Mirai Variant Nexcorium Exploits CVE-2024-3721 to Hijack TBK DVRs for DDoS Botnet, Furthering the Threat Landscape of IoT Security
Threat actors have exploited security flaws in TBK DVR and EoL TP-Link Wi-Fi routers to deploy Mirai-botnet variants on compromised devices. The attack targets TBK DVR devices and leverages the CVE-2024-3721 vulnerability, a medium-severity command injection vulnerability affecting TBK DVR-4104 and DVR-4216 digital video recording devices. Read more about this emerging threat and its implications for IoT security.
Published: Sat Apr 18 02:33:35 2026 by llama3.2 3B Q4_K_M
Three zero-day vulnerabilities in Microsoft Defender have been exploited by attackers to gain elevated access to compromised systems, with two of the vulnerabilities remaining unpatched. The attack highlights the importance of timely patching and updates, as well as responsible disclosure.
Published: Sat Apr 18 02:42:17 2026 by llama3.2 3B Q4_K_M
Ghost identities pose a significant threat to enterprise security, with compromised service accounts and forgotten API keys behind 68% of cloud breaches in 2024. Join The Hacker News for a live webinar that explores how to eliminate these unmanaged non-human identities before they compromise your data.
Published: Sat Apr 18 03:50:18 2026 by llama3.2 3B Q4_K_M
A $13.74 million hack on Grinex has raised serious questions about the ability of Western intelligence agencies to detect and prevent cyber attacks on sanctioned entities. The breach, which occurred on April 15, 2026, at around 12:00 UTC, highlights the ongoing threat posed by sanctioned entities in the world of cryptocurrencies.
Published: Sat Apr 18 04:02:09 2026 by llama3.2 3B Q4_K_M
A recent revelation has exposed the EU's new age-verification app as woefully inadequate in terms of security, highlighting a lacuna in the union's cybersecurity infrastructure and leaving vulnerable individuals and communities exposed to real risks. Despite promises from EU leaders, the app's security issues have been revealed, prompting calls for immediate action to rectify this situation and prioritize investment in cybersecurity research and development.
Published: Sat Apr 18 06:14:13 2026 by llama3.2 3B Q4_K_M
Nexcorium Mirai Variant: A New Threat Emerges Through Vulnerability in TBK DVRs
A new variant of Mirai malware, dubbed Nexcorium, has been discovered to exploit a vulnerability in TBK DVR devices and launch DDoS attacks. The threat highlights the importance of regular software updates and vigilance when it comes to securing our digital assets.
Published: Sat Apr 18 06:38:08 2026 by llama3.2 3B Q4_K_M
Abuse of QEMU by Hackers: A Growing Concern
Published: Sat Apr 18 11:59:41 2026 by llama3.2 3B Q4_K_M
A Perilous Digital Landscape: Exploring the Ongoing Exploitations and Threats to Global Cybersecurity
The security landscape continues to evolve at an alarming rate, with new vulnerabilities and threats emerging every day. From Mirax extraction pipelines to PowMix botnets, these sophisticated attacks underscore the need for a proactive approach to cybersecurity. This article provides a detailed examination of the ongoing exploits and threats facing global cybersecurity.
Published: Sun Apr 19 05:31:52 2026 by llama3.2 3B Q4_K_M
The AI development community is facing criticism for its response to security flaws, with some vendors attempting to deflect blame or claim that the issue was not a bug at all. This lack of accountability has significant consequences for users, who are left to deal with the fallout when security flaws in AI systems are discovered.
Published: Sun Apr 19 06:44:12 2026 by llama3.2 3B Q4_K_M
The rise of stealthy malware campaigns using QEMU and exploiting vulnerabilities has emerged as a significant threat in recent months. This article provides an in-depth look at the tactics used by hackers and the measures being taken by security experts to mitigate their impact. Learn more about the latest malware threats and how to stay safe online.
Published: Sun Apr 19 09:56:50 2026 by llama3.2 3B Q4_K_M
Cyber-Enabled Cargo Theft: A Growing Trend in Logistics Industry
A recent breach of a load board platform has revealed a growing trend of cyber-enabled cargo theft, where digital intrusions are directly supporting real-world crime. The attack highlights the need for transportation organizations and logistics firms to strengthen their cybersecurity measures to prevent similar attacks.
Published: Sun Apr 19 11:06:48 2026 by llama3.2 3B Q4_K_M
Apple account change alerts are being abused by scammers to send phishing scams via legitimate emails sent from Apple's servers. Despite passing through multiple authentication checks, these emails manage to trick recipients into believing their accounts were used for fraudulent purchases, prompting them to call a scammer's "support" number.
Published: Sun Apr 19 12:15:01 2026 by llama3.2 3B Q4_K_M
A major cybersecurity incident has been reported at Vercel, a cloud development platform, with hackers claiming to have breached internal systems and selling stolen data. The incident highlights the importance of robust security measures in the cloud development industry.
Published: Sun Apr 19 13:28:04 2026 by llama3.2 3B Q4_K_M
The cloud development platform Vercel has been compromised in a devastating cyber attack that highlights the ongoing threat of third-party vulnerabilities. In this detailed exposé, we'll delve into the intricacies of the breach and explore the implications for users of the platform.
Published: Sun Apr 19 16:37:38 2026 by llama3.2 3B Q4_K_M
Prompt Injection Attacks: The AI Equivalent of Phishing - A recent discovery highlights the vulnerabilities of AI models to malicious prompts, raising concerns about their trustworthiness.
Published: Sun Apr 19 18:48:34 2026 by llama3.2 3B Q4_K_M
A recent breach at Vercel has exposed limited customer credentials, highlighting the risks associated with using cloud-based infrastructure providers and third-party AI tools. The attack is attributed to a sophisticated threat actor who used advanced techniques to gain access to sensitive information. Vercel has taken steps to mitigate the damage, but the incident serves as a reminder of the need for companies to prioritize cybersecurity and take proactive measures to protect themselves against sophisticated threats.
Published: Mon Apr 20 00:01:52 2026 by llama3.2 3B Q4_K_M
Vercel's recent data leak highlights the critical role of information security in tech companies and the risks associated with using agentic AI tools. The incident demonstrates how a series of human errors and oversights can lead to serious breaches, underscoring the need for stricter oversight of third-party vendors and robust cybersecurity measures.
Published: Mon Apr 20 03:14:45 2026 by llama3.2 3B Q4_K_M
Recently discovered malware dubbed ZionSiphon appears to be specifically designed to target Israeli water treatment and desalination systems, posing a significant threat to critical infrastructure. This malicious software combines privilege escalation, persistence, USB propagation, and ICS scanning with sabotage capabilities aimed at chlorine and pressure controls.
Published: Mon Apr 20 04:28:59 2026 by llama3.2 3B Q4_K_M
AI-powered exploits have become increasingly prevalent, with a recent study demonstrating the capabilities of AI models like Claude Opus in turning bugs into exploits for just $2,283. Experts warn that the risk is not theoretical but already present, highlighting the need for organizations to prioritize patching and security measures to minimize the impact of these threats.
Published: Mon Apr 20 04:46:38 2026 by llama3.2 3B Q4_K_M
A disturbing tale of espionage, corruption, and manipulation has unfolded in the United States, involving high-ranking government officials, corporate executives, and ordinary citizens. From the corridors of power to the streets of California, this complex saga reveals a vast network of deceit and betrayal that threatens the very fabric of American society.
Published: Mon Apr 20 06:27:22 2026 by llama3.2 3B Q4_K_M
Anthropic's Model Context Protocol (MCP) has been found to contain a critical design flaw that enables remote code execution, posing a significant threat to the artificial intelligence (AI) supply chain. This vulnerability arises from unsafe defaults in how MCP configuration works over the STDIO transport interface.
Published: Mon Apr 20 06:46:03 2026 by llama3.2 3B Q4_K_M
A breach at Vercel has exposed the company's internal systems to attackers after a compromised third-party AI tool was used to gain unauthorized access. The incident highlights the growing concern of using external tools in corporate environments without adequate security measures.
Published: Mon Apr 20 06:57:23 2026 by llama3.2 3B Q4_K_M
HP Inc. has announced that it will discontinue its Teradici-derived remote desktop business, ending the HP Anyware platform and its zero client hardware. The move comes as the remote work landscape continues to evolve rapidly, with companies needing to adapt quickly to stay ahead of the curve.
Published: Mon Apr 20 08:05:48 2026 by llama3.2 3B Q4_K_M
The latest developments in AI technology highlight the often-overlooked realities of deploying these sophisticated systems in real-world environments. From data quality issues to governance challenges, teams must navigate a complex landscape to achieve success with AI initiatives.
Published: Mon Apr 20 08:16:11 2026 by llama3.2 3B Q4_K_M
Microsoft has released an urgent update to address a restart loop issue affecting some Windows Server devices after its April 2026 security patch. The fix aims to prevent forced server restarts and maintain availability for critical services.
Published: Mon Apr 20 10:29:33 2026 by llama3.2 3B Q4_K_M
A recent data breach at Vercel has exposed the ease with which attackers can exploit trust in modern systems. As attackers become more sophisticated in their tactics, it is essential that security teams take a proactive approach to securing their systems, leveraging the latest technologies and techniques to stay ahead of emerging threats. The incident highlights the need for a more comprehensive approach to security, one that takes into account the complexities and nuances of modern systems.
Published: Mon Apr 20 10:40:09 2026 by llama3.2 3B Q4_K_M
Hackers have been attempting to exploit a serious vulnerability in outdated TP-Link routers for over a year, but so far without success. The vulnerability, tracked as CVE-2023-33538, is a command injection vulnerability in the /userRpm/WlanNetworkRpm component that impacts several TP-Link router models. Despite extensive efforts by attackers, no successful exploitation has been seen so far, highlighting the importance of timely patching and strong security measures.
Published: Mon Apr 20 10:59:27 2026 by llama3.2 3B Q4_K_M
Scot pleads guilty to $8 million virtual currency theft, bringing total losses at Scattered Spider cybercrime crew to over $11 million. Tyler Buchanan faces up to 22 years in prison for his role in the operation.
Published: Mon Apr 20 13:21:32 2026 by llama3.2 3B Q4_K_M
Seiko USA website defacement: Hacker claims customer data theft and demands ransom in extortion message.
The incident highlights the ongoing threat of cyberattacks and the importance of cybersecurity measures for businesses like Seiko USA. As hackers continue to evolve and find new ways to breach security systems, companies must stay vigilant and adapt their defenses accordingly.
Published: Mon Apr 20 14:31:17 2026 by llama3.2 3B Q4_K_M
The popular open-source serving framework SGLang has been identified as vulnerable to a critical security flaw that can lead to remote code execution. The vulnerability, tracked as CVE-2026-5760, carries a CVSS score of 9.8 out of 10.0 and was disclosed by security researcher Stuart Beck. Learn more about the nature of this vulnerability and how to mitigate it in our detailed report.
Published: Mon Apr 20 14:51:07 2026 by llama3.2 3B Q4_K_M
A member of the notorious Scattered Spider group has pleaded guilty to major crypto theft, bringing a measure of closure to victims who were affected by his actions. In this article, we delve into the details of Buchanan's guilty plea and explore the implications of this case on the world of cybercrime.
Published: Mon Apr 20 15:05:57 2026 by llama3.2 3B Q4_K_M
In an effort to understand how Gentlemen ransomware affiliates are expanding their attack toolkit and using SystemBC for bot-powered attacks, researchers have found a significant use of proxy malware. The threat actor's integration with SystemBC has led to concerns regarding corporate victimization. This article will provide more insight into the tactics used by the Gentlemen ransomware affiliate in utilizing this tool.
Published: Mon Apr 20 16:14:47 2026 by llama3.2 3B Q4_K_M
Anthropic's Claude Desktop raises concerns over unauthorised modifications and potential breaches of EU data protection regulations, sparking questions about transparency and adherence to regulatory standards in software development.
Published: Mon Apr 20 16:24:37 2026 by llama3.2 3B Q4_K_M
France's national identity system has been breached, exposing up to 19 million users' personal data, including login credentials and sensitive information. A massive dataset is allegedly being sold by a threat actor, raising concerns about potential identity theft, financial fraud, and synthetic identities.
Published: Mon Apr 20 16:35:52 2026 by llama3.2 3B Q4_K_M
KelpDAO's $290 million crypto heist highlights the ongoing threat landscape of state-sponsored hackers and underscores the need for DeFi projects to prioritize robust security measures. This complex attack reveals the vulnerabilities that can arise when cross-chain validation protocols are exploited by sophisticated hackers, leaving a trail of destruction in their wake.
Published: Mon Apr 20 17:49:08 2026 by llama3.2 3B Q4_K_M
A recent leak of the upcoming movie "The Legend of Aang: The Last Airbender" has sparked a heated debate among fans about the ethics of piracy as a form of protest. The leak, which saw the film's trailer and various clips making their way onto social media platforms, has been met with a mixed response from fans, with some praising the move as a bold statement against Paramount's decision to release the film in theaters exclusively. As the debate continues to rage on, it is clear that this issue will not be resolved anytime soon.
Published: Mon Apr 20 17:59:36 2026 by llama3.2 3B Q4_K_M
Lovable, a cutting-edge AI coding platform, has found itself at the center of a maelstrom of controversy surrounding a critical security vulnerability. A recent report highlights alarming lapses in Lovable's security protocols, leaving many users concerned about their data security and the company's ability to protect them.
Published: Mon Apr 20 19:11:33 2026 by llama3.2 3B Q4_K_M
Iran Alleges US Used Backdoors to Disable Networking Equipment During Conflict
The Iranian government claims that the US has used backdoors and/or botnets to disrupt networking equipment during a recent conflict, with Chinese state media reiterating Beijing's stance as a pacifist in cyberspace. The allegations have raised questions about international cybersecurity norms and potential covert operations between nations.
Published: Tue Apr 21 01:42:54 2026 by llama3.2 3B Q4_K_M
Panasonic has developed device-locked QR codes that enable secure on-site facial biometric capture, speeding up and securing the authentication process. This innovation is part of the company's ongoing efforts to improve security and efficiency in various fields.
Published: Tue Apr 21 02:55:12 2026 by llama3.2 3B Q4_K_M
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added eight new vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, including three flaws impacting Cisco Catalyst SD-WAN Manager, in a move aimed at encouraging patch management among government agencies and organizations. The list of vulnerabilities includes improper authentication vulnerabilities, path traversal vulnerabilities, cross-site scripting vulnerabilities, storing passwords in a recoverable format vulnerability, and exposure of sensitive information to an unauthorized actor vulnerability.
Published: Tue Apr 21 03:02:18 2026 by llama3.2 3B Q4_K_M
Bluesky, a decentralized social media platform similar to X (formerly Twitter), was hit with a 24-hour DDoS attack attributed to pro-Iran hacker group 313 Team. The assault caused significant disruptions to the platform's services and highlights the growing threat of state-sponsored hacking groups. As online services look to bolster their cybersecurity posture, the need for effective defense strategies and coordination between law enforcement agencies becomes increasingly clear.
Published: Tue Apr 21 03:14:40 2026 by llama3.2 3B Q4_K_M
Adaptavist Group, a UK-based enterprise software consultancy, has announced that it is under investigation following a suspected cyber attack. The company claims that no personal data relating to customers or partners was accessed, but a ransomware crew has come forward claiming a "complete infrastructure compromise" and a cache of stolen data, including customer records and internal documents.
Published: Tue Apr 21 04:28:50 2026 by llama3.2 3B Q4_K_M
NGate, a malware variant that was originally documented in mid-2024, has been found to be using the HandyPay NFC app on Android devices to steal payment card data. This new development highlights the ongoing threat of mobile malware and the importance of users taking steps to protect themselves against such attacks.
Published: Tue Apr 21 04:37:57 2026 by llama3.2 3B Q4_K_M
Serial-to-IP Converter Flaws Expose OT and Healthcare Systems to Hacking
British Scattered Spider Hacker Pleads Guilty in the US
Hackers Abuse QEMU for Defense Evasion
Bluesky Disrupted by Sophisticated DDoS Attack
Senate Extends Surveillance Powers Until April 30 After Chaotic Votes in House
Half of the 6 Million Internet-Facing FTP Servers Lack Encryption
Next.js Creator Vercel Hacked
Hackers Fail to Exploit Flaw in Discontinued TP-Link Routers
Tycoon 2FA Loses Phishing Kit Crown Amid Surge in Attacks
White House Chief of Staff to Meet With Anthropic CEO Over Its New AI Technology
CISA Issues Updated RESURGE Malware Analysis Highlighting a Stealthy but Active Threat
Immediate Action Required: CISA Issues Emergency Directive to Secure Cisco SD-WAN Systems
CISA Announces New Town Halls to Engage with Stakeholders on Cyber Incident Reporting for Critical Infrastructure
CISA’s 2025 Year in Review: Driving Security and Resilience Across Critical Infrastructure
CISA Releases Guide to Help Critical Infrastructure Users Adopt More Secure Communication
CISA Orders Federal Agencies to Strengthen Edge Device Security Amid Rising Cyber Threats
CISA Urges Critical Infrastructure Organizations to Take Action Against Insider Threats
CISA Releases Product Categories List to Propel Post-Quantum Cryptography Adoption Pursuant to President Trump’s Executive Order 14306
CISA, UK NCSC, FBI Unveil Principles to Combat Cyber Risks in OT
CISA Retires Ten Emergency Directives, Marking an Era in Federal Cybersecurity
The End is Just the Beginning of Better Security: Enhanced Vulnerability Management with OpenEoX
Super Bowl LX: Strengthening Preparation, Building Resilience, Fostering Partnerships
NCSWIC releases the “‘What is a PACE Plan” video
CISA Urges Critical Infrastructure to Be Air Aware
Helping OT Organizations to Establish Defensible Architecture and More Resilient Operations
The Mandate, Mission, and Momentum to lead the CVE Program into the Future belongs to CISA
The Joint SAFECOM-NCSWIC Project 25 (P25) User Needs Working Group (UNWG) releases the UNWG Video Series
Tackling the National Gap in Software Understanding
Securing Core Cloud Identity Infrastructure: Addressing Advanced Threats through Public-Private Collaboration
SAFECOM Releases the Emergency Communications System Lifecycle Planning Guide Suite Refresh
Supply Chain Compromise Impacts Axios Node Package Manager
CISA Adds Eight Known Exploited Vulnerabilities to Catalog
AVEVA Pipeline Simulation
Delta Electronics ASDA-Soft
Horner Automation Cscape and XL4, XL7 PLC
Anviz Multiple Products
CISA Adds One Known Exploited Vulnerability to Catalog
CISA Adds Two Known Exploited Vulnerabilities to Catalog
CISA Adds Seven Known Exploited Vulnerabilities to Catalog
GPL Odorizers GPL750
Contemporary Controls BASC 20T
CISA Adds One Known Exploited Vulnerability to Catalog
Iranian-Affiliated Cyber Actors Exploit Programmable Logic Controllers Across US Critical Infrastructure
Mitsubishi Electric GENESIS64 and ICONICS Suite products
CISA Adds One Known Exploited Vulnerability to Catalog
Hitachi Energy Ellipse
Yokogawa CENTUM VP
Siemens SICAM 8 Products
CISA Adds One Known Exploited Vulnerability to Catalog
CISA Adds One Known Exploited Vulnerability to Catalog
PX4 Autopilot
Anritsu Remote Spectrum Monitor
CISA Adds One Known Exploited Vulnerability to Catalog
CISA Adds One Known Exploited Vulnerability to Catalog
PTC Windchill Product Lifecycle Management
CISA Adds One Known Exploited Vulnerability to Catalog
WAGO GmbH & Co. KG Industrial Managed Switches
OpenCode Systems OC Messaging and Custom Messaging Gateway
CISA Adds One Known Exploited Vulnerability to Catalog
Pharos Controls Mosaic Show Controller
[local] NetBT e-Fatura - Privilege Escalation
[webapps] D-Link DIR-650IN - Authenticated Command Injection
[webapps] React Server 19.2.0 - Remote Code Execution
[webapps] RomM 4.4.0 - XSS_CSRF Chain
[webapps] Jumbo Website Manager - Remote Code Execution
[local] ZSH 5.9 - RCE
[webapps] FortiWeb 8.0.2 - Remote Code Execution
[local] 7-Zip 24.00 - Directory Traversal
[webapps] xibocms 3.3.4 - RCE
[local] SQLite 3.50.1 - Heap Overflow
[local] Microsoft MMC MSC EvilTwin - Local Admin Creation
[webapps] Horilla v1.3 - RCE
[local] is-localhost-ip 2.0.0 - SSRF
[webapps] Fortinet FortiWeb v8.0.1 - Auth Bypass
[local] Windows Kernel - Elevation of Privilege
[local] Desktop Window Manager Core Library 10.0.10240.0 - Privilege Escalation
[webapps] ASP.net 8.0.10 - Bypass
[webapps] Grafana 11.6.0 - SSRF
[webapps] Zhiyuan OA - arbitrary file upload leading
[webapps] WBCE CMS 1.6.4 - Remote Code Execution
[webapps] RiteCMS 3.1.0 - Authenticated Remote Code Execution
[webapps] WordPress Madara - Local File Inclusion
[webapps] WordPress Backup Migration 1.3.7 - Remote Command Execution
[webapps] mailcow 2025-01a - Host Header Password Reset Poisoning
[webapps] Easy File Sharing Web Server v7.2 - Buffer Overflow
[webapps] WeGIA 3.5.0 - SQL Injection
[webapps] Boss Mini v1.4.0 - Local File Inclusion (LFI)
[webapps] motionEye 0.43.1b4 - RCE
[remote] Windows 10.0.17763.7009 - spoofing vulnerability
[local] glibc 2.38 - Buffer Overflow
[remote] windows 10/11 - NTLM Hash Disclosure Spoofing
[remote] Redis 8.0.2 - RCE
[webapps] OctoPrint 1.11.2 - File Upload
[remote] Ingress-NGINX Admission Controller v1.11.1 - FD Injection to RCE
[webapps] aiohttp 3.9.1 - directory traversal PoC
[webapps] FortiWeb Fabric Connector 7.6.x - SQL Injection to Remote Code Execution
[local] Docker Desktop 4.44.3 - Unauthenticated API Exposure
[webapps] Piranha CMS 12.0 - Stored XSS in Text Block
[webapps] RPi-Jukebox-RFID 2.8.0 - Stored Cross-Site Scripting (XSS)
[hardware] D-Link DIR-825 Rev.B 2.10 - Stack Buffer Overflow (DoS)
[webapps] RPi-Jukebox-RFID 2.8.0 - Remote Command Execution
[webapps] Siklu EtherHaul Series EH-8010 - Arbitrary File Upload
[webapps] Siklu EtherHaul Series EH-8010 - Remote Command Execution
[webapps] WordPress Quiz Maker 6.7.0.56 - SQL Injection
[webapps] Chained Quiz 1.3.5 - Unauthenticated Insecure Direct Object Reference via Cookie
[webapps] FreeBSD rtsold 15.x - Remote Code Execution via DNSSL
[webapps] Summar Employee Portal 3.98.0 - Authenticated SQL Injection
[webapps] esm-dev 136 - Path Traversal
[webapps] Pluck 4.7.7-dev2 - PHP Code Execution
[webapps] phpMyFAQ 2.9.8 - Cross-Site Request Forgery(CSRF)
CyberDanube Security Research 20260408-1 | Multiple Vulnerabilities in Siemens SICAM A8000
CyberDanube Security Research 20260408-0 | Remote Operation Denial of Service in Siemens SICAM A8000
SEC Consult SA-20260414-0 :: Improper Enforcement of Locked Accounts in WebUI (SSO) in Kiuwan SAST on-premise (KOP) & cloud/SaaS
SEC Consult SA-20260401-0 :: Broken Access Control in Open WebUI
SEC Consult SA-20260326-0 :: Local Privilege Escalation in Vienna Assistant (MacOS) - Vienna Symphonic Library
Apple OHTTP Relay: 14 Third-Party Endpoints, 6 Countries, Zero User Visibility
[KIS-2026-06] MetInfo CMS <= 8.1 (weixinreply.class.php) PHP Code Injection Vulnerability
[CVE-2026-33691] OWASP CRS whitespace padding bypass vulnerability
APPLE-SA-03-24-2026-10 Xcode 26.4
APPLE-SA-03-24-2026-9 Safari 26.4
APPLE-SA-03-24-2026-8 visionOS 26.4
APPLE-SA-03-24-2026-7 watchOS 26.4
APPLE-SA-03-24-2026-6 tvOS 26.4
APPLE-SA-03-24-2026-5 macOS Sonoma 14.8.5
APPLE-SA-03-24-2026-4 macOS Sequoia 15.7.5
The GNU C Library security advisories update for 2026-04-20
Fwd: [CVE-2026-3219] pip doesn't reject concatenated ZIP and tar archives
Re: Go 1.26.2 and Go 1.25.9 are released with 10 security fixes
Re: Go 1.26.2 and Go 1.25.9 are released with 10 security fixes
Re: [ADVISORY] CVE-2026-5367: Heap over-read in OVN DHCPv6 Client ID processing
Re: [ADVISORY] CVE-2026-5265: Heap Over-Read in ICMP Error Response Generation
[ADVISORY] CVE-2026-5367: Heap over-read in OVN DHCPv6 Client ID processing
[ADVISORY] CVE-2026-5265: Heap Over-Read in ICMP Error Response Generation
Re: Go 1.26.2 and Go 1.25.9 are released with 10 security fixes
Re: Go 1.26.2 and Go 1.25.9 are released with 10 security fixes
Re: CVE-2025-27363: FontForge affected by FreeType heap-buffer-overflow; upstream maintainer declines under Community-guidelines #D1
Re: [CVE REQUEST] terminal-controller-mcp: trivially bypassable command blocklist enables unrestricted RCE (CVSS 10.0)
[CVE REQUEST] terminal-controller-mcp: trivially bypassable command blocklist enables unrestricted RCE (CVSS 10.0)
CVE-2026-41113: RCE in sagredo fork of qmail
Re: [CVE-2026-33691] OWASP CRS whitespace padding bypass vulnerability