Aggregator

A vulnerability labeled as problematic has been found in Yokogawa Electric FAST TOOLS up to R10.04. The impacted element is an unknown function of the component SSL/TLS. Executing a manipulation can lead to risky cryptographic algorithm. This vulnerability is handled as CVE-2025-66598. The attack can be executed remotely. There is not any exploit available. The affected component should be upgraded.

A vulnerability described as problematic has been identified in Yokogawa Electric FAST TOOLS up to R10.04. This impacts an unknown function. The manipulation results in cross-site request forgery. This vulnerability was named CVE-2025-66595. The attack may be performed from remote. There is no available exploit. Upgrading the affected component is recommended.

A vulnerability classified as problematic has been found in Wikimedia MediaWiki up to 1.44.0. Affected by this issue is some unknown functionality of the file includes/pager/CodexTablePager.Php. Performing a manipulation results in cross site scripting. This vulnerability is cataloged as CVE-2025-61645. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in GetSimple CMS My SMTP Contact Plugin 1.1.2. It has been rated as problematic. This affects the function htmlspecialchars. This manipulation causes cross site scripting. This vulnerability appears as CVE-2021-47870. The attack may be initiated remotely. In addition, an exploit is available.

Submit #764701 / VDB-349571

Submit #764700 / VDB-349570

Millions installed 'productivity' Chrome extensions that became malware after acquisition. Here's how browser extensions became enterprise security's weakest link.

The post The Chrome Extension Backdoor: How ‘Productivity Tools’ Became Enterprise Attack Vectors appeared first on Security Boulevard.

A vulnerability, which was classified as critical, was found in JeecgBoot up to 3.9.1. Affected is the function isExistSqlInjectKeyword of the file /jeecg-boot/sys/api/getDictItems. Such manipulation leads to sql injection. This vulnerability is listed as CVE-2026-3672. The attack may be performed from remote. In addition, an exploit is available.

A vulnerability, which was classified as problematic, has been found in stellar rs--xdr up to 25.0.0. This impacts the function StringM::from_str. This manipulation causes allocation of resources. This vulnerability is tracked as CVE-2026-29795. The attack is restricted to local execution. No exploit exists. It is advisable to upgrade the affected component.

A vulnerability classified as critical was found in dbt-labs dbt-common up to 1.34.1/1.37.2. This affects the function os.path.commonprefix of the component tarball Handler. The manipulation results in path traversal. This vulnerability is identified as CVE-2026-29790. The attack can be executed remotely. There is not any exploit available. Upgrading the affected component is advised.

Growing AI Investments Push Enterprises to Demand Accountability From Tech Vendors
Companies spent over $300 billion on artificial intelligence last year, yet most initiatives produced little measurable value. As skepticism grows, a new debate is emerging around accountability in enterprise technology contracts and whether vendors should share responsibility for outcomes.

Key Challenges in the Proposed HIPAA Security Rule Update
The HIPAA Security Rule may soon undergo its first major overhaul in decades. Although finalization could come as early as May 2026, timelines remain uncertain as new requirements are grounded in modern cybersecurity practices and frameworks.

Experts Urge Preparedness, Nonstop Vigilance, See Ongoing Risk of Online Reprisals
Seven days into the United States and Israel continuing "major combat operations" against Iran, Tehran continues to respond with kinetic attacks against neighboring countries. While no cyberattacks have emerged, experts see unpredictability and continue to urge caution, monitoring and preparedness.

Also: Anthropic Claude Code Security Impact on AppSec, RSAC Conference Preview
In this week's panel, four ISMG editors discuss the potential cyber spillover from escalating tensions in the Iran-Israel-U.S. conflict, the market disruption sparked by Anthropic's Claude Code Security launch and a preview of RSAC Conference 2026.

OT Experts Weigh In on SP-800 82 Revisions
Now is the moment for U.S. federal guidance on securing OT to plunge deeper into the practicalities of securing systems, an extension into actionable advise that reflects a maturing branch of cybersecurity, several OT security specialists told the national Institute of Standards and Technology.