Aggregator

A vulnerability described as critical has been identified in Wazuh up to 4.14.3. The affected element is the function print_hex_string. Executing a manipulation can lead to stack-based buffer overflow. This vulnerability is registered as CVE-2026-28221. It is possible to launch the attack remotely. No exploit is available. Upgrading the affected component is recommended.

A vulnerability marked as problematic has been reported in berabuddies AgentFlow. Impacted is an unknown function of the file /api/runs of the component Localhost API. Performing a manipulation results in origin validation error. This vulnerability is cataloged as CVE-2026-7439. The attack must be initiated from a local position. There is no exploit available. Applying a patch is the recommended action to fix this issue.

A vulnerability labeled as critical has been found in Wazuh up to 4.14.3. This issue affects some unknown processing of the component Cluster Synchronization Extraction Routine. Such manipulation leads to path traversal. This vulnerability is listed as CVE-2026-30893. The attack may be performed from remote. There is no available exploit. The affected component should be upgraded.

The Ukrainian police have arrested three individuals who hacked more than 610,000 Roblox gaming accounts and sold them for a profit of $225,000. [...]

Проект FLAMINGO выложил один из крупнейших наборов космологических симуляций, чтобы исследователи по всему миру изучали рост галактик и структуру космоса.

These are the top threats you should know about this week.

Air travel is entering another high-stakes summer, and early activity shows that global air passenger demand increased by 3.8 percent in January 2026 versus 2025. Ticket prices remain elevated due to rising fuel costs, demand is strong, and passengers, conditioned by years of disruption, are no longer willing to...

Как жаль, что это ловушка…

OSS can be too risky for banks and FinTechs working to meet security, governance, and compliance demands. Know the risks.

The post Why Financial Services Leaders Are Re-Evaluating Open Source for Database Change Management appeared first on Security Boulevard.

Bluekit Phishing Kit is a new PhaaS tool that targets major platforms, using AiTM techniques to steal session data and bypass MFA protections.

Cybersecurity doesn’t start with tools—it starts with mindset.

The post From Army Ranger to Ethical Hacker: What Cybersecurity Can Learn from the Battlefield appeared first on Security Boulevard.

A vulnerability identified as critical has been detected in SourceCodester Pet Grooming Management Software 1.0. This vulnerability affects unknown code of the file /admin/update_customer.php. This manipulation of the argument type/length/business parameter validity causes sql injection. This vulnerability is tracked as CVE-2026-7447. The attack is possible to be carried out remotely. Moreover, an exploit is present.

A new supply chain attack dubbed “mini Shai Hulud” has compromised four SAP-related npm packages by injecting malicious preinstall scripts that silently execute during dependency installation, targeting developer environments and CI/CD pipelines to steal credentials across GitHub, npm, and major cloud providers. Security researchers at StepSecurity, Aikido Security, SafeDep, Socket, and Wiz identified that malicious […]

The post SAP npm Packages Compromised to Harvest Developer and CI/CD Secrets appeared first on Cyber Security News.

A vulnerability categorized as critical has been discovered in VetCoders mcp-server-semgrep 1.0.0. This affects the function analyze_results/filter_results/export_results/compare_results/scan_directory/create_rule of the file src/index.ts of the component MCP Interface. The manipulation of the argument ID results in os command injection. This vulnerability is identified as CVE-2026-7446. The attack can be executed remotely. Additionally, an exploit exists. It is advisable to upgrade the affected component.

Submit #804209 / VDB-360188

Взять кредит на мировую звезду стало проще.

A vulnerability was found in ZachHandley ZMCPTools up to 0.2.2. It has been rated as critical. Affected by this issue is some unknown functionality of the file src/managers/ResourceManager.ts of the component MCP Log Resource Handler. The manipulation of the argument dirname leads to path traversal. This vulnerability is referenced as CVE-2026-7445. Remote exploitation of the attack is possible. Furthermore, an exploit is available. The project was informed of the problem early through an issue report but has not responded yet.

Submit #804100 / VDB-360187