Hacking Polymarket
Polymarket is a platform where people can bet on real-world events, political and otherwise. Leaving the ethical considerations of this aside (for one, it fa...
Threat Intelligence Feed
Aggregating 4872 articles from trusted cybersecurity sources
LATEST CVEs
MED · CVE-2026-12175
A vulnerability was detected in CodeAstro Student Attendance Management System 1.0. Impacted is an unknown function of t
HIGH · CVE-2026-12174
A security vulnerability has been detected in D-Link DCS-935L 1.10.01. This issue affects the function snprintf of the f
CRIT · CVE-2026-12183
Nefteprodukttekhnika BUK TS-G Gas Station Automation System 2.9.1 through 2.10.2 on Linux contains an Improper Authentic
HIGH · CVE-2026-6428
SQL Injection in reports/catalogue_out.pl in Koha Community Koha through 22.11.37, 23.x, 24.x before 24.11.16, 25.05.x b
HIGH · CVE-2026-5513
The Online Scheduling and Appointment Booking System – Bookly plugin for WordPress is vulnerable to Stored Cross-Site Sc
MED · CVE-2026-1291
The Meow Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability che
CVE-2026-11624
The Model Context Protocol has a security warning advising servers to validate the "Origin" header on all incoming conne
MED · CVE-2026-9629
The Canvas plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tag' parameter in all versions up
MED · CVE-2026-3297
The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Stored Cross-Site Scri
MED · CVE-2026-2470
The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Incorrect Authorizatio
MED · CVE-2026-9134
The FooGallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'custom_attribute_key' shortcod
HIGH · CVE-2026-9109
The GPTranslate – Multilingual AI Translation for WordPress: Automatically Translate Websites plugin for WordPress is vu
CVE-2026-9062
The Store Locator WordPress plugin before 1.6.9 does not validate a parameter before using it in a file path, allowing h
CVE-2026-9061
The Store Locator WordPress plugin before 1.6.9 does not sanitize and escape store logo metadata before storing it and o
CVE-2026-11769
We have released version 5.24.0 of the Grafana Operator. This patch includes a CRITICAL severity security fix for a path
HIGH · CVE-2026-9848
The WP Ticket plugin for WordPress is vulnerable to SQL Injection via the WordPress search query parameter (`s`) in vers
MED · CVE-2026-54231
A content injection vulnerability was found in the ABRT post-create event handler scripts in libreport. The event script
HIGH · CVE-2026-54230
A symlink following vulnerability was found in the ABRT post-create event handler scripts in libreport. Event scripts wr
HIGH · CVE-2026-54229
A race condition was found in the abrt-dbus D-Bus service's ChownProblemDir method. ChownProblemDir opens the dump direc
HIGH · CVE-2026-54228
A time-of-check time-of-use (TOCTOU) race condition was found in the abrt-dbus D-Bus service's SetElement method. Betwee
MED · CVE-2026-12089
The LWS Optimize – All-in-One Speed Booster & Cache Tools plugin for WordPress is vulnerable to Arbitrary File Read in v
CVE-2026-11443
Allegra downloadAttachment Cross-Site Scripting Authentication Bypass Vulnerability. This vulnerability allows remote at
CVE-2026-11442
Allegra exportReport Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attacker
HIGH · CVE-2026-6676
Heap buffer out-of-bounds write vulnerability in Avira Antivirus engine when scanning a malformed POSIX tar archive may
HIGH · CVE-2026-12068
Information disclosure vulnerability in Avira Password Manager when used with Mozilla Firefox may allow a remote attacke
HIGH · CVE-2025-9033
Heap buffer out-of-bounds read vulnerability in Avira Antivirus engine when scanning a malformed PDF file may allow Loca
HIGH · CVE-2025-9032
Heap buffer out-of-bounds read vulnerability in Avira Antivirus engine when scanning a malformed Windows PE file may all
HIGH · CVE-2025-14098
Heap buffer out-of-bounds write vulnerability due to integer overflow in Avira Antivirus engine when scanning a malforme
CVE-2026-54398
An authorization flaw in MISP’s object add/edit handling allowed an authenticated user with object editing permissions t
CVE-2026-54095
Rejected reason: CVE ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2025-53826. Reason: This candidate i
HIGH · CVE-2026-53868
Capgo before 12.128.2 contains a denial of service vulnerability allowing attackers to register accounts using arbitrary
MED · CVE-2026-53867
Capgo before 12.128.2 fails to delete previously uploaded profile images from backend storage when users replace or remo
MED · CVE-2026-53839
OpenClaw before 2026.5.7 contains a hostname validation vulnerability in retry endpoint checks that allows matching host
CRIT · CVE-2026-53838
OpenClaw before 2026.5.27 contains a state mutation vulnerability in node pairing reconnection that allows paired nodes
CVE-2026-53837
OpenClaw before 2026.5.6 contains an improper access control vulnerability in Mattermost event handlers that fails to va
HIGH · CVE-2026-53836
OpenClaw before 2026.5.12 contains an allowlist bypass vulnerability in PowerShell encoded-command handling that allows
MED · CVE-2026-53835
OpenClaw before 2026.5.6 contains a configuration enforcement bypass vulnerability in Feishu dynamic-agent bindings that
HIGH · CVE-2026-53834
OpenClaw before 2026.4.27 contains an authorization bypass vulnerability in QQBot pre-dispatch slash commands that allow
HIGH · CVE-2026-53833
OpenClaw before 2026.4.29 contains an authorization bypass vulnerability in the QQBot streaming command that allows auth
HIGH · CVE-2026-53832
OpenClaw before 2026.5.18 contains an identity header validation vulnerability allowing local same-host callers to forge
Latest News
Critical cPanel Vulnerability Weaponized to Target Government and MSP Networks
A previously unknown threat actor has been observed targeting government and military entities in Southeast Asia, alongside a smaller cluster of managed serv...
OpenAI To Extend Cyber Program to Government Agencies
OpenAI announced its intention to expand the Trusted Access for Cyber program for cyber defenders at the federal, state and local government levels
Visual data is the blind spot in enterprise security: that’s about to change
Most enterprise security teams can tell you exactly how their databases are encrypted. They know who has access to their CRM and can pull audit logs for ever...
Global Crackdown Arrests 276, Shuts 9 Crypto Scam Centers, Seizes $701M
A coordinated international operation involving U.S.
CrowdStrike Technical Risk Assessments Reveal Common Exposure Patterns
ISC Stormcast For Monday, May 4th, 2026 https://isc.sans.edu/podcastdetail/9916, (Mon, May 4th)
[local] Linux Kernel proc_readdir_de() 6.18-rc5 - Local Privilege Escalation
Linux Kernel proc_readdir_de() 6.
[local] Linux nf_tables 6.19.3 - Local Privilege Escalation
Linux nf_tables 6.19.
[hardware] Linksys E1200 2.0.04 - Authenticated Stack Buffer Overflow (RCE)
Linksys E1200 2.0.
[webapps] MindsDB 25.9.1.1 - Path Traversal
MindsDB 25.9.
[local] Windows 11 24H2 - Local Privilege Escalation
Windows 11 24H2 - Local Privilege Escalation
Data Breaches
Iran-Linked Handala Breached a California Water Utility. It Could Have Done Worse, and It Knows That.
Pro-Iran group Handala breached Cal Water via an exposed GPS tool, reaching billing data for 2M customers. 5GB leaked.
Novo Nordisk discloses data breach affecting patient and healthcare professional information
Attackers gained access to Novo Nordisk's internal IT systems, copying non-public data without authorization.
Maine disables data breach notification portal after fake disclosures
Maine has taken its public data breach reporting portal offline after fraudulent breach disclosures were published on the state's website, prompting a review...
Privacy own-goal: World Cup blunder leaks Lionel Messi’s passport details
Argentina's World Cup squad had their passport numbers leaked before a ball was kicked - not by hackers, but by someone who failed to redact a document prope...
Bankruptcy admin approves settlement fund of $47 million for 23andMe data breach victims
About 7 million customers of the genetics testing company had their data stolen by hackers starting in April 2023, and many had their information posted on t...
South Korea hits Coupang with record $409 million fine over data breach
The penalty is the largest ever issued by the commission for a personal data breach, surpassing the record 134.8 billion won ($88.
How Security Debt Can Accumulate Faster Than Technical Debt
Security debt sounds like a tidy metaphor until the first breach turns it into a billing department with teeth. Technical debt behaves like clutter.
Kyushu Electric Power Co. reports data breach affecting over 10 million customers
On April 27, Kyushu Electric Power Co. utilized an external storage device for data backups due to capacity constraints.
Early Warning Signs of Supply-Chain Attacks Live in the Dark Web
GitHub access sales, leaked repositories, and stolen API keys can all become supply-chain attack footholds. Flare explores how underground forums expose earl...
Oracle PeopleSoft RCE Flaw Used as Zero-Day in Ongoing ShinyHunters Campaign
ShinyHunters exploited a critical Oracle PeopleSoft zero-day to breach over 100 organizations, mostly universities, before a patch was available. Mandiant an...
Pharma giant Novo Nordisk discloses breach of clinical trials data
Danish pharmaceutical giant Novo Nordisk, the world's largest producer of insulin, disclosed a data breach affecting patient information from some clinical t...
Over 73,000 French govt employees affected in Tchap messenger breach
The French government revealed that a recent breach of its Tchap encrypted messaging platform affects the accounts of over 73,000 employees in the French pub...