Aggregator

A vulnerability has been found in Apache HTTP Server up to 2.4.58 and classified as problematic. This affects an unknown function of the component nghttp2. Performing a manipulation results in resource consumption. This vulnerability is identified as CVE-2024-27316. The attack can be initiated remotely. There is not any exploit available. The affected component should be upgraded.

The UK's National Cyber Security Centre is urging organizations to prepare for glut of new software updates

Новый пакет мер против мошенников могут принять уже в мае.

Meta has announced that Instagram will officially discontinue its optional end-to-end encrypted direct message feature on May 8, 2026. The feature was initially rolled out for testing in 2021 to provide users with a secure communication channel accessible only by the sender and recipient. Meta cites very low adoption rates among its user base as […]

The post Instagram’s to End Encrypted Chats for Direct Messages appeared first on Cyber Security News.

A vulnerability described as problematic has been identified in edge22 GenerateBlocks Plugin up to 2.2.0 on WordPress. The affected element is an unknown function of the file /wp-json/generateblocks/v1/dynamic-tag-replacements of the component REST Endpoint. Executing a manipulation of the argument ID can lead to authorization bypass. The identification of this vulnerability is CVE-2026-3454. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as critical has been found in wpmudev Forminator Forms Plugin up to 1.52.1 on WordPress. The impacted element is the function file_path of the component File Upload. The manipulation leads to path traversal. This vulnerability is referenced as CVE-2026-5192. Remote exploitation of the attack is possible. No exploit is available.

A vulnerability marked as critical has been reported in wpmudev Forminator Forms Plugin up to 1.52.0 on WordPress. Impacted is an unknown function. Performing a manipulation results in authorization bypass. This vulnerability was named CVE-2026-2729. The attack may be initiated remotely. There is no available exploit.

A vulnerability, which was classified as critical, has been found in Saleswonder WebinarIgnition Plugin up to 4.08.253 on WordPress. This impacts an unknown function. This manipulation causes sql injection. This vulnerability is tracked as CVE-2026-40797. The attack is possible to be carried out remotely. No exploit exists.

Microsoft revealed a phishing campaign hitting 35,000 users in 26 countries, stealing login tokens via fake code-of-conduct emails and legit services. Microsoft disclosed a major phishing campaign that targeted over 35,000 users across 26 countries in mid-April 2026. Attackers used fake “code of conduct” emails sent through legitimate platforms to trick recipients into visiting bogus […]

The North Korea-aligned state-sponsored hacking group known as ScarCruft has compromised a video game platform in a supply chain espionage attack, trojanizing its components with a backdoor called BirdCallto likely target ethnic Koreans residing in China. While prior versions of the backdoor have primarily targeted Windows users only, the supply chain attack is assessed to have enabled the

The North Korean hacker group APT37 has been delivering an Android version of a backdoor called BirdCall in a supply-chain attack through a video game platform. [...]

Apache выпустил экстренное обновление до версии 2.4.67 — вот что нужно сделать прямо сейчас

A gaming platform built for ethnic Koreans in China has been serving backdoored Windows and Android software to its users since late 2024. The platform, sqgame[.]net, hosts traditional card and board games for a community that sits along the North Korean border and includes many refugees and defectors. ESET researchers tied the operation to ScarCruft, a North Korea-aligned espionage group also tracked as APT37 and Reaper, which has been active since at least 2012. How … More →

The post North Korean hackers trojanize gaming platform to spy on ethnic Koreans in China appeared first on Help Net Security.

ESET researchers have investigated an ongoing attack by the ScarCruft APT group that targets the Yanbian region via backdoor-laced Windows and Android games

Security vendor Trellix has suffered a breach involving unauthorized access

Где теперь будут искать подростков, «помышляющих о дестабилизации оперативной обстановки».

Trajan: CI/CD Security Scanner Trajan scans CI/CD pipelines for security vulnerabilities that attackers use to compromise software supply

The post Supply Chains in the Crosshairs: Scan and Simulate Multi-Stage Attacks with Trajan appeared first on Penetration Testing Tools.

A fake website claiming to offer an official macOS version of the popular text editor Notepad++ has been making rounds online, raising serious cybersecurity concerns across the tech community. The site, operating under the domain notepad-plus-plus-mac.org, falsely presents itself as the official release of Notepad++ for Apple devices, misleading thousands of users who simply want […]

The post Beware of Fake ‘Notepad++ for Mac’ Website, Possibly Could Harm your Machine appeared first on Cyber Security News.

A vulnerability has been found in GnuTLS and classified as problematic. This affects the function merge_handshake_packet of the component DTLS Handshake Fragment Reassembly Handler. Performing a manipulation of the argument message_length results in improper handling of length parameter inconsistency. This vulnerability is identified as CVE-2026-33846. The attack can be initiated remotely. There is not any exploit available.

A vulnerability was found in GnuTLS. It has been classified as problematic. Affected is an unknown function of the component Certificate Status Protocol. This manipulation causes incorrect behavior order: early validation. This vulnerability is tracked as CVE-2026-3832. The attack is possible to be carried out remotely. No exploit exists.