exploit kits. When iOS 26 … More →

The post DarkSword exploit forces Apple to loosen its patching policy appeared first on Help Net Security.

A vulnerability labeled as critical has been found in appsmithorg appsmith up to 1.97. Impacted is the function computeDisallowedHosts of the file app/server/appsmith-interfaces/src/main/java/com/appsmith/util/WebClientUtils.java of the component Dashboard. Such manipulation leads to server-side request forgery. This vulnerability is traded as CVE-2026-5418. The attack may be launched remotely. Furthermore, there is an exploit available. The affected component should be upgraded. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.

A vulnerability identified as critical has been detected in Dataease SQLbot up to 1.6.0. This issue affects the function get_es_data_by_http of the file backend/apps/db/es_engine.py of the component Elasticsearch Handler. This manipulation of the argument address causes server-side request forgery. This vulnerability appears as CVE-2026-5417. The attack may be initiated remotely. In addition, an exploit is available. You should upgrade the affected component. The vendor was contacted early about this disclosure.

Meta has officially alerted approximately 200 WhatsApp users, primarily located in Italy, that their devices were compromised by a weaponized, fraudulent version of the messaging application. This malicious software was distributed through social engineering tactics rather than official app stores, tricking targets into installing a spyware-laden clone. The fraudulent application was designed to mimic the […]

The post WhatsApp Warns Users Targeted by Spyware Attack via Weaponized Version of the App appeared first on Cyber Security News.

Submit #780190 / VDB-354855

Submit #756043 / VDB-354854

关键词数据泄露一、事件概述2026年3月31日，乌克兰亲政府黑客组织UKRAINIAN MILITANT在其T

关键词数据泄露近日，某国发生一起因智能穿戴设备导致的军事机密泄露事件：一名军官在执行任务期间佩戴运动手表跑步，

关键词服务器崩溃4月1日，“王者荣耀崩了”登上热搜。搜索发现，有网友晒出截图称目前已经修复好了。

Cisco has patched several critical and high-severity vulnerabilities, including an Integrated Management Controller (IMC) authentication bypass that enables attackers to gain Admin access. [...]

Что означает новый законопроект — и кого он реально коснётся.

A vulnerability categorized as problematic has been discovered in MB connect line mbCONNECT24 and mymbCONNECT24 up to 2.19.4. This vulnerability affects unknown code of the component Configuration File Handler. The manipulation results in exposure of sensitive system information to an unauthorized control sphere. This vulnerability is reported as CVE-2026-33617. The attack can be launched remotely. No exploit exists.

A vulnerability was found in MB connect line mbCONNECT24 and mymbCONNECT24 up to 2.19.4. It has been rated as critical. This affects an unknown part of the component mb24api Endpoint. The manipulation leads to sql injection. This vulnerability is documented as CVE-2026-33616. The attack can be initiated remotely. There is not any exploit available.