Threatpost
Watering Hole Attacks Push ScanBox Keylogger
Researchers uncover a watering hole attack likely carried out by APT TA423, which attempts to plant the ScanBox JavaScript-based reconnaissance tool.
Senaste 1h
Senaste 6h
Senaste 24h
Senaste 7d
Senaste 30d
Endast lokalt
Analys/ledare
Endast följda källor
Snabbfilter
- 1 källa använder cache
- NIH News: 403, message='Forbidden', url='https://www.nih.gov/rss.xml'
Toppnyheter Säkerhet
Poster
190
Källor
11
Senast uppdaterad
2026-06-08 00:11
CERT-SE20
CISA KEV-katalog20
Microsoft MSRC20
Cisco PSIRT20
Fortinet PSIRT20
Palo Alto Networks Advisories20
CVE-toppar
CVE-2026-202454
CVE-2026-201823
CVE-2026-202303
CVE-2026-314313
CVE-2026-02572
Senaste CVE
CVE-2026-7774
CVE-2026-7774 tarfile.data_filter path traversal bypass allows writing outside the extraction directory
CVE-2026-3276
CVE-2026-3276 Potential DoS via quadratic complexity in unicodedata.normalize()
CVE-2026-8643
CVE-2026-8643 pip can extract console_scripts and gui_scripts outside installation directory
CVE-2026-8829
CVE-2026-8829 HTML::Entities versions before 3.84 for Perl read freed heap memory in _decode_entities
CVE-2026-43958
CVE-2026-43958 Rrdtool: rrdtool: stack buffer overflow allows local code execution or denial of service
Fel per källa
NVD (National Vulnerability Database)NVD (National Vulnerability Database): 404, message='Not Found', url='https://nvd.nist.gov/feeds/xml/cve/misc/nvd-rss.xml'
Säkerhet 74 artiklar
Microsoft MSRC
Information published.
The Hacker News
OpenAI has begun rolling out a new Lockdown Mode to ChatGPT for eligible personal accounts to reduce the risk of data exfiltration arising from prompt injection attacks. The feature is primarily designed for people...
The Hacker News
Microsoft's GitHub repositories have become the latest to fall victim to the ongoing Miasma self-replicating supply chain attack campaign. The incident impacted 73 Microsoft repositories across four of its GitHub...
Cisco PSIRT
A vulnerability in the CLI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, local attacker to execute arbitrary commands as root by supplying a crafted file to the affected...
Dark Reading
Threat actors are taking advantage of Internet-exposed tank gauges by breaching gas stations, opening the door to disruption.
The Hacker News
Multiple software supply chain attacks have hit the npm ecosystem, with threat actors using both malicious and poisoned versions of over 50 legitimate packages to distribute a Rust-based information stealer and a...
The Hacker News
Arabic-speaking users have emerged as the target of a new Android spyware codenamed Asin, according to findings from ESET. The Slovakian cybersecurity company said it first detected the malware spread via multiple...
SecurityWeek Vulnerabilities
The company detected a network intrusion in March and an investigation showed that some files were stolen during the attack. The post Nightclub Giant RCI Says Data Breach Affects 40,000 Individuals appeared first on...
Dark Reading
One of the world's most diverse, least-focused cybercrime groups is enlarging its footprint beyond East Asia.
Dark Reading
Gartner analysts issued a call to action to bolster defenses against several emerging critical threats, such as deepfakes and prompt injections.
The Hacker News
Cisco has patched a bug in Unified Communications Manager that lets an unauthenticated attacker on the network write files to the box and, from there, climb to root. It is tracked as CVE-2026-20230, and proof-of-...
The Hacker News
A security researcher found a flaw in Anthropic's Claude Code GitHub Action that let an attacker take over vulnerable public repositories running it, with nothing more than a single opened GitHub issue. Because...
The Hacker News
A new China-linked cybercrime group known as TA4922 has expanded its targeting focus to target European organizations in the U.K., Germany, Italy, and South Africa. These efforts have been complemented by a "rapid...
The Hacker News
Cybersecurity researchers have shed light on a macOS malvertising campaign codenamed Operation FlutterBridge that spreads a new backdoor called FlutterShell. According to Palo Alto Networks Unit 42, the campaign is...
Dark Reading
Python scripts were used to test malware against endpoint detection and response agents from Sophos, CrowdStrike, and Windows Defender.
Dark Reading
China-linked espionage groups have attacked at least a dozen nations in the region, gathering information on maritime shipping, oil production, and other geopolitical interests.
Dark Reading
Cyber insurance coverage is slowly changing, and some policies may not provide coverage for social engineering attacks like ClickFix.
Dark Reading
A disabled security setting meant to protect authentication across Android versions of key apps like Word, PowerPoint, and Excel paved the way for attackers to steal logins and data.
Cisco PSIRT
A vulnerability in the web-based user interface of Cisco Webex Meetings could have allowed an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack. Cisco has addressed this vulnerability in...
Cisco PSIRT
A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, remote attacker to conduct...
Cisco PSIRT
A vulnerability in Cisco Finesse could allow an unauthenticated, remote attacker to load arbitrary files from remote locations into an active user session on an affected device, possibly leading to browser-based...
Dark Reading
A prompt injection flaw in Google Gemini's voice assistant let attackers hide malicious commands in notifications, enabling social engineering and more.
CISA KEV-katalog
Mirasvit Full Page Cache Warmer contains a deserialization of untrusted data vulnerability that could allow unauthenticated attackers to achieve remote code execution by supplying a crafted serialized PHP object in...
Dark Reading
A sneaky, wide-scale IAB operation uses a malicious traffic distribution system (TDS) to redirect visitors of trusted websites to ones that deliver malware.
Dark Reading
China is stealing data from high-value targets via a sneaky, double-layer spear-phishing campaign that includes the Azureveil malware.
CISA KEV-katalog
Oracle WebLogic contains an unspecified vulnerability that could allow an unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can...
CISA KEV-katalog
Palo Alto Networks PAN-OS contains an authentication bypass vulnerability that allows attackers to bypass security restrictions and establish an unauthorized VPN connection. | Åtgärd: Apply mitigations per vendor...
Cisco PSIRT
May 2026: This security advisory provides the details and fix information for a vulnerability that was discovered and fixed after the Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability was disclosed...
CISA KEV-katalog
Langflow contains an origin validation error vulnerability in which an overly permissive CORS configuration combined with a refresh token cookie configured as SameSite=None allows a malicious webpage to perform cross-...
CISA KEV-katalog
Trend Micro Apex One (on-premise) contains a directory traversal vulnerability that could allow a pre-authenticated local attacker to modify a key table on the server to inject malicious code to deploy to agents on...
Cisco PSIRT
A vulnerability in the Border Gateway Protocol (BGP) enforce-first-as feature of Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an unauthenticated, remote...
Cisco PSIRT
A vulnerability in the access validation of internal REST APIs of Cisco Secure Workload could allow an unauthenticated, remote attacker to access site resources with the privileges of the Site Admin role. This...
Cisco PSIRT
A vulnerability in the SSL certificate handling of Cisco ThousandEyes Virtual Appliance could allow an authenticated, remote attacker to execute commands on the underlying operating system as the root user. This...
Cisco PSIRT
A vulnerability in the BrowserBot component of Cisco ThousandEyes Enterprise Agent could have allowed an authenticated, remote attacker to execute arbitrary commands on Agents on behalf of the BrowserBot synthetics...
CISA KEV-katalog
Microsoft Windows contains a buffer overflow vulnerability in the Windows Server Service that allows remote attackers to execute arbitrary code via a crafted RPC request that triggers an overflow during path...
CISA KEV-katalog
Microsoft DirectX contains a NULL byte overwrite vulnerability in the QuickTime Movie Parser Filter in quartz.dll in DirectShow which could allow remote attackers to execute arbitrary code via a crafted QuickTime...
CISA KEV-katalog
Adobe Acrobat and Reader contain a heap-based buffer overflow vulnerability which could allow remote attackers to execute arbitrary code via a crafted PDF file that triggers memory corruption. | Åtgärd: Apply...
CISA KEV-katalog
Microsoft Internet Explorer contains an use-after-free vulnerability that could allow remote attackers to execute arbitrary code by accessing a pointer associated with a deleted object. The impacted product could be...
1 fler källor
CISA KEV-katalog
Microsoft Defender contains a link following vulnerability that allows an authorized attacker to elevate privileges locally. | Åtgärd: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance...
Cisco PSIRT
On April 23, 2026, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an update to V1: Emergency Directive (ED) 25-03: Identify and Mitigate Potential Compromise of Cisco Devices related to Cisco...
Cisco PSIRT
Multiple vulnerabilities in Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow a remote attacker to gain access to sensitive information, elevate privileges, or gain unauthorized access to the...
Fortinet PSIRT
CVSSv3 Score: 4.0 An Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability [CWE-88] in FortiDeceptor WEB UI may allow an authenticated attacker with at least read-only admin...
Fortinet PSIRT
CVSSv3 Score: 6.1 An improper neutralization of special elements used in an OS command ("OS Command Injection") vulnerability [CWE-78] in FortiAP, FortiAP-U & FortiAP-W2 CLI may allow an authenticated privileged...
1 fler källor
Fortinet PSIRT
CVSSv3 Score: 5.2 A use of potentially Dangerous Function vulnerability [CWE-676] in FortiAnalyzer and FortiManager API may allow an authenticated attacker to cause a system hang via multiple specially crafted HTTP...
Fortinet PSIRT
CVSSv3 Score: 2.1 A Missing Authorization [CWE-862] in FortiClient Windows may allow an authenticated local attacker to decrypt a currently logged in users VPN password via use of an unprotected DLL function. Revised...
Fortinet PSIRT
CVSSv3 Score: 9.1 An Improper Access Control vulnerability [CWE-284] in FortiAuthenticator may allow an unauthenticated attacker to execute unauthorized code or commands via crafted requests. Revised on 2026-05-12...
Fortinet PSIRT
CVSSv3 Score: 9.1 A missing authorization vulnerability [CWE-862] in FortiSandbox, FortiSandbox Cloud and FortiSandbox PaaS WEB UI may allow an unauthenticated attacker to execute unauthorized code or commands via...
Fortinet PSIRT
CVSSv3 Score: 8.3 An Out-Of-Bounds Write vulnerability [CWE-787] in FortiOS capwap daemon may allow an attacker controlling an authenticated FortiAP FortiExtender or FortiSwitch to gain execution privileges on the...
Fortinet PSIRT
CVSSv3 Score: 6.3 An improper neutralization of special elements used in an SQL Command ('SQL Injection') vulnerability [CWE-89] in FortiMail may allow an authenticated privileged attacker to execute unauthorized code...
Fortinet PSIRT
CVSSv3 Score: 5.1 An improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability [CWE-89] in FortiNDR may allow an authenticated attacker to execute arbitrary SQL commands on...
Cisco PSIRT
Multiple vulnerabilities in Cisco Unity Connection could allow a remote attacker to execute arbitrary code on or conduct server-side request forgery (SSRF) attacks through an affected device. For more information...
Cisco PSIRT
A vulnerability in the Lite Agent feature of Cisco Enterprise Chat and Email (ECE) could allow an authenticated, remote attacker to conduct browser-based attacks. To exploit this vulnerability, the attacker must have...
Cisco PSIRT
Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could allow a remote attacker to bypass authorization mechanisms or examine error messages to gain access to sensitive information on an affected...
Cisco PSIRT
A vulnerability in the log file download functionality of Cisco Prime Infrastructure could allow an authenticated, remote attacker to download arbitrary log files from the server. This vulnerability is due to...
Cisco PSIRT
A vulnerability in the REST API of Cisco Slido could have allowed an authenticated, remote attacker to access the social profile data of other users or affect quiz and poll results. Cisco has addressed this...
Cisco PSIRT
Multiple vulnerabilities in the web-based management interface of Cisco IoT Field Network Director Software could allow an authenticated, remote attacker to access files, execute commands, and cause denial of service...
Cisco PSIRT
A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco 350 Series Managed Switches (SG350) and Cisco 350X Series Stackable Managed Switches (SG350X) firmware could allow an authenticated,...
Cisco PSIRT
Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the...
Fortinet PSIRT
CVSSv3 Score: 6.7 An out-of-bounds write vulnerability [CWE-787] in FortiWeb CGI daemon may allow a remote privileged attacker to execute arbitrary code or command via crafted HTTP requests. Revised on 2026-04-15...
Fortinet PSIRT
CVSSv3 Score: 6.7 An Improper authentication vulnerability [CWE-287] in FortiSOAR web GUI may allow an unauthenticated attacker to bypass authentication via replaying captured 2FA request. The attack requires being...
Fortinet PSIRT
CVSSv3 Score: 6.2 An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability [CWE-22] in FortiSandbox, FortiSandbox Cloud, FortiSandbox PaaS and FortiSandbox Cloud WEB UI may allow...
Fortinet PSIRT
CVSSv3 Score: 4.1 A Storing Passwords in a Recoverable Format vulnerability [CWE-257] in FortiSOAR may allow an authenticated remote attacker to retrieve Service account password via server address modification in...
1 fler källor
Fortinet PSIRT
Clear-text credentials retrievable with IP modification for connectors
2026-04-14 09:00
Fortinet PSIRT
CVSSv3 Score: 6.2 A Cleartext Transmission of Sensitive Information vulnerability [CWE-319] in FortiSOAR may allow an authenticated attacker to view cleartext password in response for Secure Message Exchange and...
NVD (National Vulnerability Database)
A locally authenticated attacker with low privileges can bypass authentication due to insecure inter-process communication.
NVD (National Vulnerability Database)
In swtpm before 0.4.2 and 0.5.x before 0.5.1, a local attacker may be able to overwrite arbitrary files via a symlink attack against a temporary file such as TMP2-00.permall.
NVD (National Vulnerability Database)
bcrypt password hashing in Botan before 2.1.0 does not correctly handle passwords with a length between 57 and 72 characters, which makes it easier for attackers to determine the cleartext password.
Threatpost
Researchers uncover a watering hole attack likely carried out by APT TA423, which attempts to plant the ScanBox JavaScript-based reconnaissance tool.
Threatpost
Lockbit is by far this summer’s most prolific ransomware group, trailed by two offshoots of the Conti group.
Threatpost
CISA is warning that Palo Alto Networks’ PAN-OS is under active attack and needs to be patched ASAP.
Threatpost
Separate fixes to macOS and iOS patch respective flaws in the kernel and WebKit that can allow threat actors to take over devices and are under attack.
Threatpost
An insufficient validation input flaw, one of 11 patched in an update this week, could allow for arbitrary code execution and is under active attack.
