Aggregator
Veeam security advisory (AV26-694)
Treasury sanctions First VPN Service, others for abetting ransomware gangs
The designations hit 1VPNS, its alleged Ukrainian administrator and a Belarusian who allegedly sold “cryptors” to disguise ransomware and other malware.
The post Treasury sanctions First VPN Service, others for abetting ransomware gangs appeared first on CyberScoop.
Submit #856634: mastergo-design mastergo-magic-mcp 0.2.0 Improper Access Control [Accepted]
Submit #856633: mastergo-design mastergo-magic-mcp 0.2.0 Server-Side Request Forgery [Accepted]
Submit #856632: mastergo-design mastergo-magic-mcp 0.2.0 Information Disclosure [Accepted]
FortiSandbox Vulnerability Allows Attackers to Access VNC Servers of VMs
Fortinet has disclosed a high-severity vulnerability in FortiSandbox that could allow unauthenticated attackers to access the VNC servers of virtual machines used for malware scanning. Tracked as CVE-2026-59835, the flaw is classified as an Exposure of Resource to Wrong Sphere issue (CWE-668) and carries a CVSSv3 score of 7.7, indicating high severity. The bug allows […]
The post FortiSandbox Vulnerability Allows Attackers to Access VNC Servers of VMs appeared first on Cyber Security News.
LastPass, Bitwarden users targeted with fake security alerts
AsyncAPI npm Packages With 2M Weekly Downloads Compromised via GitHub Actions
A supply chain compromise has placed AsyncAPI npm packages at the center of a developer security incident. Five trojanized releases, with roughly 2.9 million combined weekly downloads, were published after an attacker gained access to an npm publishing token. The incident creates risk for development workstations, build servers, and environments that loaded the affected modules. […]
The post AsyncAPI npm Packages With 2M Weekly Downloads Compromised via GitHub Actions appeared first on Cyber Security News.
DragonForce
You must login to view this content
DragonForce
You must login to view this content
US: Pentagon Suspends CMMC Phase II Requirements for Defense Contractors
DragonForce
You must login to view this content
DragonForce
You must login to view this content
DragonForce
You must login to view this content
DragonForce
You must login to view this content
DragonForce
You must login to view this content
微软认证的UEFI引导程序,反倒成了绕过安全启动的捷径
微软承诺大幅改进 Windows 11 的搜索功能
Miasma Turns Trusted npm Packages Into Persistent Backdoors for Developer Machines
Miasma has returned through software packages that many developers would normally trust. Four AsyncAPI packages on npm were altered to deliver a Miasma v3 payload, creating a route for long-term remote access. The campaign does not depend on malware running when a package is installed. Instead, hidden code activates when an application, generator, or build […]
The post Miasma Turns Trusted npm Packages Into Persistent Backdoors for Developer Machines appeared first on Cyber Security News.