Aggregator
Fortinet security advisory (AV26-351) – Update 1
SimpleHelp RMM flaw could give attackers full access to managed endpoints (CVE-2026-48558)
A critical vulnerability (CVE-2026-48558) in SimpleHelp, a popular remote monitoring and management (RMM) tool, can be exploited remotely by unauthenticated attackers to create a new “Technician” account and use it to remote into managed endpoints, execute scripts, and more. Maliciously “forged” Technician account (Source: Horizon3.ai) The vulnerability CVE-2026-48558 is an authentication bypass flaw affecting SimpleHelp deployments configured to use OpenID Connect (OIDC) authentication. “Even when the SimpleHelp server is configured to enforce MFA for technicians, … More →
The post SimpleHelp RMM flaw could give attackers full access to managed endpoints (CVE-2026-48558) appeared first on Help Net Security.
Семь месяцев воровали ключи от AWS — и сами оказались жертвой майнера и вымогателей. Карма работает
G.O.S.S.I.P 阅读推荐 2026-06-16 二十年目睹SMM之怪现状
四川大学 | Darkflow:高性能暗网流量特征提取工具
Rokarolla Trojan Combines Banking Fraud With Device Surveillance
New Rokarolla Android Malware Steals PINs, SMS Codes, and Crypto Wallet Funds
CVE-2026-8176 | LatePoint Plugin up to 5.5.1 on WordPress privileges management (EUVD-2026-37060)
CVE-2026-8442 | WP Review Slider Pro Plugin up to 12.6.8 on WordPress AJAX wpfb_hidereview_ajax path traversal (EUVD-2026-37061)
CVE-2026-10829 | Moxa NPort W2150A-W4/W2250A-W4/NPort W2150A/W2250A up to 1.5 Web Service stack-based overflow (EUVD-2026-37063)
CVE-2026-10828 | Moxa NPort W2150A-W4/W2250A-W4/NPort W2150A/W2250A up to 1.5 Web Service alias format string (EUVD-2026-37062)
CVE-2026-8484 | FuseSource jansi up to 2.4.3 ioctl heap-based overflow (EUVD-2026-37064)
CVE-2026-40750 | themagnifico52 Kids Online Store Plugin up to 0.8.9 on WordPress unrestricted upload (EUVD-2026-37065)
CVE-2026-12225 | Syracom Secure Login for Jira prior 3.5.0.0 authentication bypass (EUVD-2026-37066)
10 лет вы вводили пароль — и хакер на том конце читал его в реальном времени
AppViewX extends machine identity security to AI agents and post-quantum environments
AppViewX has announced Agent Identity Security, a new product within the AppViewX platform that discovers, governs, secures, and monitors AI agents across the entire enterprise. Agent Identity Security extends AppViewX’s platform, built on a decade of machine identity and PKI expertise, into AI agent security, giving CISOs and their teams a single control plane for every machine and agent identity in their environment. The converging threats: Agentic AI and quantum computing Two megatrends are colliding … More →
The post AppViewX extends machine identity security to AI agents and post-quantum environments appeared first on Help Net Security.