Aggregator

В Гааге гадают, что именно украли у чиновников.

Cybercrime group Lapsus$ claims it hacked AstraZeneca, stealing 3GB of data including credentials, code, and employee information. The Lapsus$ group claims it breached AstraZeneca, stealing about 3GB of sensitive data. The alleged leak includes credentials, tokens, internal code repositories (Java, Angular, Python), and employee information, though the company has not yet confirmed the breach. Even […]

A vulnerability classified as critical was found in code-projects Simple Laundry System 1.0. This affects an unknown function of the file /checkcheckout.php of the component Parameter Handler. The manipulation of the argument serviceId results in sql injection. This vulnerability is known as CVE-2026-4784. It is possible to launch the attack remotely. Furthermore, an exploit is available.

A vulnerability described as problematic has been identified in Apple iOS and iPadOS up to 26.3. Affected by this issue is some unknown functionality of the component Stolen Device Protection. The manipulation results in denial of service. This vulnerability is known as CVE-2026-28895. An attack on the physical device is feasible. No exploit is available. Upgrading the affected component is recommended.

A vulnerability labeled as problematic has been found in Hitachi Ops Center Administrator up to 11.0.7. The affected element is an unknown function. The manipulation results in open redirect. This vulnerability was named CVE-2026-1166. The attack may be performed from remote. There is no available exploit. The affected component should be upgraded.

A vulnerability identified as problematic has been detected in Hitachi Infrastructure Analytics Advisor and Ops Center Analyzer. Impacted is an unknown function. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2026-2072. The attack is possible to be carried out remotely. No exploit exists. You should upgrade the affected component.

A vulnerability classified as problematic has been found in PeproDev PeproDev Ultimate Invoice Plugin up to 2.2.5 on WordPress. The impacted element is an unknown function of the component ZIP File Parser. Performing a manipulation results in information disclosure. This vulnerability was named CVE-2026-2343. The attack may be initiated remotely. There is no available exploit.

A vulnerability was found in OM Digital Solutions OM Workspace up to 2.4. It has been classified as problematic. This affects an unknown part of the component Installer. Performing a manipulation results in uncontrolled search path. This vulnerability is cataloged as CVE-2026-26306. The attack must be initiated from a local position. There is no exploit available.

A vulnerability described as problematic has been identified in Sanyo Denki Sanups Software Standalone and Sanups Software. The affected element is an unknown function of the component Windows Service. Such manipulation leads to unquoted search path. This vulnerability is uniquely identified as CVE-2026-33253. Local access is required to approach this attack. No exploit exists.

A vulnerability has been found in Sharp home 5G HR01, home 5G HR02, Wi-Fi STATION SH-52A, Wi-Fi STATION SH-52B, Wi-Fi STATION SH-54C, 5G Mobile Router SH-U01, Pocket WiFi 5G A503SH and Speed Wi-Fi 5G X01 and classified as critical. The affected element is an unknown function. The manipulation leads to missing authentication. This vulnerability is referenced as CVE-2026-32326. The attack needs to be initiated within the local network. No exploit is available.

Cloud VMs offer unmatched speed, scale and flexibility – all of which could eventually count for little if they’re left to fend for themselves

快来报名一起学习

从Trivy到LiteLLM，连环攻击是怎么发生的？

看雪论坛作者ID：Taardisaa

智慧校园代码审计

安全“养虾”秘密武器，原来是TA

Исход противостояния определит будущее домашних развлечений.

UK police trumpet success of Operation Henhouse as they seize and freeze over £27m in suspected fraud proceeds

Security research team has uncovered a critical vulnerability in ClawHub, the public skills registry for the OpenClaw agentic ecosystem. This flaw allowed attackers to artificially inflate the download counts of malicious skills, thereby bypassing security checks and manipulating search rankings. By pushing a compromised skill to the top, threat actors could orchestrate massive supply-chain attacks […]

The post ClawHub Vulnerability Let Attackers Manipulate Rankings to Become the #1 Skill appeared first on Cyber Security News.

Passwordless authentication was supposed to mark the end of account takeovers. Designed to replace traditional passwords with cryptographic keys tied to physical devices, it promised a future where stolen credentials could no longer unlock user accounts. But a close examination of how Google has actually built its passkey ecosystem reveals something far more complex than […]

The post Google Authenticator’s Hidden Passkey Architecture Could Open New Passwordless Attack Paths appeared first on Cyber Security News.