Aggregator

StealC malware control panel flaw leaks details on active attacker

Security Affairs
5 months ago
Researchers uncovered an XSS flaw in StealC malware’s control panel, exposing key details about a threat actor using the info stealer. StealC is an infostealer that has been active since at least 2023, sold as Malware-as-a-Service to steal cookies and passwords. In 2025, its operators released StealC v2, but the web panel quickly leaked and […]
Pierluigi Paganini

Real-time Threat Intelligence: Empowering Proactive Cybersecurity with Seceon

Security Boulevard
5 months ago

As businesses continue their digital transformation journeys, they are exposed to an ever-expanding attack surface. With the proliferation of cloud environments, remote work, and the increasing use of IoT devices, the complexity of cybersecurity threats has intensified. In this fast-evolving landscape, traditional security tools—based on signatures and static rule-based methods—are no longer sufficient. Organizations need

The post Real-time Threat Intelligence: Empowering Proactive Cybersecurity with Seceon appeared first on Seceon Inc.

The post Real-time Threat Intelligence: Empowering Proactive Cybersecurity with Seceon appeared first on Security Boulevard.

Pushpendra Mishra

CVE-2026-1197 | MineAdmin 1.x/2.x /system/downloadById ID information disclosure

VulDB Recent Entries
5 months ago
A vulnerability classified as problematic has been found in MineAdmin 1.x/2.x. Affected by this vulnerability is an unknown functionality of the file /system/downloadById. Performing a manipulation of the argument ID results in information disclosure. This vulnerability is identified as CVE-2026-1197. The attack can be initiated remotely. Additionally, an exploit exists. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

CVE-2026-1196 | MineAdmin 1.x/2.x /system/getFileInfoById ID information disclosure

VulDB Recent Entries
5 months ago
A vulnerability described as problematic has been identified in MineAdmin 1.x/2.x. Affected is an unknown function of the file /system/getFileInfoById. Such manipulation of the argument ID leads to information disclosure. This vulnerability is referenced as CVE-2026-1196. It is possible to launch the attack remotely. Furthermore, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

CVE-2026-1195 | MineAdmin 1.x/2.x JWT Token /system/refresh data authenticity

VulDB Recent Entries
5 months ago
A vulnerability marked as critical has been reported in MineAdmin 1.x/2.x. This impacts the function refresh of the file /system/refresh of the component JWT Token Handler. This manipulation causes insufficient verification of data authenticity. The identification of this vulnerability is CVE-2026-1195. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

CVE-2026-1194 | MineAdmin 1.x/2.x Swagger information disclosure

VulDB Recent Entries
5 months ago
A vulnerability labeled as problematic has been found in MineAdmin 1.x/2.x. This affects an unknown function of the component Swagger. The manipulation results in information disclosure. This vulnerability was named CVE-2026-1194. The attack may be performed from remote. In addition, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

CVE-2026-1193 | MineAdmin 1.x/2.x View Interface /system/cache/view improper authorization

VulDB Recent Entries
5 months ago
A vulnerability identified as critical has been detected in MineAdmin 1.x/2.x. The impacted element is an unknown function of the file /system/cache/view of the component View Interface. The manipulation leads to improper authorization. This vulnerability is uniquely identified as CVE-2026-1193. The attack is possible to be carried out remotely. Moreover, an exploit is present. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

英伟达被控主动联络安娜的档案以高速下载盗版书库

Solidot
5 months ago
英伟达除了供应 AI 芯片外,还开发了自己的大模型,如 NeMo、Retro-48B、InstructRetro 和 Megatron。那么这些大模型的训练数据来自何处?图书作者指控英伟达使用盗版书库训练模型。上周五原告修改了诉状,指控英伟达使用了影子图书馆“安娜的档案(Anna’s Archive)”收集的盗版电子书库。诉状援引英伟达内部邮件和文件称,英伟达员工主动联系“安娜的档案”,询问该影子图书馆提供的付费“高速访问”是什么意思。安娜的档案要求英伟达管理层内部批准之后它才会提供该服务。英伟达据报道在一周内批准了这一要求,安娜的档案随后提供了 500 TB 电子书的高速访问。英伟达还被控从 LibGen、Sci-Hub 和 Z-Library 下载书籍。

Fake browser crash alerts turn Chrome extension into enterprise backdoor

Help Net Security
5 months ago

Browser extensions are a high-risk attack vector for enterprises, allowing threat actors to bypass traditional security controls and gain a foothold on corporate endpoints. Case in point: A recently identified malicious extension called NexShield proves that a single user install from an official and nominally safe online marketplace can escalate into full remote access. Huntress researchers found that it downloads a previously undocumented Windows remote access trojan (RAT) onto domain-joined machines, which are “typically corporate … More →

The post Fake browser crash alerts turn Chrome extension into enterprise backdoor appeared first on Help Net Security.

Zeljka Zorz

Managed ad