Aggregator

TeamPCP, the threat actor behind the supply chain attack targeting Trivy, KICS, and litellm, has now compromised the telnyx Python package by pushing two malicious versions to steal sensitive data. The two versions, 4.87.1 and 4.87.2, published to the Python Package Index (PyPI) repository on March 27, 2026, concealed their credential harvesting capabilities within a .WAV file. Users are

A large-scale campaign is targeting developers on GitHub with fake Visual Studio Code (VS Code) security alerts posted in the Discussions section of various projects, to trick users into downloading malware. [...]

Chinese APT Red Menshen's super-advanced BPFdoor malware defeats traditional cybersecurity protections. All telcos can do, really, is try hunting it down.

A vulnerability was found in Tenda FH1201 1.2.0.14(408). It has been declared as critical. Affected is the function formWrlExtraSet of the file /goform/WrlExtraSet of the component Parameter Handler. Executing a manipulation of the argument GO can lead to stack-based buffer overflow. This vulnerability appears as CVE-2026-5046. The attack may be performed from remote. In addition, an exploit is available.

A vulnerability was found in Tenda FH1201 1.2.0.14(408). It has been classified as critical. This impacts the function WrlclientSet of the file /goform/WrlclientSet of the component Parameter Handler. Performing a manipulation of the argument GO results in stack-based buffer overflow. This vulnerability is reported as CVE-2026-5045. The attack is possible to be carried out remotely. Moreover, an exploit is present.

A vulnerability was found in Belkin F9K1122 1.00.33 and classified as critical. This affects the function formSetSystemSettings of the file /goform/formSetSystemSettings of the component Setting Handler. Such manipulation of the argument webpage leads to stack-based buffer overflow. This vulnerability is documented as CVE-2026-5044. The attack can be executed remotely. Additionally, an exploit exists. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability has been found in Belkin F9K1122 1.00.33 and classified as critical. The impacted element is the function formSetPassword of the file /goform/formSetPassword of the component Parameter Handler. This manipulation of the argument webpage causes stack-based buffer overflow. This vulnerability is registered as CVE-2026-5043. Remote exploitation of the attack is possible. Furthermore, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability, which was classified as critical, was found in Belkin F9K1122 1.00.33. The affected element is the function formCrossBandSwitch of the file /goform/formCrossBandSwitch of the component Parameter Handler. The manipulation of the argument webpage results in stack-based buffer overflow. This vulnerability is cataloged as CVE-2026-5042. The attack may be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

Submit #779127 / VDB-353969

Submit #779127 / VDB-353969

Submit #779126 / VDB-353968

Submit #779126 / VDB-353968

Submit #779125 / VDB-353967

Submit #779125 / VDB-353967

Submit #779124 / VDB-353966