Aggregator
Kettering Health Notifying Patients of Interlock Breach
4 months 1 week ago
Cybercrime Group First Listed Ohio Health System as a Data Theft Victim Last June
Ohio-based Kettering Health is notifying current and former patients and "affiliates" that their personal, health and financial information was potentially compromised in a May 2025 ransomware attack and data theft incident claimed by cybercriminal gang Interlock.
Ohio-based Kettering Health is notifying current and former patients and "affiliates" that their personal, health and financial information was potentially compromised in a May 2025 ransomware attack and data theft incident claimed by cybercriminal gang Interlock.
Is Your GRC Program Really Reducing Risk?
4 months 1 week ago
CISO Sean Atkinson on Moving From 'GRC Theater' to Continuous GRC Engineering
As NIST, ISO, SOC 2, NIS2 and DORA expand compliance pressure, many organizations are optimizing for audit success instead of risk reduction. Sean Atkinson warns that “GRC theater” creates false confidence. Adversaries operate continuously and so should GRC engineering, he said.
As NIST, ISO, SOC 2, NIS2 and DORA expand compliance pressure, many organizations are optimizing for audit success instead of risk reduction. Sean Atkinson warns that “GRC theater” creates false confidence. Adversaries operate continuously and so should GRC engineering, he said.
Cyber Startups to Take Innovation Spotlight at RSAC 2026
4 months 1 week ago
As Innovation Sandbox Turns 21, AI-Based Solutions Dominate Annual Contest
Next month in San Francisco, the Innovation Sandbox at RSAC Conference will celebrate its 21st year of choosing key emerging solutions in cybersecurity. Past winners and finalists range from EDR and XDR giant SentinelOne in 2014 to cloud security phenom Wiz in 2021.
Next month in San Francisco, the Innovation Sandbox at RSAC Conference will celebrate its 21st year of choosing key emerging solutions in cybersecurity. Past winners and finalists range from EDR and XDR giant SentinelOne in 2014 to cloud security phenom Wiz in 2021.
GitGuardian Doubles Down on AI Agent Defense With $50M Raise
4 months 1 week ago
Series C Funding Round Focuses on Secrets Remediation, Agent Governance Expansion
Backed by a $50 million Series C, GitGuardian plans to accelerate U.S. expansion and enhance secrets detection remediation and non-human identity controls as AI agents multiply across enterprises, increasing exposure to credential abuse and lateral movement.
Backed by a $50 million Series C, GitGuardian plans to accelerate U.S. expansion and enhance secrets detection remediation and non-human identity controls as AI agents multiply across enterprises, increasing exposure to credential abuse and lateral movement.
CVE-2026-24135 | Gogs up to 0.13.3 updateWikiPage old_title path traversal (GHSA-jp7c-wj6q-3qf2 / WID-SEC-2026-0338)
4 months 1 week ago
A vulnerability marked as critical has been reported in Gogs up to 0.13.3. Affected by this issue is the function updateWikiPage. This manipulation of the argument old_title causes path traversal.
The identification of this vulnerability is CVE-2026-24135. It is possible to initiate the attack remotely. There is no exploit available.
It is suggested to upgrade the affected component.
vuldb.com
CVE-2025-63354 | Hitron HI3120 7.2.4.5.2b1 Parental Control Option cross site scripting
4 months 1 week ago
A vulnerability marked as problematic has been reported in Hitron HI3120 7.2.4.5.2b1. The affected element is an unknown function of the component Parental Control Option. The manipulation leads to cross site scripting.
This vulnerability is traded as CVE-2025-63354. It is possible to initiate the attack remotely. There is no exploit available.
vuldb.com
CVE-2026-25480 | litestar-org litestar up to 2.19.x ord unicode encoding
4 months 1 week ago
A vulnerability was found in litestar-org litestar up to 2.19.x. It has been classified as critical. The affected element is the function ord. Performing a manipulation results in improper handling of unicode encoding.
This vulnerability is identified as CVE-2026-25480. The attack can be initiated remotely. There is not any exploit available.
Upgrading the affected component is recommended.
vuldb.com
CVE-2026-25478 | litestar-org litestar up to 2.19.x fullmatch cross-domain policy (GHSA-2p2x-hpg8-cqp2)
4 months 1 week ago
A vulnerability marked as problematic has been reported in litestar-org litestar up to 2.19.x. Affected by this issue is the function fullmatch. Performing a manipulation results in permissive cross-domain policy with untrusted domains.
This vulnerability is reported as CVE-2026-25478. The attack is possible to be carried out remotely. No exploit exists.
It is suggested to upgrade the affected component.
vuldb.com
CVE-2026-25479 | litestar-org litestar up to 2.19.x litestar.middleware.allowed_hosts incorrect regex (GHSA-93ph-p7v4-hwh4)
4 months 1 week ago
A vulnerability classified as critical has been found in litestar-org litestar up to 2.19.x. This vulnerability affects the function litestar.middleware.allowed_hosts. The manipulation leads to incorrect regular expression.
This vulnerability is traded as CVE-2026-25479. It is possible to initiate the attack remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2026-2258 | aardappel lobster up to 2025.4 dev/src/lobster/wfc.h WaveFunctionCollapse memory corruption (Issue 395 / CNNVD-202602-1713)
4 months 1 week ago
A vulnerability, which was classified as problematic, was found in aardappel lobster up to 2025.4. Affected by this vulnerability is the function WaveFunctionCollapse in the library dev/src/lobster/wfc.h. Executing a manipulation can lead to memory corruption.
The identification of this vulnerability is CVE-2026-2258. The attack can only be executed locally. Furthermore, there is an exploit available.
It is advisable to implement a patch to correct this issue.
vuldb.com
CVE-2026-2200 | heyewei JFinalCMS 5.0.0 API Endpoint /admin/admin/save cross site scripting (CNNVD-202602-1397)
4 months 1 week ago
A vulnerability described as problematic has been identified in heyewei JFinalCMS 5.0.0. This affects an unknown function of the file /admin/admin/save of the component API Endpoint. Executing a manipulation can lead to cross site scripting.
This vulnerability is tracked as CVE-2026-2200. The attack can be launched remotely. Moreover, an exploit is present.
vuldb.com
CVE-2026-2146 | guchengwuyue yshopmall up to 1.9.1 co.yixiang.utils.FileUtil /api/users/updateAvatar File unrestricted upload (Issue 40 / EUVD-2026-5803)
4 months 1 week ago
A vulnerability classified as critical has been found in guchengwuyue yshopmall up to 1.9.1. This affects the function updateAvatar of the file /api/users/updateAvatar of the component co.yixiang.utils.FileUtil. Performing a manipulation of the argument File results in unrestricted upload.
This vulnerability is reported as CVE-2026-2146. The attack is possible to be carried out remotely. Moreover, an exploit is present.
The project was informed of the problem early through an issue report but has not responded yet.
vuldb.com
CVE-2026-25635 | kovidgoyal calibre up to 9.1.x CHM Reader path traversal (EUVD-2026-5596 / Nessus ID 298303)
4 months 1 week ago
A vulnerability was found in kovidgoyal calibre up to 9.1.x. It has been classified as critical. This issue affects some unknown processing of the component CHM Reader. This manipulation causes path traversal.
This vulnerability is registered as CVE-2026-25635. Remote exploitation of the attack is possible. No exploit is available.
Upgrading the affected component is recommended.
vuldb.com
CVE-2026-25636 | kovidgoyal calibre up to 9.1.x EPUB File Parser META-INF/encryption.xml path traversal (EUVD-2026-5597 / Nessus ID 298302)
4 months 1 week ago
A vulnerability was found in kovidgoyal calibre up to 9.1.x. It has been rated as critical. The affected element is an unknown function of the file META-INF/encryption.xml of the component EPUB File Parser. Performing a manipulation results in path traversal.
This vulnerability is reported as CVE-2026-25636. The attack is possible to be carried out remotely. No exploit exists.
Upgrading the affected component is advised.
vuldb.com
CVE-2026-25731 | kovidgoyal calibre up to 9.1.x Templite Templating Engine special elements used in a template engine (EUVD-2026-5573 / Nessus ID 298306)
4 months 1 week ago
A vulnerability was found in kovidgoyal calibre up to 9.1.x. It has been declared as critical. Impacted is an unknown function of the component Templite Templating Engine. Such manipulation leads to improper neutralization of special elements used in a template engine.
This vulnerability is documented as CVE-2026-25731. The attack can be executed remotely. There is not any exploit available.
It is recommended to upgrade the affected component.
vuldb.com
California Fines Disney $2.75 Million in Record CCPA Case
4 months 1 week ago
California regulators have issued their largest penalty yet under the California Consumer Privacy Act, announcing a $2.75 million settlement with The Walt Disney Company after investigators found that consumer opt-out requests were not consistently honored across devices and streaming platforms. The case centers on a straightforward expectation that is becoming harder for companies to meet: […]
The post California Fines Disney $2.75 Million in Record CCPA Case appeared first on Centraleyes.
The post California Fines Disney $2.75 Million in Record CCPA Case appeared first on Security Boulevard.
Rebecca Kappel
SLH
4 months 1 week ago
You must login to view this content
cohenido
Singapore & Its 4 Major Telcos Fend Off Chinese Hackers
4 months 1 week ago
After detecting a zero-day attack, the country's effective response was attributed to the tight relationship between its government and private industry.
Robert Lemos
DigitStealer Gains Attention as macOS-Targeting Infostealer Exposes Key Infrastructure Weaknesses
4 months 1 week ago
DigitStealer, a sophisticated information-stealing malware targeting macOS systems, has recently surged in activity, drawing significant attention from the cybersecurity community. First emerging in late 2025, this malicious software specifically targets Apple M2 devices, distinguishing itself from generic threats. It operates primarily by harvesting sensitive user data, including information from 18 different cryptocurrency wallets, browser data, […]
The post DigitStealer Gains Attention as macOS-Targeting Infostealer Exposes Key Infrastructure Weaknesses appeared first on Cyber Security News.
Tushar Subhra Dutta