Aggregator

Name: Codegate CTF 2026 Preliminary (an Codegate CTF Preliminary event.)
Date: March 28, 2026, midnight — 28 March 2026, 15:00 UTC  [add to calendar]
Format: Jeopardy
On-line
Offical URL: http://ctf.codegate.org/
Rating weight: 62.00
Event organizers: CODEGATE

Author, Creator & Presenter: Maria Khodak, GWAPT

Our thanks to BSidesSLC for publishing their Creators, Authors and Presenter’s outstanding BSidesSLC 2025 content on the Organizations' YouTube Channel.

Permalink

The post BSidesSLC 2025 – Good Models Gone Bad – Visualizing Data Poisoning With Gephi appeared first on Security Boulevard.

Author, Creator & Presenter: Maria Khodak, GWAPT

Our thanks to BSidesSLC for publishing their Creators, Authors and Presenter’s outstanding BSidesSLC 2025 content on the Organizations' YouTube Channel.

Permalink

The post BSidesSLC 2025 – Good Models Gone Bad – Visualizing Data Poisoning With Gephi appeared first on Security Boulevard.

在澳大利亚、丹麦、马来西亚和挪威之后，奥地利也计划严格限制 14 岁以下青少年使用社交媒体，理由是令人上瘾的算法以及对儿童有害的内容。政府计划在 6 月底前完成立法草案，执法和年龄验证细节尚未最终敲定。社会民主党的副总理 Andreas Babler 表示，政府不能袖手旁观，任由社交媒体平台让儿童上瘾以及令儿童受到伤害，他称应该像对待酒精或烟草那样对待社交媒体。

A new info-stealing malware named Infinity Stealer is targeting macOS systems with a Python payload packaged as an executable using the open-source Nuitka compiler. [...]

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a newly disclosed vulnerability affecting F5 BIG-IP systems to its Known Exploited Vulnerabilities (KEV) catalog, warning that the flaw is being actively leveraged in real-world attacks. The vulnerability, tracked as CVE-2025-53521, was officially listed on March 27, 2026, with a remediation deadline of March 30, […]

The post CISA Warns of F5 BIG-IP Vulnerability Actively Exploited in Attacks appeared first on Cyber Security News.

Теперь за скрытое влияние придётся отвечать всерьёз.

A vulnerability was found in Crocoblock JetEngine Plugin up to 3.8.6.1 on WordPress and classified as critical. This issue affects the function prepare_where_clause of the component AJAX Action Handler. Such manipulation of the argument filtered_query leads to sql injection. This vulnerability is traded as CVE-2026-4662. The attack may be launched remotely. There is no exploit available. It is suggested to upgrade the affected component.

A vulnerability labeled as critical has been found in dendibakh perf-ninja. Affected is an unknown function of the component labs/misc/pgo/lua. Such manipulation leads to code injection. This vulnerability is referenced as CVE-2026-4745. It is possible to launch the attack remotely. No exploit is available. It is best practice to apply a patch to resolve this issue.

A vulnerability classified as critical has been found in Galaxy Software Services Vitals ESP up to 6.3. This affects an unknown part. The manipulation leads to missing authentication. This vulnerability is listed as CVE-2026-4640. The attack may be initiated remotely. There is no available exploit.

A vulnerability has been found in timeplus-io proton up to 1.6.15 and classified as critical. The affected element is an unknown function of the file base/poco/Foundation/src‎. Performing a manipulation results in out-of-bounds write. This vulnerability is reported as CVE-2026-4746. The attack is possible to be carried out remotely. No exploit exists. The affected component should be upgraded.

A vulnerability was found in linkingvision rapidvms up to PR#95. It has been rated as critical. Affected is an unknown function. This manipulation causes memory corruption. This vulnerability is handled as CVE-2026-33849. The attack can be initiated remotely. There is not any exploit available. It is suggested to install a patch to address this issue.

A vulnerability identified as critical has been detected in joncampbell123 doslib 20250729. Affected by this issue is some unknown functionality. Performing a manipulation results in memory corruption. This vulnerability was named CVE-2026-33851. The attack needs to be approached locally. There is no available exploit. You should upgrade the affected component.

A vulnerability marked as critical has been reported in WujekFoliarz DualSenseY-v2 up to 53. This vulnerability affects unknown code. The manipulation leads to out-of-bounds write. This vulnerability is referenced as CVE-2026-33850. The attack can only be performed from a local environment. No exploit is available. It is suggested to upgrade the affected component.

A vulnerability described as critical has been identified in linkingvision rapidvms. This issue affects some unknown processing. The manipulation results in memory corruption. This vulnerability is identified as CVE-2026-33848. The attack can be executed remotely. There is not any exploit available. It is best practice to apply a patch to resolve this issue.

A vulnerability classified as critical has been found in MolotovCherry Android-ImageMagick7. Impacted is an unknown function. This manipulation causes out-of-bounds write. This vulnerability is tracked as CVE-2026-33854. The attack is possible to be carried out remotely. No exploit exists. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in linkingvision rapidvms up to PR#95. The affected element is an unknown function. Such manipulation leads to memory corruption. This vulnerability is listed as CVE-2026-33847. The attack must be carried out locally. There is no available exploit. Applying a patch is advised to resolve this issue.

A vulnerability, which was classified as problematic, was found in MolotovCherry Android-ImageMagick7. This affects an unknown function. Executing a manipulation can lead to null pointer dereference. This vulnerability is registered as CVE-2026-33853. It is possible to launch the attack remotely. No exploit is available. You should upgrade the affected component.

A vulnerability has been found in MolotovCherry Android-ImageMagick7 up to 7.1.2-10 and classified as problematic. This impacts an unknown function. The manipulation leads to integer overflow. This vulnerability is documented as CVE-2026-33855. The attack can be initiated remotely. There is not any exploit available. The affected component should be upgraded.