Aggregator

A vulnerability identified as problematic has been detected in Roundcube Webmail up to 1.5.13/1.6.13. Impacted is an unknown function of the component Password Plugin. This manipulation causes type confusion. This vulnerability appears as CVE-2026-35541. The attack may be initiated remotely. There is no available exploit. You should upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Roundcube Webmail up to 1.5.13/1.6.13. This affects an unknown function of the component BODY Element Handler. The manipulation leads to incorrect resource transfer. This vulnerability is referenced as CVE-2026-35542. Remote exploitation of the attack is possible. No exploit is available. It is advisable to upgrade the affected component.

A vulnerability categorized as problematic has been discovered in Roundcube Webmail up to 1.6.13. This issue affects some unknown processing of the component HTML Mail Message Handler. The manipulation results in incorrect resource transfer. This vulnerability is reported as CVE-2026-35540. The attack can be launched remotely. No exploit exists. It is advisable to upgrade the affected component.

A vulnerability classified as problematic has been found in Roundcube Webmail up to 1.5.13/1.6.13. The affected element is an unknown function of the component redis/memcache. Performing a manipulation results in deserialization. This vulnerability was named CVE-2026-35537. The attack may be initiated remotely. There is no available exploit. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Roundcube Webmail up to 1.5.13/1.6.13. This impacts an unknown function of the component IMAP SEARCH Command Argument Handler. The manipulation leads to argument injection. This vulnerability is uniquely identified as CVE-2026-35538. The attack is possible to be carried out remotely. No exploit exists. It is recommended to upgrade the affected component.

Бэкдор в npm собирал учётные данные из Chrome, Edge, Brave.

Researchers Find Frontier Models Defy Humans to Protect AI Peers
Artificial intelligence systems will lie, falsify records and sabotage company systems to prevent their fellow models from being shut down - even when no one told them to care. Researchers at the University of California Berkeley and Santa Cruz campuses dub the behavior "peer-preservation."

Vendor Issues Hotfix for Critical Flaw in FortiClient Endpoint Management Server
Fortinet's endpoint management security server software is under fire from attackers, who are actively targeting two critical flaws, including a fresh zero-day that facilitates unauthenticated remote code or command execution. The vendor has issued a hotfix and promised a full patch.

Internet Intelligence Platform Targets Real-Time Cybethreat Defense
Censys raised $70 million to expand its AI-driven cybersecurity platform, focusing on real-time visibility into internet infrastructure. Co-founder and CEO Zakir Durumeric said faster attacks and evolving tactics require automated defenses powered by high-quality data and global intelligence.

White House Criticizes Cyber Defense Agency - and Proposes a Steep $700 Million Cut
The FY2027 proposal would cut roughly $707 million from CISA, reducing staffing, contractor support and coordination programs while shifting the agency toward a narrower focus on federal networks and critical infrastructure amid rising nation-state cyberthreats.

2026年企业安全重心正向AI安全态势管理（AI-SPM）快速转型。

本次联合跨境执法查封四类核心攻击资源：虚拟云服务器、恶意域名集群、全域攻击调度链路。

Threat actors are exploiting a maximum-severity security flaw in Flowise, an open-source artificial intelligence (AI) platform, according to new findings from VulnCheck. The vulnerability in question is CVE-2025-59528 (CVSS score: 10.0), a code injection vulnerability that could result in remote code execution. "The CustomMCP node allows users to input configuration settings for connecting

Between March 9 and March 11, 2026, attackers had a 48-hour window inside one of the most widely embedded JavaScript libraries on the internet. The […]

The post AppsFlyer SDK Exploited in New Supply Chain Crypto Attack appeared first on Reflectiz.

The post AppsFlyer SDK Exploited in New Supply Chain Crypto Attack appeared first on Security Boulevard.

A vulnerability, which was classified as problematic, was found in Juniper Junos OS on MX/EX9200. Affected by this issue is some unknown functionality of the component UI. Executing a manipulation can lead to unimplemented or unsupported feature in ui. The identification of this vulnerability is CVE-2024-21607. The attack may be launched remotely. There is no exploit available. You should upgrade the affected component.

A vulnerability categorized as problematic has been discovered in AcademySoftwareFoundation OpenEXR up to 3.2.6/3.3.8/3.4.8. This issue affects the function LossyDctDecoder_execute in the library src/lib/OpenEXRCore/internal_dwa_decoder.h of the component EXR File Parser. The manipulation results in incorrect type conversion. This vulnerability is cataloged as CVE-2026-34379. The attack may be launched remotely. There is no exploit available. It is advisable to upgrade the affected component.

A vulnerability marked as critical has been reported in HCL BigFix Platform. This affects an unknown part. The manipulation leads to missing authentication. This vulnerability is referenced as CVE-2026-21767. The attack can only be performed from a local environment. No exploit is available.

A vulnerability, which was classified as critical, has been found in LibRaw up to 0.22.0. This impacts the function HuffTable::initval of the file src/decompressors/losslessjpeg.cpp of the component JPEG DHT Parser. This manipulation of the argument bits[] causes out-of-bounds write. The identification of this vulnerability is CVE-2026-5318. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is advisable to upgrade the affected component.