Aggregator

A vulnerability was found in pretix pretix-doistep up to 1.3.1. It has been rated as problematic. This issue affects some unknown processing of the component Placeholder Handler. Performing a manipulation results in dynamic variable evaluation. This vulnerability is known as CVE-2026-2451. Remote exploitation of the attack is possible. No exploit is available. Upgrading the affected component is advised.

A vulnerability was found in pretix. It has been declared as problematic. This vulnerability affects unknown code of the component Placeholder Handler. Such manipulation leads to dynamic variable evaluation. This vulnerability is traded as CVE-2026-2415. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

Хакеры получили доступ к системе Salesforce оператора Odido через фишинг и социальную инженерию.

Chainalysis warns that online fraud is fuelling sophisticated human trafficking operations

A vulnerability was found in WowRevenue Plugin up to 2.1.3 on WordPress. It has been classified as problematic. This affects the function Notice::install_activate_plugin of the component Plugin Installation Handler. This manipulation causes missing authorization. This vulnerability appears as CVE-2026-2001. The attack may be initiated remotely. There is no available exploit.

A vulnerability was found in Kubysoft and classified as problematic. Affected by this issue is some unknown functionality of the file /node/kudaby/nodeFN/procedure of the component Endpoint. The manipulation results in cross site scripting. This vulnerability is reported as CVE-2025-59905. The attack can be launched remotely. No exploit exists.

A vulnerability has been found in Kubysoft and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /kForms/app. The manipulation leads to cross site scripting. This vulnerability is documented as CVE-2025-59904. The attack can be initiated remotely. There is not any exploit available.

A vulnerability, which was classified as problematic, was found in Kubysoft. Affected is an unknown function of the component SVG Image Handler. Executing a manipulation can lead to cross site scripting. This vulnerability is registered as CVE-2025-59903. It is possible to launch the attack remotely. No exploit is available.

A vulnerability, which was classified as problematic, has been found in Mattermost up to 10.11.9/11.1.2/11.2.1. This impacts an unknown function of the file /api/v1/askPMI of the component Zoom Handler. Performing a manipulation results in missing authorization. This vulnerability is cataloged as CVE-2026-0998. It is possible to initiate the attack remotely. There is no exploit available. It is advisable to upgrade the affected component.

A vulnerability classified as problematic was found in Mattermost up to 10.11.9/11.1.2/11.2.1. This affects an unknown function of the file /plugins/zoom/api/v1/channel-preference of the component Zoom Handler. Such manipulation leads to incorrect authorization. This vulnerability is listed as CVE-2026-0997. The attack may be performed from remote. There is no available exploit. Upgrading the affected component is advised.

A vulnerability classified as critical has been found in Mattermost up to 10.11.9/11.1.2/11.2.1. The impacted element is an unknown function of the component Login. This manipulation causes incorrect implementation of authentication algorithm. This vulnerability is tracked as CVE-2026-0999. The attack is possible to be carried out remotely. No exploit exists. It is recommended to upgrade the affected component.

A vulnerability described as critical has been identified in HKUDS nanobot up to 0.1.3.Post6. The affected element is an unknown function of the component WhatsApp Bridge. The manipulation results in missing authentication. This vulnerability is identified as CVE-2026-2577. The attack can be executed remotely. There is not any exploit available. Upgrading the affected component is recommended.

Cybersecurity researchers have disclosed details of a new mobile spyware platform dubbed ZeroDayRAT that's being advertised on Telegram as a way to grab sensitive data and facilitate real-time surveillance on Android and iOS devices. "The developer runs dedicated channels for sales, customer support, and regular updates, giving buyers a single point of access to a fully operational spyware

OpenAI has introduced Lockdown Mode and Elevated Risk labels in ChatGPT to help users and organizations reduce the risk of prompt injection attacks and other advanced security threats, particularly when using features that interact with external systems. Limiting tool access to prevent data exfiltration Lockdown Mode in ChatGPT is an optional, advanced security setting for highly security-conscious users who require protection against advanced threats. To reduce the risk of prompt injection–based data exfiltration, it constrains … More →

The post ChatGPT gets new security feature to fight prompt injection attacks appeared first on Help Net Security.

Google patched Chrome zero-day CVE-2026-2441, a high-severity CSS use-after-free flaw actively exploited in the wild. Google has released urgent security updates to address a high-severity zero-day vulnerability, tracked as CVE-2026-2441, in Chrome that is already being exploited in real-world attacks. The flaw is a use-after-free bug in the browser’s CSS component. This is the first […]

The state-sponsored threat group Lotus Blossom successfully breached the official hosting infrastructure of Notepad++ between June and December 2025, targeting users across government agencies, telecommunications companies and critical infrastructure sectors. The attackers gained access by compromising the shared hosting provider’s environment, which allowed them to intercept traffic headed to the Notepad++ update server and redirect […]

The post Lotus Blossom Hackers Compromised Official Hosting Infrastructure of Notepad++ appeared first on Cyber Security News.

An alert regarding two critical vulnerabilities found in ZLAN Information Technology Co.’s ZLAN5143D industrial communication device. According to the advisory (ICSA-26-041-02), successful exploitation could allow attackers to gain complete control of affected systems by bypassing authentication mechanisms or resetting device passwords remotely. The vulnerabilities impact ZLAN5143D version 1.600, a device commonly used across global critical […]

The post CISA Warns of ZLAN ICS Devices Vulnerabilities Allows Complete Device Takeover appeared first on Cyber Security News.

Хакеры получили доступ к истории интимных заказов клиентов японского бренда Tenga.

A vulnerability labeled as problematic has been found in SourceCodester Free and Open Source Inventory Management System 1.0. The impacted element is an unknown function of the component Add Supplier Handler. The manipulation results in cross site scripting. This vulnerability is cataloged as CVE-2023-46450. The attack may be launched remotely. There is no exploit available.