Aggregator

Threat actors target nonprofits due to security gaps and highly coveted information, but a lack of sufficient data makes it difficult to grasp the entire picture.

Двойная игра принесла миллионы и закончилась встречей со спецслужбами.

A suspected China-based cyber espionage operation has targeted Southeast Asian military organizations as part of a state-sponsored campaign that dates back to at least 2020. Palo Alto Networks Unit 42 is tracking the threat activity under the moniker CL-STA-1087, where CL refers to cluster, and STA stands for state-backed motivation. "The activity demonstrated strategic operational patience and

A vulnerability marked as problematic has been reported in hexpm hex.pm. This vulnerability affects unknown code. Performing a manipulation results in resource consumption. This vulnerability is identified as CVE-2026-23940. The attack can be initiated remotely. There is not any exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability labeled as critical has been found in TP-Link SG2008P 3.2x, SG2008P 3.3x, SX3016F 1.3x, SX3016F 1.2x, SG3428 2.4x, SG3428XMP 3.3x, SG3428X 1.4x, SG3428XF 1.3x, SG3452P 3.4x, SG3428MP 6.3x, SG2218P 2.2x, SG2016P 1.3x, SG3452XP 2.3x, SG3428XMPP 1.2x, SG3452X 1.3x, SG2008 4.3x, SG3210 3.3x, SG2210MP 5.2x, SG2210P 5.3x, SG2218 1.3x, SG3452 1.3x, SG3210X-M2 1.2x, SG2210XMP-M2 1.x, SG2008 4.2x, SG2218P 1.2x, SG3210 3.2x, SG3428X-M2 1.2x, SX3832MPP 1.x, SG2218 1.2x, SX3832 1.x, SG2428LP 1.x, SL2428P 6.2x, SG3218XP-M2 1.x, SG3210XHP-M2 3.x, SG2218P 2.x, SG3210X-M2 1.x, SG2428P 5.3x, SG2210MP 4.2x, SG3452P 3.3x, SG3452 1.2x, SG2452LP 1.x, SX3032F 1.x, SG3452X 1.2x, SG3452XMPP 1.x, SG3428XPP-M2 1.2x, TL-SG3452P 3.0, SG2428P 5.2x, SG2210MP 5.x, SG2005P-PD 1.x, SG2016P 1.2x, SG3452XP 2.2x, SG3428XMP 3.2x, SG3428X 1.3x, SG3428XF 1.2x, SG3428MP 6.2x, TL-SG3428MP 5.x, SG3428 2.3x, SG3428XMPP 1.x, TL-SG2428P 4.x, SG2210P 5.2x, SX3008F 1.2x and SX3206HPP 1.20. This affects an unknown part of the component Web Interface. Such manipulation leads to improper input validation. This vulnerability is referenced as CVE-2026-1668. The attack needs to be initiated within the local network. No exploit is available.

Sightline Security's founder and advisory board discuss how cybersecurity poses significant problems for nonprofits and suggest ways the industry can help.

Poland's National Centre for Nuclear Research (NCBJ) says hackers targeted its IT infrastructure, but the attack was detected and blocked before causing any impact. [...]

Meta has announced plans to discontinue support for end-to-end encryption (E2EE) for chats on Instagram after May 8, 2026. "If you have chats that are impacted by this change, you will see instructions on how you can download any media or messages you may want to keep," the social media giant said in a help document. "If you're on an older version of Instagram, you may also need to update the

Каждый шестой пострадавший от утечки Quittr оказался несовершеннолетним.

​Microsoft is investigating several issues causing email synchronization and connection problems when using the classic Outlook desktop client. [...]

Сервисы оплаты парковок в Перми не будут работать до 16 марта.

The Council said in a press release that it has added a new provision in the AI Act “prohibiting AI practices regarding the generation of non-consensual sexual and intimate content or child sexual abuse material.”

Alleged Breach of Therapeutes Exposes 71,500 Patient Records and 199,000 Therapy Appointments From French Mental Health Platform

A vulnerability identified as problematic has been detected in JetBrains Datalore up to 2026.0. Affected by this issue is some unknown functionality of the component Cookie Setting Handler. This manipulation causes sensitive cookie without secure attribute. The identification of this vulnerability is CVE-2026-32745. The attack needs to be done within the local network. There is no exploit available. You should upgrade the affected component.

A vulnerability categorized as critical has been discovered in nyariv SandboxJS up to 0.8.33. Affected by this vulnerability is an unknown functionality. The manipulation results in code injection. This vulnerability was named CVE-2026-26954. The attack may be performed from remote. There is no available exploit. It is advisable to upgrade the affected component.

A vulnerability was found in Google Clasp up to 3.1.x. It has been rated as critical. Affected is an unknown function of the component Filenames Handler. The manipulation leads to path traversal. This vulnerability is uniquely identified as CVE-2026-4092. The attack is possible to be carried out remotely. No exploit exists. Upgrading the affected component is advised.

A new law enforcement operation against phishing and ransomware operators led to the takedown of 45,000 malicious IP addresses