Dark Reading
Ransomware Negotiator Pleads Guilty to BlackCat Scheme
A cautionary tale illustrates why the person negotiating should never be involved with any part of the ransom payment process, experts noted.
Senaste 1h
Senaste 6h
Senaste 24h
Senaste 7d
Senaste 30d
Endast lokalt
Analys/ledare
Endast följda källor
Snabbfilter
- 1 källor använder cache
Toppnyheter
Säkerhet
Full coverage
Flera perspektiv på samma ämne.
Dark Reading
The Hacker News
Dark Reading
The Hacker News
Poster
110
Källor
11
Senast uppdaterad
2026-04-22 10:13
NVD (National Vulnerability Database)10
SecurityWeek Vulnerabilities10
CERT-SE10
CISA KEV-katalog10
Microsoft MSRC10
Cisco PSIRT10
CVE-toppar
CVE-2023-273512
CVE-2026-57602
CVE-2009-02381
CVE-2017-201871
CVE-2017-72521
Senaste CVE
CVE-2026-1731
Surge in Bomgar RMM Exploitation Demonstrates Supply Chain Risk
CVE-2026-32223
CVE-2026-32223 Windows USB Printing Stack (usbprint.sys) Elevation of Privilege Vulnerability
CVE-2026-26168
CVE-2026-26168 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
CVE-2026-40372
CVE-2026-40372 ASP.NET Core Elevation of Privilege Vulnerability
CVE-2026-32288
CVE-2026-32288 Unbounded allocation for old GNU sparse in archive/tar
Fel per källa
NVD (National Vulnerability Database)NVD (National Vulnerability Database): 404, message='Not Found', url='https://nvd.nist.gov/feeds/xml/cve/misc/nvd-rss.xml'
Säkerhet
110 artiklar
Dark Reading
A cautionary tale illustrates why the person negotiating should never be involved with any part of the ransom payment process, experts noted.
1 fler källor
The Hacker News
Ransomware Negotiator Pleads Guilty to Aiding BlackCat Attacks in 2023
2026-04-21 16:31
Dark Reading
Three proof-of-concept exploits are being used in active attacks against Microsoft's built-in security platform; two are unpatched.
The Hacker News
Threat actors associated with The Gentlemen ransomware‑as‑a‑service (RaaS) operation have been observed attempting to deploy a known proxy malware called SystemBC. According to new research published by Check Point,...
The Hacker News
Cybersecurity researchers have identified 22 new vulnerabilities in popular models of serial-to-IP converters from Lantronix and Silex that could be exploited to hijack susceptible devices and tamper with data...
Dark Reading
The critical remote code execution flaw (CVE-2026-1731) in the remote monitoring and management tool can be exploited to spread ransomware and compromise supply chains.
Dark Reading
The prompt injection vulnerability in the agentic AI product for filesystem operations was a sanitization issue that allowed for sandbox escape and arbitrary code execution.
_NicoElNino_Alamy.png?disable=upscale&width=1200&height=630&fit=crop)
SecurityWeek Vulnerabilities
Angelo Martino of Florida has pleaded guilty to collaborating with the BlackCat cybercrime group while working as a ransomware negotiator. The post Third US Security Expert Admits Helping Ransomware Gang appeared...
SecurityWeek Vulnerabilities
Masquerading as popular cryptocurrency wallets, the apps can hijack recovery phrases and private keys. The post Dozens of Malicious Crypto Apps Land in Apple App Store appeared first on SecurityWeek.
Microsoft MSRC
Acknowledgement added. This is an informational change only.
Microsoft MSRC
Acknowledgement added. This is an informational change only.
Microsoft MSRC
Improper verification of cryptographic signature in ASP.NET Core allows an unauthorized attacker to elevate privileges over a network.
The Hacker News
Security teams often present MTTR as an internal KPI. Leadership sees it differently: every hour a threat dwells inside the environment is an hour of potential data exfiltration, service disruption, regulatory...
The Hacker News
Cybersecurity researchers have discovered a new iteration of an Android malware family called NGate that has been found to abuse a legitimate application called HandyPay instead of NFCGate. "The threat actors took the...
SecurityWeek Vulnerabilities
Things are improving, but a researcher has still identified over 1,500 Perforce P4 instances allowing attackers to read files on the server. The post Unsecured Perforce Servers Expose Sensitive Data From Major Orgs...
SecurityWeek Vulnerabilities
The security defects could be exploited for remote code execution, OS command injection, and WAF detection bypass. The post Progress Patches Multiple Vulnerabilities in MOVEit WAF, LoadMaster appeared first on...
Dark Reading
China is spying on India's financial sector, for some reason, and it's not putting much effort into it, judging by some stale TTPs.
The Hacker News
The cybersecurity industry has spent the last several years chasing sophisticated threats like zero-days, supply chain compromises, and AI-generated exploits. However, the most reliable entry point for attackers still...
SecurityWeek Vulnerabilities
CISA expanded the KEV catalog with eight flaws, but five of them have been flagged as exploited before. The post Organizations Warned of Exploited Cisco, Kentico, Zimbra Vulnerabilities appeared first on SecurityWeek.
SecurityWeek Vulnerabilities
Data breaches were disclosed by Southern Illinois Dermatology, Saint Anthony Hospital, and North Texas Behavioral Health Authority. The post Data Breaches at Healthcare Organizations in Illinois and Texas Affect...
The Hacker News
Cybersecurity researchers have discovered a vulnerability in Google's agentic integrated development environment (IDE), Antigravity, that could be exploited to achieve code execution. The flaw, since patched, combines...
SecurityWeek Vulnerabilities
The hackers targeted LayerZero’s DVN, compromising certain RPCs and DDoSing others to trigger failover to the poisoned infrastructure. The post $290 Million Kelp DAO Crypto Heist Blamed on North Korea appeared first...
Microsoft MSRC
Information published.
The Hacker News
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added eight new vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, including three flaws impacting Cisco Catalyst SD-WAN...
Dark Reading
Stolen OAuth tokens, which are at the root of these breaches, "are the new attack surface, the new lateral movement," a researcher notes.
Dark Reading
The OT devices that translate machine talk into Internet-speak are riddled with vulnerabilities and more frequently targeted for attacks, researchers say.
The Hacker News
A critical security vulnerability has been disclosed in SGLang that, if successfully exploited, could result in remote code execution on susceptible systems. The vulnerability, tracked as CVE-2026-5760, carries a CVSS...
SecurityWeek Vulnerabilities
Forescout researchers discovered 20 new vulnerabilities in Lantronix and Silex products and described theoretical attack scenarios. The post Serial-to-IP Converter Flaws Expose OT and Healthcare Systems to Hacking...
Dark Reading
Strangers can infer limited info about you without knowing or messaging you, which could theoretically aid certain kinds of malicious activity.
Microsoft MSRC
Added acknowledgements. This is an informational change only.
Microsoft MSRC
Added Security Only packages to Windows Server 2012 security updates. This is an informational change only.
The Hacker News
Monday’s recap shows the same pattern in different places. A third-party tool becomes a way in, then leads to internal access. A trusted download path is briefly swapped to deliver malware. Browser extensions act...
SecurityWeek Vulnerabilities
Tyler Buchanan admitted in court to hacking into various companies, defrauding them, and stealing cryptocurrency from multiple individuals. The post British Scattered Spider Hacker Pleads Guilty in the US appeared...
SecurityWeek Vulnerabilities
The machine emulator has been abused in at least two different campaigns distributing ransomware and remote access tools. The post Hackers Abuse QEMU for Defense Evasion appeared first on SecurityWeek.
CISA KEV-katalog
Cisco Catalyst SD-WAN Manager contains an incorrect use of privileged APIs vulnerability due to improper file handling on the API interface of an affected system. An attacker could exploit this vulnerability by...
CISA KEV-katalog
Cisco Catalyst SD-WAN Manager contains an exposure of sensitive information to an unauthorized actor vulnerability that could allow remote attackers to view sensitive information on affected systems. | Åtgärd: Please...
1 fler källor
CISA KEV-katalog
Kentico Xperience contains a path traversal vulnerability that could allow an authenticated user's Staging Sync Server to upload arbitrary data to path relative locations. | Åtgärd: Apply mitigations per vendor...
CISA KEV-katalog
PaperCut NG/MF contains an improper authentication vulnerability that could allow remote attackers to bypass authentication on affected installations via the SecurityRequestFilter class. | Åtgärd: Apply mitigations...
CISA KEV-katalog
Synacor Zimbra Collaboration Suite (ZCS) contains a cross-site scripting vulnerability that could allow attackers to execute arbitrary JavaScript within the user's session, potentially leading to unauthorized access...
CISA KEV-katalog
Quest KACE Systems Management Appliance (SMA) contains an improper authentication vulnerability that could allow attackers to impersonate legitimate users without valid credentials. | Åtgärd: Apply mitigations per...
CISA KEV-katalog
JetBrains TeamCity contains a relative path traversal vulnerability that could allow limited admin actions to be performed. | Åtgärd: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for...
Microsoft MSRC
Information published.
Dark Reading
Industry and ad hoc coalitions appear poised to help fill the gap created by NIST's decision to cut back on CVE data enrichment.
Dark Reading
In embracing device code phishing, attackers trick victims into handing over account access by using a service's legitimate new-device login flow.
CERT-SE
Bland veckans läsning i veckobrevet finns råd för ökad säkerhet inom OT, som Nationellt cybersäkerhetscenter (NCSC) nyligen publicerat. Utöver det hittar du information om ett antal sårbarheter och rapporter att läsa.
1 fler källor
Cisco PSIRT
A vulnerability in the integration of single sign-on (SSO) with Control Hub in Cisco Webex Services could have allowed an unauthenticated, remote attacker to impersonate any user within the service. This vulnerability...
Cisco PSIRT
A vulnerability in the authentication service feature of Cisco AsyncOS Software for Cisco Secure Web Appliance could allow an unauthenticated, remote attacker to bypass authentication policy requirements. This...
CISA KEV-katalog
Apache ActiveMQ contains an improper input validation vulnerability that allows for code injection. | Åtgärd: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or...
Cisco PSIRT
Multiple vulnerabilities in Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) could allow an authenticated, remote attacker to achieve remote code execution or conduct path...
1 fler källor
Cisco PSIRT
A vulnerability in the CLI of Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) could allow an authenticated, local attacker with administrative privileges to perform a command...
Cisco PSIRT
Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker with administrative write privileges to conduct a stored cross-site...
Cisco PSIRT
A vulnerability in the CLI of Cisco ThousandEyes Enterprise Agent could allow an authenticated, local attacker with low privileges to overwrite arbitrary files on the local system of an affected device. This...
Cisco PSIRT
Multiple vulnerabilities in Cisco Unity Connection could allow an authenticated, remote attacker to download arbitrary files from an affected system. To exploit these vulnerabilities, the attacker must have valid...
Cisco PSIRT
Multiple vulnerabilities in Cisco Unity Connection could allow a remote attacker to conduct a cross-site scripting (XSS) attack, an open redirect attack, and an SQL injection attack. For more information about these...
Cisco PSIRT
A vulnerability in the Desktop Agent functionality of Cisco Webex Contact Center could have allowed an unauthenticated, remote attacker to conduct cross-site scripting attacks. Cisco has addressed this vulnerability...
Fortinet PSIRT
CVSSv3 Score: 6.7 An out-of-bounds write vulnerability [CWE-787] in FortiWeb CGI daemon may allow a remote privileged attacker to execute arbitrary code or command via crafted HTTP requests. Revised on 2026-04-15...
CERT-SE
Flera leverantörer har släppt sina månatliga säkerhetsuppdateringar för april. Nedan finns en sammanställning av de säkerhetsuppdateringar som Microsoft, Adobe, Cisco, SAP och Fortinet har publicerat inför och i...
Fortinet PSIRT
CVSSv3 Score: 6.7 An Improper authentication vulnerability [CWE-287] in FortiSOAR web GUI may allow an unauthenticated attacker to bypass authentication via replaying captured 2FA request. The attack requires being...
Fortinet PSIRT
CVSSv3 Score: 6.2 An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability [CWE-22] in FortiSandbox, FortiSandbox Cloud, FortiSandbox PaaS and FortiSandbox Cloud WEB UI may allow...
Fortinet PSIRT
On March 31, 2026, the Axios npm package was compromised via a maintainer account takeover. Two malicious versions were published - [email protected] and [email protected] - which introduced a hidden dependency (plain-crypto-...
Fortinet PSIRT
CVSSv3 Score: 4.1 A Storing Passwords in a Recoverable Format vulnerability [CWE-257] in FortiSOAR may allow an authenticated remote attacker to retrieve Service account password via server address modification in...
1 fler källor
Fortinet PSIRT
Clear-text credentials retrievable with IP modification for connectors
2026-04-14 09:00
Fortinet PSIRT
CVSSv3 Score: 6.2 A Cleartext Transmission of Sensitive Information vulnerability [CWE-319] in FortiSOAR may allow an authenticated attacker to view cleartext password in response for Secure Message Exchange and...
Fortinet PSIRT
CVSSv3 Score: 2.5 An Insufficiently protected credentials vulnerability [CWE-522] in FortiSanbox and FortiSanbox PaaS GUI may allow an authenticated administrator to read LDAP server credentials via client-side...
Fortinet PSIRT
CVSSv3 Score: 5.2 A use of hard-coded cryptographic key vulnerability [CWE 321] in FortiClientEMS may allow an attacker in possession of an encrypted dump of the database to decrypt it. Revised on 2026-04-14 00:00:00
Fortinet PSIRT
CVSSv3 Score: 7.3 A heap-based buffer overflow vulnerability [CWE-122] in FortiAnalyzer Cloud oftpd daemon may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted...
CISA KEV-katalog
Microsoft Office Excel contains a remote code execution vulnerability that could allow an attacker to take complete control of an affected system if a user opens a specially crafted Excel file that includes a...
Palo Alto Networks Advisories
Ingen sammanfattning.
Palo Alto Networks Advisories
Ingen sammanfattning.
1 fler källor
Palo Alto Networks Advisories
PAN-SA-2026-0003 Chromium: Monthly Vulnerability Update (March 2026) (Severity: MEDIUM)
2026-03-11 17:00
Palo Alto Networks Advisories
Ingen sammanfattning.
1 fler källor
Palo Alto Networks Advisories
CVE-2026-0230 Cortex XDR Agent: Local Administrator can disable the agent on macOS (Severity: MEDIUM)
2026-03-11 17:00
Palo Alto Networks Advisories
Ingen sammanfattning.
Palo Alto Networks Advisories
Ingen sammanfattning.
Palo Alto Networks Advisories
Ingen sammanfattning.
CERT-SE
Här kommer ett nyhetsbrev med information om status i arbetet och vad som är på gång inom MISP-SE.
CERT-SE
Fortinet har publicerat information om en kritisk sårbarhet i Fortinet FortiClient EMS. [1] Det finns observationer som tyder på att sårbarheten utnyttjas aktivt. Fortinet har publicerat en säkerhetsuppdatering och...
Palo Alto Networks Advisories
Ingen sammanfattning.
CERT-SE
StepSecurity informerar om ett skadligt Axios JavaScript-bibliotek som funnits tillgängligt för nedladdning via NPM. [1] Enligt Socradar rör det sig om uppskattningsvis knappt tre timmar innan det togs bort. Vid...
CERT-SE
Vid uppsättning av en klientorganisation (engelska: tenant) i Microsofts molnmiljö är flexibiliteten hög och nya funktioner läggs till kontinuerligt. CERT-SE uppmanar organisationer att regelbundet se över aktiverade,...
CERT-SE
Citrix har publicerat information om sårbarheten CVE-2026-3055 som påverkar NetScaler Gateway och NetScaler ADC. Sårbarheten beskrivs som kritisk och har fått en CVSS v4.0-klassning på 9.3. [1]
Palo Alto Networks Advisories
Ingen sammanfattning.
CERT-SE
F5 Networks har publicerat en större mängd sårbarhetsuppdateringar gällande produkterna BIG-IP, F5OS, BIG-IP Next for Kubernetes, BIG-IQ, och APM Clients [1]. Uppdateringarna är en åtgärd som svar på ett tidigare...
NVD (National Vulnerability Database)
A vulnerability classified as problematic has been found in Ortus Solutions ColdBox Elixir 3.1.6. This affects an unknown part of the file src/defaultConfig.js of the component ENV Variable Handler. The manipulation...
NVD (National Vulnerability Database)
A vulnerability was found in Vaerys-Dawn DiscordSailv2 up to 2.10.2. It has been rated as critical. Affected by this issue is some unknown functionality of the component Tag Handler. The manipulation leads to improper...
NVD (National Vulnerability Database)
** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Magnesium-PHP up to 0.3.0. It has been classified as problematic. Affected is the function formatEmailString of the file...
NVD (National Vulnerability Database)
A vulnerability was found in Vaerys-Dawn DiscordSailv2 up to 2.10.2. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Command Mention Handler. The...
NVD (National Vulnerability Database)
A security issue was discovered in kube-apiserver that allows an aggregated API server to redirect client traffic to any URL. This could lead to the client performing unexpected actions as well as forwarding the...
NVD (National Vulnerability Database)
Ivanti Avalanche Smart Device Service Missing Authentication Local Privilege Escalation Vulnerability
NVD (National Vulnerability Database)
Ivanti Avalanche Printer Device Service Missing Authentication Local Privilege Escalation Vulnerability
NVD (National Vulnerability Database)
A locally authenticated attacker with low privileges can bypass authentication due to insecure inter-process communication.
NVD (National Vulnerability Database)
In swtpm before 0.4.2 and 0.5.x before 0.5.1, a local attacker may be able to overwrite arbitrary files via a symlink attack against a temporary file such as TMP2-00.permall.
NVD (National Vulnerability Database)
bcrypt password hashing in Botan before 2.1.0 does not correctly handle passwords with a length between 57 and 72 characters, which makes it easier for attackers to determine the cleartext password.
Threatpost
2.5 million people were affected, in a breach that could spell more trouble down the line.
Threatpost
Researchers uncover a watering hole attack likely carried out by APT TA423, which attempts to plant the ScanBox JavaScript-based reconnaissance tool.
Threatpost
Over 130 companies tangled in sprawling phishing campaign that spoofed a multi-factor authentication system.
Threatpost
Lockbit is by far this summer’s most prolific ransomware group, trailed by two offshoots of the Conti group.
Threatpost
Tens of thousands of cameras have failed to patch a critical, 11-month-old CVE, leaving thousands of organizations exposed.
Threatpost
Twitter is blasted for security and privacy lapses by the company’s former head of security who alleges the social media giant’s actions amount to a national security risk.
Threatpost
CISA is warning that Palo Alto Networks’ PAN-OS is under active attack and needs to be patched ASAP.
Threatpost
Fake travel reservations are exacting more pain from the travel weary, already dealing with the misery of canceled flights and overbooked hotels.
Threatpost
Separate fixes to macOS and iOS patch respective flaws in the kernel and WebKit that can allow threat actors to take over devices and are under attack.
Threatpost
An insufficient validation input flaw, one of 11 patched in an update this week, could allow for arbitrary code execution and is under active attack.
