Aggregator

A vulnerability has been found in Qualcomm Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon WBC and Snapdragon Wearables and classified as critical. This affects an unknown function. Performing a manipulation results in buffer over-read. This vulnerability is reported as CVE-2025-59600. The attack requires a local approach. No exploit exists. The affected component should be upgraded.

A vulnerability labeled as problematic has been found in Unisoc T8100, T9100, T8200 and T8300. This vulnerability affects unknown code of the component nr Modem. Such manipulation leads to denial of service. This vulnerability is traded as CVE-2025-61613. The attack may be launched remotely. There is no exploit available.

A vulnerability identified as problematic has been detected in Unisoc T7300, T8100, T9100, T8200 and T8300. This affects an unknown part of the component nr Modem. This manipulation causes denial of service. This vulnerability appears as CVE-2025-61612. The attack may be initiated remotely. There is no available exploit.

A vulnerability, which was classified as critical, has been found in Imagination Graphics DDK up to 25.1 RTM1/25.2 RTM1. Affected is an unknown function. This manipulation causes time-of-check time-of-use. This vulnerability appears as CVE-2025-58407. The attacker needs to be present on the local network. There is no available exploit. It is advisable to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Google Android 16/16-qpr2. This vulnerability affects the function onStart of the file CompanionDeviceManagerService.java. The manipulation leads to Local Privilege Escalation. This vulnerability is documented as CVE-2025-48654. The attack needs to be performed locally. There is not any exploit available. Applying a patch is the recommended action to fix this issue.

A vulnerability classified as critical has been found in Imagination Technologies Graphics DDK up to 1.15 RTM/1.17 RTM/1.18 RTM/25.2 RTM2. This issue affects some unknown processing. Performing a manipulation results in use after free. This vulnerability was named CVE-2025-58408. The attack needs to be approached within the local network. There is no available exploit. It is recommended to upgrade the affected component.

A vulnerability has been found in welovemedia FFmate up to 2.0.15 and classified as critical. This vulnerability affects the function Execute of the file /internal/service/ffmpeg/ffmpeg.go. The manipulation leads to argument injection. This vulnerability is listed as CVE-2026-3682. The attack may be initiated remotely. In addition, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in bufanyun HotGo up to 2.0 and classified as critical. This issue affects the function ImageTransferStorage of the file /server/internal/logic/common/upload.go of the component Endpoint. The manipulation results in server-side request forgery. This vulnerability is cataloged as CVE-2026-3683. The attack may be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in xuxueli xxl-job up to 3.3.2 and classified as critical. This impacts an unknown function of the file source-code/src/main/java/com/xxl/job/admin/controller/JobInfoController.java. The manipulation results in server-side request forgery. This vulnerability is known as CVE-2026-3733. It is possible to launch the attack remotely. Furthermore, an exploit is available. The project maintainer closed the issue report with the following statement: "Access token security verification is required." (translated from Chinese)

A vulnerability was found in SourceCodester Client Database Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /fetch_manager_details.php of the component Endpoint. This manipulation of the argument manager_id causes improper authorization. This vulnerability is handled as CVE-2026-3734. The attack can be initiated remotely. Additionally, an exploit exists.

A vulnerability was found in code-projects Simple Flight Ticket Booking System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file SearchResultOneway.php. Such manipulation of the argument from leads to sql injection. This vulnerability is uniquely identified as CVE-2026-3735. The attack can be launched remotely. Moreover, an exploit is present.

A vulnerability was found in code-projects Simple Flight Ticket Booking System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file SearchResultRoundtrip.php. Performing a manipulation of the argument from results in sql injection. This vulnerability was named CVE-2026-3736. The attack may be initiated remotely. In addition, an exploit is available.

A vulnerability has been found in Tenda F453 1.0.0.3 and classified as critical. This affects the function strcpy of the file /goform/exeCommand. The manipulation of the argument cmdinput leads to stack-based buffer overflow. This vulnerability is traded as CVE-2026-3732. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

Russian state-sponsored hackers have been linked to an ongoing Signal and WhatsApp phishing campaign targeting government officials, military personnel, and journalists to gain access to sensitive messages. [...]

In a seven-page strategy document, the Trump administration signaled a shift to preemption and deterrence to handling cyber threats.

Team Awareness Kit (TAK) and its Android variant, the Android Tactical Assault Kit (ATAK), are situational awareness platforms used across the military—dismounted infantry, vehicle commanders, air crews, SOF operators. If you need a common operating picture in the field, TAK is probably running somewhere in your stack. But there’s a problem that’s easy to overlook...

The post Secure Identity for TAK/ATAK at the Tactical Edge appeared first on Strata.io.

The post Secure Identity for TAK/ATAK at the Tactical Edge appeared first on Security Boulevard.

The FBI warns of phishing attacks where crooks impersonate U.S. city and county officials to target people requesting planning and zoning permits. The FBI warns that scammers are impersonating U.S. city and county officials in phishing campaigns targeting businesses and individuals applying for planning or zoning permits. Using publicly available information, attackers craft messages that […]

Salesforce GraphQL exploit exposed misconfigured guest data in Experience Cloud. Learn how it happened and how to prevent exposure.

The post What is the Salesforce GraphQL Exploit and What You Should Do appeared first on AppOmni.

The post What is the Salesforce GraphQL Exploit and What You Should Do appeared first on Security Boulevard.

A practitioner's breakdown of AEO, GEO, and AIO. Learn where these terms originated, how they differ from traditional SEO, and how B2B companies use them to generate leads and grow revenue in 2026.

The post AEO vs GEO vs AIO: What These Terms Actually Mean and Why Your Business Needs to Care appeared first on Security Boulevard.

A fresh cyberattack campaign blends malvertising with a ClickFix-style technique that highlights risky behavior with AI coding assistants and command-line interfaces.