Aggregator
Securing the enterprise for mobility (ITSM.80.001)
1 week 1 day ago
Canadian Centre for Cyber Security
Лучший друг следователя — беспечный преступник. Иранские кибершпионы сами разложили доказательства по полочкам
1 week 1 day ago
Хакеры взломали полправительства Омана — и аккуратно сложили все улики в папочку с открытым доступом.
The Browser Is Breaking Your DLP: How Data Slips Past Modern Controls
1 week 1 day ago
Your security controls aren't failing, they're missing where most of today's work actually happens. Keep Aware shows how browser activity like copy/paste and AI prompts bypass traditional protections. [...]
Sponsored by Keep Aware
Mozilla security advisory (AV26-433)
1 week 1 day ago
Canadian Centre for Cyber Security
OpenAI and Anthropic LLMs Used in Critical Infrastructure Cyber-Attack, Warns Dragos
1 week 1 day ago
Commercial AI models were used to help plan and conduct cyber-attack against operational technology of a water and drainage facility, say researchers
American duo sentenced for hosting laptop farms for North Korean IT workers
1 week 1 day ago
The men’s separate schemes impacted almost 70 U.S. companies and generated a combined $1.2 million in revenue for the North Korean regime.
The post American duo sentenced for hosting laptop farms for North Korean IT workers appeared first on CyberScoop.
Greg Otto
VM2 Node.js Library security advisory (AV26-432)
1 week 1 day ago
Canadian Centre for Cyber Security
$250 million cryptocurrency heist funded luxury fashion, nightclub parties, and private jets
1 week 1 day ago
20-year-old California resident Marlon Ferro, known online as “GothFerrari,” was sentenced to 78 months in prison for his role in a cryptocurrency theft operation tied to more than $250 million in stolen digital assets. Federal prosecutors said Ferro participated in a criminal network active between late 2023 and early 2025. Members of the group, based in California, Connecticut, New York, Florida, and overseas, carried out roles that included database hacking, target identification, fraudulent phone calls, … More →
The post $250 million cryptocurrency heist funded luxury fashion, nightclub parties, and private jets appeared first on Help Net Security.
Sinisa Markovic
Spring security advisory (AV26-431)
1 week 1 day ago
Canadian Centre for Cyber Security
Americans sentenced for running 'laptop farms' for North Korea
1 week 1 day ago
Two U.S. nationals were sentenced to 18 months in prison each for operating so-called laptop farms that helped North Korean IT workers fraudulently obtain remote employment at nearly 70 American companies. [...]
Sergiu Gatlan
CMD
1 week 1 day ago
You must login to view this content
cohenido
PAN-OS RCE Exploit Under Active Use Enabling Root Access and Espionage
1 week 1 day ago
Palo Alto Networks has disclosed that threat actors may have attempted to unsuccessfully exploit a recently disclosed critical security flaw as early as April 9, 2026.
The vulnerability in question is CVE-2026-0300 (CVSS score: 9.3/8.7), a buffer overflow vulnerability in the User-ID Authentication Portal service of Palo Alto Networks PAN-OS software that could allow an unauthenticated attacker
The Hacker News
Касперский: 20% паролей длиной 15 символов могут быть взломаны менее чем за минуту
1 week 1 day ago
Пользователи продолжают собирать пароли из самых очевидных слов
CVE-2026-8094 | Mozilla Firefox up to 140.10.1 WebRTC Remote Code Execution
1 week 1 day ago
A vulnerability classified as critical has been found in Mozilla Firefox up to 140.10.1. Affected by this issue is some unknown functionality of the component WebRTC. Performing a manipulation results in Remote Code Execution.
This vulnerability is reported as CVE-2026-8094. The attack is possible to be carried out remotely. No exploit exists.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2026-8091 | Mozilla Firefox up to 115.35.1/140.10.1 Playback memory corruption
1 week 1 day ago
A vulnerability described as critical has been identified in Mozilla Firefox up to 115.35.1/140.10.1. Affected by this vulnerability is an unknown functionality of the component Playback Component. Such manipulation leads to memory corruption.
This vulnerability is documented as CVE-2026-8091. The attack can be executed remotely. There is not any exploit available.
Upgrading the affected component is recommended.
vuldb.com
CVE-2026-8090 | Mozilla Firefox up to 115.35.1/140.10.1/150.0.1 Networking use after free
1 week 1 day ago
A vulnerability marked as critical has been reported in Mozilla Firefox up to 115.35.1/140.10.1/150.0.1. Affected is an unknown function of the component Networking. This manipulation causes use after free.
This vulnerability is registered as CVE-2026-8090. Remote exploitation of the attack is possible. No exploit is available.
It is suggested to upgrade the affected component.
vuldb.com
CVE-2026-6002 | DivvyDrive 4.8.2.15 cross site scripting
1 week 1 day ago
A vulnerability labeled as problematic has been found in DivvyDrive 4.8.2.15. This impacts an unknown function. The manipulation results in basic cross site scripting.
This vulnerability is cataloged as CVE-2026-6002. The attack may be launched remotely. There is no exploit available.
The affected component should be upgraded.
vuldb.com
CVE-2026-5784 | DivvyDrive 4.8.2.15 cross site scripting
1 week 1 day ago
A vulnerability identified as problematic has been detected in DivvyDrive 4.8.2.15. This affects an unknown function. The manipulation leads to cross site scripting.
This vulnerability is listed as CVE-2026-5784. The attack may be initiated remotely. There is no available exploit.
You should upgrade the affected component.
vuldb.com
CVE-2026-5791 | DivvyDrive 4.8.2.15 cross-site request forgery
1 week 1 day ago
A vulnerability categorized as problematic has been discovered in DivvyDrive 4.8.2.15. The impacted element is an unknown function. Executing a manipulation can lead to cross-site request forgery.
This vulnerability is tracked as CVE-2026-5791. The attack can be launched remotely. No exploit exists.
It is advisable to upgrade the affected component.
vuldb.com