Aggregator

Microsoft Warns of WhatsApp-Delivered VBS Malware Hijacking Windows via UAC Bypass

The Hackers News
2 weeks 2 days ago
Microsoft is calling attention to a new campaign that has leveraged WhatsApp messages to distribute malicious Visual Basic Script (VBS) files. The activity, beginning in late February 2026, leverages these scripts to initiate a multi-stage infection chain for establishing persistence and enabling remote access. It's currently not known what lures the threat actors use to trick users into
The Hacker News

CVE-2026-5334 | itsourcecode Online Enrollment System 1.0 Parameter index.php?view=edit&id=3 deptid sql injection

VulDB Recent Entries
2 weeks 2 days ago
A vulnerability was found in itsourcecode Online Enrollment System 1.0. It has been classified as critical. Impacted is an unknown function of the file /enrollment/index.php?view=edit&id=3 of the component Parameter Handler. This manipulation of the argument deptid causes sql injection. This vulnerability is tracked as CVE-2026-5334. The attack is possible to be carried out remotely. Moreover, an exploit is present.
vuldb.com

CVE-2026-5333 | DefaultFuction Content-Management-System 1.0 /admin/tools.php host command injection

VulDB Recent Entries
2 weeks 2 days ago
A vulnerability was found in DefaultFuction Content-Management-System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/tools.php. The manipulation of the argument host results in command injection. This vulnerability is identified as CVE-2026-5333. The attack can be executed remotely. Additionally, an exploit exists.
vuldb.com

CVE-2026-5332 | Xiaopi Panel 1.0.0 WAF Firewall /demo.php param cross site scripting

VulDB Recent Entries
2 weeks 2 days ago
A vulnerability has been found in Xiaopi Panel 1.0.0 and classified as problematic. This vulnerability affects unknown code of the file /demo.php of the component WAF Firewall. The manipulation of the argument param leads to cross site scripting. This vulnerability is referenced as CVE-2026-5332. Remote exploitation of the attack is possible. Furthermore, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

Managed ad