Охранник моргнул — враг уже на базе. Заснул на 5 минут — и объект взорван. Дроны с ИИ не моргают и не спят
Mobix Labs признаёт, что человеческое внимание не бесконечно. И предлагает решение.
Aggregator
Zoom security advisory (AV26-231)
1 week 1 day ago
Canadian Centre for Cyber Security
Alleged Breach of Austrian Trailer Manufacturer HB Brantner With Customer Data, NDAs, and Confidential Drawings Exfiltrated
1 week 1 day ago
@import url('https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.5.1/css/all.min.css');
html {
margin: 0;
padding: 0;
width: 100%;
overflow-x: hidden;
}
* {
margin: 0;
padding: 0;
box-sizing: border-box;
}
body {
font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', 'Roboto', 'Oxygen', 'Ubuntu', 'Cantarell', sans-serif;
background: var(--color-background-primary, #0a0e14);
color: var(--color-text-primary, #c9d1d9)
Dark Web Informer
GitHub security advisory (AV26-230)
1 week 1 day ago
Canadian Centre for Cyber Security
Rust-Based VENON Malware Targets 33 Brazilian Banks with Credential-Stealing Overlays
1 week 1 day ago
Cybersecurity researchers have disclosed details of a new banking malware targeting Brazilian users that's written in Rust, marking a significant departure from other known Delphi-based malware families associated with the Latin American cybercrime ecosystem.
The malware, which is designed to infect Windows systems and was first discovered last month, has been codenamed VENON by Brazilian
The Hacker News
CVE-2026-28793 | tinacms up to 2.1.7 Endpoint path traversal (GHSA-2f24-mg4x-534q / EUVD-2026-11613)
1 week 1 day ago
A vulnerability marked as critical has been reported in tinacms up to 2.1.7. Affected by this issue is some unknown functionality of the component Endpoint. This manipulation causes path traversal.
This vulnerability is registered as CVE-2026-28793. The attack needs to be launched locally. No exploit is available.
It is suggested to upgrade the affected component.
vuldb.com
CVE-2026-29066 | tinacms up to 2.1.7 file access (GHSA-m48g-4wr2-j2h6 / EUVD-2026-11615)
1 week 1 day ago
A vulnerability labeled as problematic has been found in tinacms up to 2.1.7. Affected by this vulnerability is an unknown functionality. The manipulation results in files or directories accessible.
This vulnerability is cataloged as CVE-2026-29066. The attack must be initiated from a local position. There is no exploit available.
The affected component should be upgraded.
vuldb.com
CVE-2026-28791 | tinacms up to 2.1.6 media.ts join path traversal (GHSA-5hxf-c7j4-279c)
1 week 1 day ago
A vulnerability identified as critical has been detected in tinacms up to 2.1.6. Affected is the function join of the file media.ts. The manipulation leads to path traversal.
This vulnerability is listed as CVE-2026-28791. The attack may be initiated remotely. There is no available exploit.
You should upgrade the affected component.
vuldb.com
CVE-2026-28792 | tinacms up to 2.1.7 path traversal (GHSA-8pw3-9m7f-q734 / EUVD-2026-11611)
1 week 1 day ago
A vulnerability categorized as critical has been discovered in tinacms up to 2.1.7. This impacts an unknown function. Executing a manipulation can lead to path traversal.
This vulnerability is tracked as CVE-2026-28792. The attack can be launched remotely. No exploit exists.
It is advisable to upgrade the affected component.
vuldb.com
CVE-2026-31841 | Hyperterse up to 2.1.x unparsed raw web content delivery (GHSA-92gp-jfgx-9qpv)
1 week 1 day ago
A vulnerability was found in Hyperterse up to 2.1.x. It has been rated as critical. This affects an unknown function. Performing a manipulation results in unparsed raw web content delivery.
This vulnerability is identified as CVE-2026-31841. The attack can be initiated remotely. There is not any exploit available.
Upgrading the affected component is advised.
vuldb.com
CVE-2026-21887 | OpenCTI up to 6.8.15 server-side request forgery (GHSA-ffm6-vvph-g5f5)
1 week 1 day ago
A vulnerability was found in OpenCTI up to 6.8.15. It has been declared as critical. The impacted element is an unknown function. Such manipulation leads to server-side request forgery.
This vulnerability is referenced as CVE-2026-21887. It is possible to launch the attack remotely. No exploit is available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2026-28356 | defnull multipart up to 1.2.1/1.3.0 multipart.py parse_options_header redos (GHSA-p2m9-wcp5-6qw3)
1 week 1 day ago
A vulnerability was found in defnull multipart up to 1.2.1/1.3.0. It has been classified as problematic. The affected element is the function parse_options_header of the file multipart.py. This manipulation causes inefficient regular expression complexity.
The identification of this vulnerability is CVE-2026-28356. It is possible to initiate the attack remotely. There is no exploit available.
Upgrading the affected component is recommended.
vuldb.com
“Handala Hack” – Unveiling Group’s Modus Operandi
1 week 1 day ago
Key Findings Introduction Handala Hack, also tracked by Check Point Research as Void Manticore, is an Iranian threat actor that is known for multiple destructive wiping attacks combined with “hack and leak” operations. The threat actor operates several online personas, with the most prominent among them being Homeland Justice, maintained from mid-2022 specifically for multiple attacks […]
The post “Handala Hack” – Unveiling Group’s Modus Operandi appeared first on Check Point Research.
matthewsu
CVE-2026-21672 | Veeam Backup and Recovery up to 12.3.1/13.0.0 on Windows Local Privilege Escalation (kb4831 / WID-SEC-2026-0709)
1 week 1 day ago
A vulnerability was found in Veeam Backup and Recovery up to 12.3.1/13.0.0 on Windows and classified as critical. Impacted is an unknown function. The manipulation results in Local Privilege Escalation.
This vulnerability was named CVE-2026-21672. The attack needs to be approached locally. There is no available exploit.
It is suggested to upgrade the affected component.
vuldb.com
Легендарный DR-DOS вернулся: версия 9.0 написана с нуля на чистом ассемблере
1 week 1 day ago
Новый DR-DOS работает только на процессорах 386 и выше.
Hackers Use Cloudflare Human Check to Hide Microsoft 365 Phishing Pages
1 week 1 day ago
Scammers are hijacking popular security tools like Cloudflare to hide fake Microsoft 365 login pages. Learn how this new invisible phishing campaign bypasses antivirus software and how you can stay safe.
Deeba Ahmed
CipherForce
1 week 1 day ago
You must login to view this content
cohenido
Destructive Activity Targeting Stryker Highlights Emerging Supply Chain Risks
1 week 1 day ago
On March 11th, medical technology company Stryker disclosed that a cyberattack had disrupted portions of its global network infrastructure, affecting Microsoft systems used across the organization.
The post Destructive Activity Targeting Stryker Highlights Emerging Supply Chain Risks appeared first on Flashpoint.
The post Destructive Activity Targeting Stryker Highlights Emerging Supply Chain Risks appeared first on Security Boulevard.
Flashpoint
APT73
1 week 1 day ago
You must login to view this content
cohenido
Delinea's StrongDM Acquisition Highlights the Changing Role of PAM
1 week 1 day ago
StrongDM, which injects ephemeral, real-time credentials into developer workflows, will enable Delinea to offer privilege access management across cloud, SaaS, Kubernetes, and database environments.
Jeffrey Schwartz