Aggregator

China may be trying to stem the tide of scams coming out of Southeast Asia, but it seems the cou

Browser extensions are collecting and reselling user data—perfectly legally—and opening up a sle

New StorybyChainwirebyChainwire@chainwireThe world's leading crypto & blockchain press release dist

A vulnerability, which was classified as problematic, has been found in Open5GS up to 2.7.7. This issue affects the function bsf_sess_find_by_ipv6prefix of the file /src/bsf/context.c of the component BSF. This manipulation of the argument ipv6Prefix causes denial of service. The identification of this vulnerability is CVE-2026-7583. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. The project was informed of the problem early through an issue report but has not responded yet.

A vulnerability classified as critical was found in AcademySoftwareFoundation OpenImageIO up to 3.2.0.1-dev. This vulnerability affects unknown code of the file src/dds.imageio/ddsinput.cpp of the component DDS Image Handler. The manipulation results in out-of-bounds write. This vulnerability was named CVE-2026-7582. The attack needs to be approached locally. In addition, an exploit is available. Applying a patch is advised to resolve this issue.

Submit #804322 / VDB-360530

Compare top diagram software in 2026 and see why Wondershare EdrawMax can be a practical choice for fast, template rich, AI supported diagramming.

Submit #803548 / VDB-360529

Combined Platform Spans Dependencies, Extensions, Developer Tools
Socket’s acquisition of Secure Annex extends software supply-chain security beyond open-source dependencies into browser and IDE extensions, addressing AI-driven development risks and fragmented visibility across modern developer workflows.

Bipartisan Deal Funds DHS Components After Record 75-Day Shutdown
The House passed a bipartisan bill funding the Department of Homeland Security, ending a 75-day shutdown that forced the Cybersecurity and Infrastructure Security Agency into a reactive posture and disrupted preventive cyber operations, even as workforce losses and proposed cuts threaten long-term resilience.

Tightening Budgets and AI-Enabled Attacks Stretch State Cyber Defenses
State CISO confidence has collapsed, with just 22% saying their data is protected from cyberthreats. The 2026 NASCIO-Deloitte study points to AI-enabled attacks, third-party vendor risk and the worst budget picture in years as states rethink how they defend public data.

Also, HexDex Arrest, Black Axe Crackdown, LeRobot RCE Flaw
This week, election threats resurfaced. A prolific hacker arrested. Black Axe network disrupted. China-linked disinformation targets Tibet. Exploited ScreenConnect and Windows flaws raise alarms. Minecraft gamers hit with stealer malware. A critical AI framework bug enables remote code execution.

五月繁花盛放，劳动荣光闪耀✨。 值此五一国际劳动节来临之际，向T00ls的每一位朋友致以最诚挚的节日祝福🎉！ 感谢大家在各自岗位上的坚守与付出，也感谢一路以来在论坛中的交流、分享与支持🤝。 每一份努力都值得被看见，每一次奋斗都在成就更好的未来💪。 愿大家在这个属于劳动者的节日里，收获轻松与喜悦，积蓄前行的力量🌈。 祝论坛的朋友们五一劳动节快乐，工作顺利，生活美满，所行皆坦途，所愿皆可期🌹！

A vulnerability classified as problematic has been found in alexta69 MeTube up to 2026.04.09. This affects the function on_prepare of the file app/main.py of the component CORS Policy. The manipulation leads to permissive cross-domain policy with untrusted domains. This vulnerability is uniquely identified as CVE-2026-7581. The attack is possible to be carried out remotely. Moreover, an exploit is present. It is recommended to upgrade the affected component.

Submit #801529 / VDB-360528

Hassan Ud-Deen |Friday, 1 May 2026