On Thursday, dozens of students took to social media to say they saw a message from a cybercriminal group as they navigated through Canvas, an educational platform created by Instructure that hosts teaching materials, tests, readings and more.
A threat actor is selling a 243 million record dataset attributed to credilink.com.br, described in the post as a Brazilian credit information and risk analysis provider serving financial institutions and retailers.
A threat actor claims to have leaked a database from LDLC, a major French retailer of computers, components, smartphones, and gaming/audio/TV equipment, releasing 1,504,635 records for free under the hashtag #freebreach3d.
Cybersecurity researchers have discovered fraudulent apps on the official Google Play Store for Android that falsely claimed to offer access to call histories for any phone number, only to trick users into joining a subscription that provided fake data and incurred financial loss.
The 28 apps have collectively racked up more than 7.3 million downloads, with one of them alone accounting for over
A threat actor is advertising what they describe as a US banking / premium credit client dataset tied to communitychoicecu.com, releasing a 1M+ record sample with full card numbers, names, issuing banks, and addresses.
A vulnerability marked as critical has been reported in mauriciopoppe math-codegen up to 0.4.2. The impacted element is the function cg.parse of the component Mathematical Expression Handler. This manipulation causes code injection.
The identification of this vulnerability is CVE-2026-41507. It is possible to initiate the attack remotely. There is no exploit available.
It is suggested to upgrade the affected component.
A vulnerability labeled as problematic has been found in go-git up to 5.17.x/6.0.0-alpha.1. The affected element is an unknown function. The manipulation results in insufficiently protected credentials.
This vulnerability was named CVE-2026-41506. The attack may be performed from remote. There is no available exploit.
The affected component should be upgraded.
A vulnerability identified as critical has been detected in SEPPmail Secure Email Gateway 15.0.1. Impacted is an unknown function. The manipulation leads to improper neutralization of directives in dynamically evaluated code.
This vulnerability is uniquely identified as CVE-2026-44128. The attack is possible to be carried out remotely. No exploit exists.
You should upgrade the affected component.
A vulnerability categorized as critical has been discovered in SEPPmail Secure Email Gateway up to 15.0.3. This issue affects some unknown processing. Executing a manipulation can lead to missing authorization.
This vulnerability is handled as CVE-2026-44125. The attack can be executed remotely. There is not any exploit available.
It is advisable to upgrade the affected component.