Aggregator

A vulnerability categorized as critical has been discovered in Cesanta Mongoose up to 7.20. This affects the function mg_tls_recv_cert of the file mongoose.c of the component TLS 1.3 Handler. Such manipulation of the argument pubkey leads to heap-based buffer overflow. This vulnerability is traded as CVE-2026-5244. The attack may be launched remotely. Furthermore, there is an exploit available. It is advisable to upgrade the affected component. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.

A nascent zero-day vulnerability has been unearthed within the Chrome browser, already subject to active weaponization in the

The post Google Issues Emergency Patch for Actively Exploited Chrome Zero-Day appeared first on Penetration Testing Tools.

The forfeiture of all personal archives to the machinations of ransomware is a calamity that still transpires with

The post The Fourteen-Fold Shield: How Google Drive’s New AI Detection Paralyzes Ransomware appeared first on Penetration Testing Tools.

A cyber offensive targeting one of the preeminent information technology conglomerates originated from a seemingly mundane instrument for

The post The DevSecOps Paradox: How the TeamPCP Supply Chain Attack Turned Cisco’s Security Tools Into Trojan Horses appeared first on Penetration Testing Tools.

Submit #786219 / VDB-354228

当软件的第一用户变成 Agent。

带着 Seedance 2.0 和 ArkClaw 两件新武器，火山引擎开始席卷 MaaS 市场。

Submit #770104 / VDB-354827

Submit #770103 / VDB-354826

Submit #770063 / VDB-354825

A solitary click upon a purported “error rectification” within a browser may precipitate the absolute compromise of a

The post The Invisible Hijack: How AI-Powered “DeepLoad” Malware Vanishes into Your Lock Screen appeared first on Penetration Testing Tools.

A vulnerability, which was classified as problematic, was found in itsourcecode Payroll Management System up to 1.0. Affected is an unknown function of the file /navbar.php. Such manipulation of the argument page leads to cross site scripting. This vulnerability is referenced as CVE-2026-5319. It is possible to launch the attack remotely. Furthermore, an exploit is available.

A vulnerability has been found in vanna-ai vanna up to 2.0.2 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /api/vanna/v2/ of the component Chat API Endpoint. Performing a manipulation results in missing authentication. This vulnerability is identified as CVE-2026-5320. The attack can be initiated remotely. Additionally, an exploit exists. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in vanna-ai vanna up to 2.0.2 and classified as critical. Affected by this issue is some unknown functionality of the component FastAPI/Flask Server. Executing a manipulation can lead to permissive cross-domain policy with untrusted domains. This vulnerability is tracked as CVE-2026-5321. The attack can be launched remotely. Moreover, an exploit is present. The vendor was contacted early about this disclosure but did not respond in any way.

WhatsApp blocked a fake app by Italian firm SIO/Asigint that targeted 200 users with spyware, urging them to reinstall the official app. WhatsApp has recently uncovered a malicious fake version of its app that targeted roughly 200 users, most of whom are in Italy. The platform confirmed that the unofficial client contained spyware and was […]

The architectural frailty within Citrix networking apparatuses, which until recently was characterized merely as a latent peril, is

The post The New CitrixBleed: Critical CVE-2026-3055 Under Active Attack to Hijack Admin Sessions appeared first on Penetration Testing Tools.

A computational architecture may fall under alien subjugation due to a ubiquitous utility pre-installed “from the factory.” A

The post Critical 9.2 Flaw in Gigabyte Control Center Grants Remote Access appeared first on Penetration Testing Tools.

A vulnerability was found in Spam Protect for Contact Form 7 Plugin up to 1.2.9 on WordPress. It has been rated as critical. The impacted element is an unknown function. This manipulation causes code injection. This vulnerability appears as CVE-2026-1540. The attack may be initiated remotely. There is no available exploit. Upgrading the affected component is advised.

Питерский оператор включил расходы на ТСПУ для блокировки сайтов в структуру тарифов.

开发 LibreOffice 项目的基金会 The Document Foundation 与其主要商业合作伙伴 Collabora 之间的紧张关系在加剧：基金会取消了 Collabora 员工的会员资格，而这些员工是项目的核心开发者。LibreOffice 项目可能像它的前身 OpenOffice 那样面临分裂。The Document Foundation 官方博客称，最近批准的社区规章（Community Bylaws）要求移除与基金会存在法律纠纷的企业的员工的会员资格，原因是存在利益冲突，它希望避免进一步争论谁应该承担责任。基金会表示它在雇佣开发者，称其收到的捐款在增加。