Storm Brews Over Critical, No-Click Telegram Flaw
The vulnerability, which is allegedly triggered by a corrupted sticker in the messaging app, received a 9.8 CVSS score, but Telegram denies it exists.
Aggregator
Cybercriminals Exploit Tax Season With New Phishing Tactics
4 days 7 hours ago
Tax-season phishing floods deliver RMM malware, credential theft, BEC and tax-form scams
BSidesSLC 2025 – Start – Recon – Exploit: A Framework for Desktop App Pentesting
4 days 7 hours ago
Author, Creator & Presenter: Santiago Gimenez Ocano & Ryan Syed Security Engineers At Praetorian
Our thanks to BSidesSLC for publishing their Creators, Authors and Presenter’s outstanding BSidesSLC 2025 content on the Organizations' YouTube Channel.
The post BSidesSLC 2025 – Start – Recon – Exploit: A Framework for Desktop App Pentesting appeared first on Security Boulevard.
Marc Handelman
Dell security advisory (AV26-295)
4 days 7 hours ago
Canadian Centre for Cyber Security
Apache ActiveMQ漏洞导致LockBit勒索软件攻击事件分析
4 days 7 hours ago
Apache ActiveMQ漏洞导致LockBit勒索软件攻击
CVE-2026-28528 | BlueKitchen BTstack up to 1.8.0 AVRCP Browsing Target attr_id out-of-bounds (EUVD-2026-17089)
4 days 8 hours ago
A vulnerability was found in BlueKitchen BTstack up to 1.8.0. It has been declared as problematic. This vulnerability affects unknown code of the component AVRCP Browsing Target Handler. The manipulation of the argument attr_id results in out-of-bounds read.
This vulnerability is reported as CVE-2026-28528. The attacker must have access to the local network to execute the attack. No exploit exists.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2026-28527 | BlueKitchen BTstack up to 1.8.0 AVRCP Controller out-of-bounds (EUVD-2026-17087)
4 days 8 hours ago
A vulnerability was found in BlueKitchen BTstack up to 1.8.0. It has been classified as problematic. This affects the function GET_PLAYER_APPLICATION_SETTING_ATTRIBUTE_TEXT/GET_PLAYER_APPLICATION_SETTING_VALUE_TEXT of the component AVRCP Controller. The manipulation leads to out-of-bounds read.
This vulnerability is documented as CVE-2026-28527. The attack requires being on the local network. There is not any exploit available.
Upgrading the affected component is recommended.
vuldb.com
CVE-2026-28526 | BlueKitchen BTstack up to 1.8.0 AVRCP Controller Count out-of-bounds (EUVD-2026-17085)
4 days 8 hours ago
A vulnerability was found in BlueKitchen BTstack up to 1.8.0 and classified as problematic. Affected by this issue is the function LIST_PLAYER_APPLICATION_SETTING_ATTRIBUTES/LIST_PLAYER_APPLICATION_SETTING_VALUES of the component AVRCP Controller. Executing a manipulation of the argument Count can lead to out-of-bounds read.
This vulnerability is registered as CVE-2026-28526. The attack requires access to the local network. No exploit is available.
It is suggested to upgrade the affected component.
vuldb.com
IBM security advisory (AV26-294)
4 days 8 hours ago
Canadian Centre for Cyber Security
Шесть запросов до полного взлома. Ошибка в коде популярной CRM ставит под удар малый бизнес
4 days 8 hours ago
Разработчики EspoCRM закрыли критическую уязвимость в механизме обработки файлов.
Apple adds macOS Terminal warning to block ClickFix attacks
4 days 8 hours ago
Apple has introduced a security feature in macOS Tahoe 26.4 that blocks pasting and executing potentially harmful commands in Terminal and alerts users to possible risks. [...]
Bill Toulas
New macOS security feature will alert users about possible ClickFix attacks
4 days 8 hours ago
Apple introduced an extra layer of protection against ClickFix attacks, only for macOS Tahoe 26.4 and later
The post New macOS security feature will alert users about possible ClickFix attacks appeared first on Security Boulevard.
Malwarebytes
Akira
4 days 8 hours ago
You must login to view this content
cohenido
It’s a mystery … alleged unpatched Telegram zero-day allows device takeover, but Telegram denies
4 days 8 hours ago
A critical Telegram flaw could allow zero-click remote code execution on devices, but Telegram denies it. Researcher Michael DePlante (@izobashi) of TrendAI Zero Day disclosed a new Telegram vulnerability through Zero Day Initiative (ZDI). The vulnerability, tracked as ZDI-CAN-30207 (CVSS score of 9.8) allows attackers to execute code on targeted devices without any user interaction. […]
Pierluigi Paganini
Плати за VPN: Минцифры вводит лимиты на международный трафик с 1 мая
4 days 8 hours ago
Ozon, Wildberries и «Яндекс» начнут ограничивать доступ пользователям с VPN.
Qilin
4 days 8 hours ago
You must login to view this content
cohenido
Qilin
4 days 8 hours ago
You must login to view this content
cohenido
Qilin
4 days 8 hours ago
You must login to view this content
cohenido
How to Evaluate AI SOC Agents: 7 Questions Gartner Says You Should Be Asking
4 days 8 hours ago
AI SOC agents can reduce alert fatigue, but most teams fail to measure real outcomes. Prophet Security breaks down Gartner's questions for evaluating AI SOC agents and separating real impact from hype. [...]
Sponsored by Prophet Security
Lloyds IT Glitch Exposed Data of Nearly 500,000 Banking Customers
4 days 8 hours ago
Lloyds app glitch exposed up to 447,936 customers’ transactions and personal data during update