First known AI-powered ransomware uncovered by ESET Research
The discovery of PromptLock shows how malicious use of AI models could supercharge ransomware and other threats
Threat Intelligence Feed
Aggregating 3064 articles from trusted cybersecurity sources
LATEST CVEs
CVE-2026-40199
Net::CIDR::Lite versions before 0.23 for Perl mishandles IPv4 mapped IPv6 addresses, which may allow IP ACL bypass.
_pa
CVE-2026-40198
Net::CIDR::Lite versions before 0.23 for Perl does not validate IPv6 group count, which may allow IP ACL bypass.
_pack_
CVE-2026-33119
User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized
CVE-2026-33118
Microsoft Edge (Chromium-based) Spoofing Vulnerability
CVE-2026-5724
The frontend gRPC server's streaming interceptor chain did not include the authorization interceptor. When a ClaimMapper
CVE-2026-40252
FastGPT is an AI Agent building platform. Prior to 4.14.10.4, Broken Access Control vulnerability (IDOR/BOLA) allows any
CVE-2026-40242
Arcane is an interface for managing Docker containers, images, networks, and volumes. Prior to 1.17.3, the /api/template
CVE-2026-40194
phpseclib is a PHP secure communications library. Prior to 3.0.51, 2.0.53, and 1.0.28, phpseclib\Net\SSH2::get_binary_pa
CVE-2026-40191
ClearanceKit intercepts file-system access events on macOS and enforces per-process access policies. Prior to 5.0.4-beta
CVE-2026-40190
LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform. Prior to 0.5.18, the LangSmith JavaScri
CVE-2026-40189
goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.4, goshs enforces the documented per-folder .goshs ACL/ba
CVE-2026-40188
goshs is a SimpleHTTPServer written in Go. From 1.0.7 to before 2.0.0-beta.4, the SFTP command rename sanitizes only the
CVE-2026-40185
TREK is a collaborative travel planner. Prior to 2.7.2, TREK was missing authorization checks on the Immich trip photo m
CVE-2026-40184
TREK is a collaborative travel planner. Prior to 2.7.2, TREK served uploaded photos without requiring authentication. Th
CVE-2026-40180
Quarkus OpenAPI Generator is Quarkus' extensions for generation of Rest Clients and server stubs generation. Prior to 2.
CVE-2026-40178
ajenti.plugin.core defines all necessary core elements to allow Ajenti to run properly. Prior to 0.112, if the 2FA was a
CVE-2026-40177
ajenti.plugin.core defines all necessary core elements to allow Ajenti to run properly. Prior to 0.112, if the 2FA was a
CVE-2026-40175
Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.0, the Axios library is vulnerable to a
CVE-2026-40168
Postiz is an AI social media scheduling tool. Prior to 2.21.5, the /api/public/stream endpoint is vulnerable to SSRF. Al
CVE-2026-39922
GeoNode versions 4.0 before 4.4.5 and 5.0 before 5.0.2 contain a server-side request forgery vulnerability in the servic
CVE-2026-39921
GeoNode versions 4.0 before 4.4.5 and 5.0 before 5.0.2 contain a server-side request forgery vulnerability that allows a
CVE-2026-32252
Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create c
CVE-2026-30232
Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create c
CVE-2026-3446
When calling base64.b64decode() or related functions the decoding process would stop after encountering the first padded
CVE-2026-33737
Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, multiple files use simplexml_load_string()
CVE-2026-33736
Chamilo LMS is a learning management system. Prior to 2.0.0-RC.3, any authenticated user (including ROLE_STUDENT) can en
CVE-2026-33710
Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, REST API keys are generated using md5(time
CVE-2026-33708
Chamilo LMS is a learning management system. Prior to 1.11.38, the get_user_info_from_username REST API endpoint returns
CVE-2026-33707
Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, the default password reset mechanism gener
CVE-2026-33706
Chamilo LMS is a learning management system. Prior to 1.11.38, any authenticated user with a REST API key can modify the
CVE-2026-33705
Chamilo LMS is a learning management system. Prior to 1.11.38, Twig template files (.tpl) under /main/template/default/
CVE-2026-33704
Chamilo LMS is a learning management system. Prior to 1.11.38, any authenticated user (including students) can write arb
CVE-2026-33703
Chamilo LMS is a learning management system. Prior to 2.0.0-RC.3, an Insecure Direct Object Reference (IDOR) vulnerabili
CVE-2026-33702
Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, Chamilo LMS contains an Insecure Direct Ob
CVE-2026-33698
Chamilo LMS is a learning management system. Prior to 1.11.38, a chained attack can enable otherwise-blocked PHP code fr
CVE-2026-33618
Chamilo LMS is a learning management system. Prior to .0.0-RC.3, the PlatformConfigurationController::decodeSettingArray
CVE-2026-27460
Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.6.5, a c
CVE-2026-5483
A flaw was found in odh-dashboard in Red Hat Openshift AI. This vulnerability in the `odh-dashboard` component of Red Ha
CVE-2026-40163
Saltcorn is an extensible, open source, no-code database application builder. Prior to 1.4.5, 1.5.5, and 1.6.0-beta.4, t
CVE-2026-40162
Bugsink is a self-hosted error tracking tool. In 2.1.0, an authenticated file write vulnerability was identified in Bugs
Latest News
Inline Style Exfiltration: leaking data with chained CSS conditionals
I discovered how to use CSS to steal attribute data without selectors and stylesheet imports! This means you can now exploit CSS injection via style attributes!
Countering Chinese State-Sponsored Actors Compromise of Networks Worldwide to Feed Global Espionage System
Executive summary People’s Republic of China (PRC) state-sponsored cyber threat actors are targeting networks globally, including, but not limited to, teleco...
"What happens online stays online" and other cyberbullying myths, debunked
Separating truth from fiction is the first step towards making better parenting decisions. Let’s puncture some of the most common misconceptions about online...
Beware the false false-positive: how to distinguish HTTP pipelining from request smuggling
Sometimes people think they've found HTTP request smuggling, when they're actually just observing HTTP keep-alive or pipelining.
The need for speed: Why organizations are turning to rapid, trustworthy MDR
How top-tier managed detection and response (MDR) can help organizations stay ahead of increasingly agile and determined adversaries
Investors beware: AI-powered financial scams swamp social media
Can you tell the difference between legitimate marketing and deepfake scam ads? It’s not always as easy as you may think.
Android’s pKVM Becomes First Globally Certified Software to Achieve Prestigious SESIP Level 5 Security Certification
Posted by Dave Kleidermacher, VP Engineering, Android Security & Privacy Today marks a watershed moment and new benchmark for open-source security and the fu...
Supply-chain dependencies: Check your resilience blind spot
Does your business truly understand its dependencies, and how to mitigate the risks posed by an attack on them?
How the always-on generation can level up its cybersecurity game
Digital natives are comfortable with technology, but may be more exposed to online scams and other threats than they think
WinRAR zero-day exploited in espionage attacks against high-value targets
The attacks used spearphishing campaigns to target financial, manufacturing, defense, and logistics companies in Europe and Canada, ESET research finds
HTTP/1.1 must die: the desync endgame
Abstract Upstream HTTP/1.1 is inherently insecure and regularly exposes millions of websites to hostile takeover.
Data Breaches
ShinyHunters Claims Rockstar Games Snowflake Breach via Anodot
ShinyHunters claims access to Rockstar Games Snowflake data via Anodot breach, threatening a data leak on April 14 if ransom demands are not met.
All Brazilians potentially impacted by alleged breach of Experian subsidiary
Cybernews reports that Serasa Experian, the Brazilian subsidiary of credit risk and fraud prevention firm Experian, had 1.8 TB of data belonging to 223 milli...
China supercomputer breach: 10 petabytes of military data allegedly stolen by 'FlamingChina'
The stolen data, reportedly offered for sale, is said to contain simulations and schematics of aircraft, missiles, and bombs, originating from top organizati...
Bitcoin Depot loses $3.6 million in Bitcoin after system breach
The breach allowed unauthorized access to Bitcoin Depot's corporate IT systems, leading to the theft of 50.903 Bitcoin, valued at roughly $3.
UNC6783 Hackers Use Fake Okta Pages in Corporate Breach Campaign
UNC6783 hackers and extortionists impersonate support staff, using fake Okta login pages and social engineering to access corporate systems and steal sensiti...
Over 300K Americans compromised in Eurail breach
Eurail B.V.
Major Colombian banks purportedly breached, data leaked
Grupo Bancolombia and Banco De Bogota, two of the leading banks in Colombia, were claimed to have been compromised by the same threat actor, who also exposed...
Eurail data breach impacted 308,777 people
Hackers breached Eurail in Dec 2025, stole names and passport data, and exposed over 300,000 travelers’ personal information. Threat actors breached Eurail i...
Sensitive LAPD documents reportedly leaked online by World Leaks
The breach, attributed to the extortion gang World Leaks, reportedly exposed approximately 7.7 terabytes of data, including over 337,000 files.
113,000 explicit prompts from AI girlfriend platform exposed, many linked to user IDs
MyLovely.AI, an AI girlfriend platform, suffered a data breach that exposed over 100,000 users.
Bitcoin Depot Reports $3.6m Crypto Theft After System Breach
Bitcoin Depot has disclosed a cyber-attack that led to the theft of more than 50 Bitcoin, worth $3.
Eurail says December data breach impacts 300,000 individuals
Eurail B.V.