Aggregator

Submit #759597 / VDB-347676

Submit #759595 / VDB-347675

Submit #759594 / VDB-347674

Submit #759589 / VDB-347673

Submit #759587 / VDB-347672

Submit #759546 / VDB-347671

Submit #758932 / VDB-347670

Wynn Resorts has confirmed that a hacker stole employee data from its systems after the company was listed on the ShinyHunters extortion gang's data leak site. [...]

A newly identified cybercrime service known as 1Campaign is enabling threat actors to run malicious Google Ads that remain online for extended periods while evading scrutiny from security researchers. [...]

Additionally, the U.S. Treasury sanctioned the Russian zero-day brokerage that Peter Williams sold the exploits to.

The post Ex-L3Harris executive sentenced to 87 months in prison for selling zero-day exploits to Russian broker appeared first on CyberScoop.

A vulnerability was found in Claris FileMaker Server up to 21.1.6/22.0.3. It has been declared as problematic. This affects an unknown part. Executing a manipulation can lead to cross site scripting. This vulnerability appears as CVE-2025-46320. The attack may be performed from remote. There is no available exploit. It is recommended to upgrade the affected component.

A vulnerability was found in Dell Wyse Management Suite up to 5.4. It has been classified as problematic. Affected by this issue is some unknown functionality. Performing a manipulation results in cross site scripting. This vulnerability is reported as CVE-2026-23858. The attack is possible to be carried out remotely. No exploit exists. Upgrading the affected component is recommended.

The Treasury Department sanctioned a Russian national and his company for allegedly acquiring eight proprietary cyber tools that were stolen from the defense contractor L3Harris and sold to "unauthorized" customers.

A vulnerability was found in bytecodealliance wasmtime up to 40.0.3/41.0.3 and classified as problematic. Affected by this vulnerability is an unknown functionality. Such manipulation leads to handling of exceptional conditions. This vulnerability is documented as CVE-2026-27195. The attack can be executed remotely. There is not any exploit available. It is suggested to upgrade the affected component.

A vulnerability has been found in gofiber fiber up to 3.0.x and classified as problematic. Affected is an unknown function. This manipulation of the argument fiber_flash causes uncontrolled memory allocation. This vulnerability is registered as CVE-2026-25899. Remote exploitation of the attack is possible. No exploit is available. The affected component should be upgraded.

A vulnerability, which was classified as critical, was found in gofiber fiber up to 3.0.x on Windows. This impacts an unknown function. The manipulation results in path traversal. This vulnerability is cataloged as CVE-2026-25891. The attack may be launched remotely. There is no exploit available. You should upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in gofiber fiber up to 2.52.11/3.0.x. This affects an unknown function of the component Registration Handler. The manipulation leads to improper validation of array index. This vulnerability is listed as CVE-2026-25882. The attack may be initiated remotely. There is no available exploit. It is advisable to upgrade the affected component.

A vulnerability classified as critical was found in Netikus EventSentry up to 6.0.1.20. The impacted element is an unknown function of the component Web Reports Interface. Executing a manipulation can lead to unverified password change. This vulnerability is tracked as CVE-2026-24443. The attack can be launched remotely. No exploit exists. Upgrading the affected component is advised.

A vulnerability classified as problematic has been found in Dell Wyse Management Suite up to 5.4. The affected element is an unknown function. Performing a manipulation results in client-side enforcement of server-side security. This vulnerability is identified as CVE-2026-23859. The attack can be initiated remotely. There is not any exploit available. It is recommended to upgrade the affected component.

Credential misuse, AI tools, and security blind spots help attackers move through breached networks faster than ever, CrowdStrike finds.