CyberToufan Updates Leaked Data Assets from Israeli Financial Firm
You must login to view this content
Aggregator
CVE-2026-27517 | Binardat 10G08-0800GSM Network Switch up to V300SP10260209 Web Interface cross site scripting
3 months 2 weeks ago
A vulnerability described as problematic has been identified in Binardat 10G08-0800GSM Network Switch up to V300SP10260209. This issue affects some unknown processing of the component Web Interface. The manipulation results in cross site scripting.
This vulnerability is cataloged as CVE-2026-27517. The attack may be launched remotely. There is no exploit available.
vuldb.com
CVE-2026-27516 | Binardat 10G08-0800GSM Network Switch up to V300SP10260209 Administrative Interface insertion of sensitive information into sent data
3 months 2 weeks ago
A vulnerability marked as critical has been reported in Binardat 10G08-0800GSM Network Switch up to V300SP10260209. This vulnerability affects unknown code of the component Administrative Interface. The manipulation leads to insertion of sensitive information into sent data.
This vulnerability is listed as CVE-2026-27516. The attack may be initiated remotely. There is no available exploit.
vuldb.com
CVE-2026-27515 | Binardat 10G08-0800GSM Network Switch up to V300SP10260209 Web Management Interface random values
3 months 2 weeks ago
A vulnerability labeled as problematic has been found in Binardat 10G08-0800GSM Network Switch up to V300SP10260209. This affects an unknown part of the component Web Management Interface. Executing a manipulation can lead to insufficiently random values.
This vulnerability is tracked as CVE-2026-27515. The attack can be launched remotely. No exploit exists.
The affected component should be upgraded.
vuldb.com
CVE-2026-27507 | Binardat 10G08-0800GSM Network Switch up to V300SP10260209 hard-coded credentials
3 months 2 weeks ago
A vulnerability identified as critical has been detected in Binardat 10G08-0800GSM Network Switch up to V300SP10260209. Affected by this issue is some unknown functionality. Performing a manipulation results in hard-coded credentials.
This vulnerability is identified as CVE-2026-27507. The attack can be initiated remotely. There is not any exploit available.
vuldb.com
CVE-2026-23678 | Binardat 10G08-0800GSM Network Switch up to V300SP10260209 Web Management Interface Hostname os command injection
3 months 2 weeks ago
A vulnerability categorized as critical has been discovered in Binardat 10G08-0800GSM Network Switch up to V300SP10260209. Affected by this vulnerability is an unknown functionality of the component Web Management Interface. Such manipulation of the argument Hostname leads to os command injection.
This vulnerability is referenced as CVE-2026-23678. It is possible to launch the attack remotely. No exploit is available.
vuldb.com
CVE-2025-67445 | Totolink X5000R 9.1.0cu.2415_B20250515 Web Interface /cgi-bin/cstecgi.cgi CONTENT_LENGTH memory corruption
3 months 2 weeks ago
A vulnerability was found in Totolink X5000R 9.1.0cu.2415_B20250515. It has been rated as critical. Affected is an unknown function of the file /cgi-bin/cstecgi.cgi of the component Web Interface. This manipulation of the argument CONTENT_LENGTH causes memory corruption.
The identification of this vulnerability is CVE-2025-67445. It is possible to initiate the attack remotely. There is no exploit available.
vuldb.com
CVE-2025-63409 | GCOM EPON 1GE C00R371V00B01 Setting access control
3 months 2 weeks ago
A vulnerability was found in GCOM EPON 1GE C00R371V00B01. It has been declared as critical. This impacts an unknown function of the component Setting Handler. The manipulation results in improper access controls.
This vulnerability was named CVE-2025-63409. The attack may be performed from remote. There is no available exploit.
vuldb.com
Accelerating Enterprise Observability Maturity in 2026
3 months 2 weeks ago
Maturity Improves as Organizations Navigate Cost Pressure, Business Expectations
Enterprise observability has shifted from experimental tooling to critical infrastructure, with 60% of organizations now at mature levels. But cost surprises, business expectations and gaps in business-impact reporting threaten value realization as leaders push for measurable business outcomes.
Enterprise observability has shifted from experimental tooling to critical infrastructure, with 60% of organizations now at mature levels. But cost surprises, business expectations and gaps in business-impact reporting threaten value realization as leaders push for measurable business outcomes.
How Generative AI and OpenTelemetry Transform Observability
3 months 2 weeks ago
Gen AI Nears 98% Adoption as OTel Gains Ground in Production
From automated correlation to agentic AI that investigates and remediates incidents, observability is entering a new phase. With generative AI adoption accelerating and OpenTelemetry gaining production ground, integrated intelligence is becoming table stakes.
From automated correlation to agentic AI that investigates and remediates incidents, observability is entering a new phase. With generative AI adoption accelerating and OpenTelemetry gaining production ground, integrated intelligence is becoming table stakes.
North Korean Hackers Continue to Target US Healthcare
3 months 2 weeks ago
Report: Lazarus Group Pivoting to Medusa Ransomware for Extortion Attacks
North Korean-state backed Lazarus Group hackers are using Medusa ransomware in extortion attacks on U.S. healthcare entities despite a 2024 U.S. indictment of Rim Jong Hyok, an alleged member of the Lazarus subgroup Stonefly, according to a new threat intelligence report.
North Korean-state backed Lazarus Group hackers are using Medusa ransomware in extortion attacks on U.S. healthcare entities despite a 2024 U.S. indictment of Rim Jong Hyok, an alleged member of the Lazarus subgroup Stonefly, according to a new threat intelligence report.
NDSS 2025 – RadSee: See Your Handwriting Through Walls Using FMCW Rada
3 months 2 weeks ago
Authors, Creators & Presenters: Shichen Zhang (Michigan State University), Qijun Wang (Michigan State University), Maolin Gan (Michigan State University), Zhichao Cao (Michigan State University), Huacheng Zeng (Michigan State University)
PAPER
RadSee: See Your Handwriting Through Walls Using FMCW Radar
This paper aims to design and implement a radio device capable of detecting a person's handwriting through a wall. Although there is extensive research on radio frequency (RF) based human activity recognition, this task is particularly challenging due to the through-wall requirement and the tiny-scale handwriting movements. To address these challenges, we present RadSee---a 6 GHz frequency modulated continuous wave (FMCW) radar system designed for detecting handwriting content behind a wall. RadSee is realized through a joint hardware and software design. On the hardware side, RadSee features a 6 GHz FMCW radar device equipped with two custom-designed, high-gain patch antennas. These two antennas provide a sufficient link power budget, allowing RadSee to "see'' through most walls with a small transmission power. On the software side, RadSee extracts effective phase features corresponding to the writer's hand movements and employs a bidirectional LSTM (BiLSTM) model with an attention mechanism to classify handwriting letters. As a result, RadSee can detect millimeter-level handwriting movements and recognize most letters based on their unique phase patterns. Additionally, it is resilient to interference from other moving objects and in-band radio devices. We have built a prototype of RadSee and evaluated its performance in various scenarios. Extensive experimental results demonstrate that RadSee achieves 75% letter recognition accuracy when victims write 62 random letters, and 87% word recognition accuracy when they write articles.
ABOUT NDSS
The Network and Distributed System Security Symposium (NDSS) fosters information exchange among researchers and practitioners of network and distributed system security. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on actual system design and implementation. A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of available security technologies.
Our thanks to the Network and Distributed System Security (NDSS) Symposium for publishing their Creators, Authors and Presenter’s superb NDSS Symposium 2025 Conference content on the Organizations' YouTube Channel.
The post NDSS 2025 – RadSee: See Your Handwriting Through Walls Using FMCW Rada appeared first on Security Boulevard.
Marc Handelman
CVE-2025-69985 | FUXA up to 1.2.8 server/api/jwt-helper.js improper authentication
3 months 2 weeks ago
A vulnerability was found in FUXA up to 1.2.8. It has been classified as critical. This affects an unknown function of the file server/api/jwt-helper.js. The manipulation leads to improper authentication.
This vulnerability is uniquely identified as CVE-2025-69985. The attack is possible to be carried out remotely. No exploit exists.
vuldb.com
CVE-2026-27568 | WWBN AVideo up to 20.x Markdown cross site scripting (GHSA-rcqw-6466-3mv7)
3 months 2 weeks ago
A vulnerability was found in WWBN AVideo up to 20.x and classified as problematic. The impacted element is an unknown function of the component Markdown Handler. Executing a manipulation can lead to cross site scripting.
This vulnerability is handled as CVE-2026-27568. The attack can be executed remotely. There is not any exploit available.
It is suggested to upgrade the affected component.
vuldb.com
Malicious OpenClaw Skills Used to Trick Users into Manual Password Entry for AMOS Infection
3 months 2 weeks ago
Atomic macOS Stealer (AMOS), a well-known data-theft malware, has taken a sharp turn in how it reaches victims. Instead of hiding inside cracked software downloads as it once did, threat actors now embed it within malicious OpenClaw skills — small add-on packages that extend AI agent capabilities on platforms like OpenClaw. AMOS operates as a […]
The post Malicious OpenClaw Skills Used to Trick Users into Manual Password Entry for AMOS Infection appeared first on Cyber Security News.
Tushar Subhra Dutta
CVE-2026-27732 | WWBN AVideo up to 21.x API Endpoint aVideoEncoder.json.php downloadURL server-side request forgery (GHSA-h39h-7cvg-q7j6)
3 months 2 weeks ago
A vulnerability has been found in WWBN AVideo up to 21.x and classified as critical. The affected element is an unknown function of the file aVideoEncoder.json.php of the component API Endpoint. Performing a manipulation of the argument downloadURL results in server-side request forgery.
This vulnerability is known as CVE-2026-27732. Remote exploitation of the attack is possible. No exploit is available.
The affected component should be upgraded.
vuldb.com
SecWiki News 2026-02-24 Review
3 months 2 weeks ago
今日暂未更新资讯~
更多最新文章,请访问SecWiki
更多最新文章,请访问SecWiki
OAuth security guide: Flows, vulnerabilities and best practices
3 months 2 weeks ago
OAuth is a commonly used authorisation framework, that allows websites and web applications to request limited access to a user’s account on another application. Users can grant this limited access to their account, without ever needing to expose their password with the requesting website or application. This is commonly seen with sites that allow you…
The post OAuth security guide: Flows, vulnerabilities and best practices appeared first on Sentrium Security.
The post OAuth security guide: Flows, vulnerabilities and best practices appeared first on Security Boulevard.
Phil Condon
AtomSilo Ransomware Returns with New Infrastructure
3 months 2 weeks ago
You must login to view this content
cohenido
Reddit, porn sites fined by UK regulators over children’s safety and privacy
3 months 2 weeks ago
Ofcom and the Information Commissioner's Office respectively fined a US porn company and Reddit for failing to protect children online.
The post Reddit, porn sites fined by UK regulators over children’s safety and privacy appeared first on Security Boulevard.
Malwarebytes