Aggregator
CVE-2021-35485 | Nokia Impact up to 19.11.2.10-202 application fileupload unrestricted upload
CVE-2021-35483 | Nokia Impact up to 19.11.2.10-202 application fileupload unrestricted upload
California fines national high school ticketing platform $1.1 million for privacy violations
Amazon Says Drone Strikes Disrupted Middle East Data Centers
Physical effects rather than cyber strikes are triggering Middle Eastern connectivity problems during day four of a sustained U.S. and Israeli bombing campaign against Iran. Iran is responding with drone and missile attacks targeting U.S. military as well as British bases in Bahrain, Cyprus.
Coruna: Spy-grade iOS exploit kit powering financial crime
A powerful iOS exploit kit has circulated among multiple threat actors over the past year, moving from a commercial surveillance operation to state-linked espionage campaigns and, ultimately, ended into the hands of financially motivated hackers, according to new research from Google’s Threat Intelligence Group (GTIG). “The exploit kit, named ‘Coruna’ by its developers, contained five full iOS exploit chains and a total of 23 exploits,” the analysts noted. The exploit list includes both CVE-tracked vulnerabilities … More →
The post Coruna: Spy-grade iOS exploit kit powering financial crime appeared first on Help Net Security.
Safepay
You must login to view this content
CVE-2026-1927 | Greenshift Plugin up to 12.5.7 on WordPress AI API Key greenshift_app_pass_validation information disclosure
CVE-2026-26275 | junkurihara httpsig-rs up to 0.0.22 integrity check (GHSA-7v42-g35v-xrch)
CVE-2026-27452 | JonathanWilbur asn1-ts up to 11.0.5 information disclosure (GHSA-h5rw-vxjr-8q79)
CVE-2026-27199 | Pallets Werkzeug up to 3.1.5 send_from_directory windows device name (GHSA-29vq-49wr-vm6x)
CVE-2026-27198 | getformwork up to 2.3.3 Account Creation privileges management (GHSA-34p4-7w83-35g2)
CVE-2026-3057 | a54552239 pearProjectApi up to 2.8.10 Backend Interface Task.php dateTotalForProject projectCode sql injection
CVE-2026-25591 | QuantumNous new-api up to 0.10.8-alpha.9 Token Search Endpoint /api/token/search keyword/token data query logic injection (GHSA-w6x6-9fp7-fqm4)
CVE-2026-26993 | FlintSH Flare 1.7.1 SVG cross site scripting (GHSA-q8fp-w6m5-4gjm)
CVE-2025-37184 | HPE EdgeConnect SD-WAN Orchestrator up to 9.4.4/9.6.0 Orchestrator Service improper authentication
CVE-2024-0756 | Insert or Embed Articulate Content into WordPress Plugin cross site scripting
Ariomex, Iran-based crypto exchange, suffers data leak
Fake Zoom and Google Meet Pages Trick Users Into Installing Monitoring Tool
SloppyLemming Espionage Campaign Uses BurrowShell Backdoor and Rust RAT to Hit Pakistan and Bangladesh Targets
A suspected India-aligned threat group known as SloppyLemming has been conducting a sustained espionage campaign against government agencies, defense organizations, nuclear oversight bodies, and critical infrastructure operators in Pakistan and Bangladesh. Active since 2021 and also tracked as Outrider Tiger and Fishing Elephant, the group deployed two newly documented tools between January 2025 and January […]
The post SloppyLemming Espionage Campaign Uses BurrowShell Backdoor and Rust RAT to Hit Pakistan and Bangladesh Targets appeared first on Cyber Security News.