Rituals confirms data breach of customer membership database
Hackers gained access to Rituals' membership database, stealing data that includes customers' full names, dates of birth, gender, postal and email addresses,...
Threat Intelligence Feed
Aggregating 4271 articles from trusted cybersecurity sources
LATEST CVEs
CVE-2026-4049
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2026-41455
WeKan before 8.35 contains a server-side request forgery vulnerability in webhook integration URL handling where the url
CVE-2026-41454
WeKan before 8.35 contains a missing authorization vulnerability in the Integration REST API endpoints that allows authe
CVE-2026-41314
pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions prior
CVE-2026-41313
pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions prior
CVE-2026-41312
pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions prior
CVE-2026-41177
Squidex is an open source headless content management system and content management hub. Prior to version 7.23.0, the Sq
CVE-2026-41175
Statamic is a Laravel and Git powered content management system (CMS). Prior to versions 5.73.20 and 6.13.0, manipulatin
CVE-2026-41172
Squidex is an open source headless content management system and content management hub. Prior to version 7.23.0, an SSR
CVE-2026-41171
Squidex is an open source headless content management system and content management hub. Versions prior to 7.23.0 have a
CVE-2026-41170
Squidex is an open source headless content management system and content management hub. Prior to version 7.23.0, the `R
CVE-2026-40517
radare2 prior to 6.1.4 contains a command injection vulnerability in the PDB parser's print_gvars() function that allows
CVE-2026-41168
pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions prior
CVE-2026-41167
Jellystat is a free and open source Statistics App for Jellyfin. Prior to version 1.1.10, multiple API endpoints in Jell
CVE-2026-41166
OpenRemote is an open-source internet-of-things platform. Prior to version 1.22.1, a user who has `write:admin` in one K
CVE-2026-41134
Kiota is an OpenAPI based HTTP Client code generator. Versions prior to 1.31.1 are affected by a code-generation literal
CVE-2026-40937
RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-alpha.94, all four notification target admin
CVE-2026-40882
OpenRemote is an open-source internet-of-things platform. Prior to version 1.22.0, the Velbus asset import path parses a
CVE-2026-3837
An authenticated attacker can persist crafted values in multiple field types and trigger client-side script execution wh
CVE-2026-34068
nimiq-transaction provides the transaction primitive to be used in Nimiq's Rust implementation. Prior to version 1.3.0,
CVE-2026-34067
nimiq-transaction provides the transaction primitive to be used in Nimiq's Rust implementation. Prior to version 1.3.0,
CVE-2026-33733
EspoCRM is an open source customer relationship management application. Prior to version 9.3.4, the admin template manag
CVE-2026-33656
EspoCRM is an open source customer relationship management application. Prior to version 9.3.4, EspoCRM's built-in formu
CVE-2026-6019
http.cookies.Morsel.js_output() returns an inline <script> snippet and only escapes " for JavaScript string context. It
CVE-2026-3673
An authenticated attacker can store a crafted tag value in _user_tags and trigger JavaScript execution when a victim ope
CVE-2026-34066
nimiq-blockchain provides persistent block storage for Nimiq's Rust implementation. Prior to version 1.3.0, `HistoryStor
CVE-2026-34065
nimiq-primitives contains primitives (e.g., block, account, transaction) to be used in Nimiq's Rust implementation. Prio
CVE-2026-34064
nimiq-account contains account primitives to be used in Nimiq's Rust implementation. Prior to version 1.3.0, `VestingCon
CVE-2026-34063
Nimiq's network-libp2p is a Nimiq network implementation based on libp2p. Prior to version 1.3.0, `network-libp2p` disco
CVE-2026-34062
nimiq-libp2p is a Nimiq network implementation based on libp2p. Prior to version 1.3.0, `MessageCodec::read_request` and
CVE-2026-33471
nimiq-block contains block primitives to be used in Nimiq's Rust implementation. `SkipBlockProof::verify` computes its q
CVE-2026-41469
Beghelli Sicuro24 SicuroWeb does not enforce a Content Security Policy, allowing unrestricted loading of external JavaSc
CVE-2026-41468
Beghelli Sicuro24 SicuroWeb embeds AngularJS 1.5.2, an end-of-life component containing known sandbox escape primitives.
CVE-2026-41459
Xerte Online Toolkits versions 3.15 and earlier contain an information disclosure vulnerability that allows unauthentica
CVE-2026-34415
Xerte Online Toolkits versions 3.15 and earlier contain an incomplete input validation vulnerability in the elFinder con
CVE-2026-34414
Xerte Online Toolkits versions 3.15 and earlier contain a relative path traversal vulnerability in the elFinder connecto
CVE-2026-34413
Xerte Online Toolkits versions 3.15 and earlier contain a missing authentication vulnerability in the elFinder connector
CVE-2026-28950
A logging issue was addressed with improved data redaction. This issue is fixed in iOS 18.7.8 and iPadOS 18.7.8, iOS 26.
CVE-2026-26354
Dell PowerProtect Data Domain with Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.6, LTS2
CVE-2026-6515
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.9.6, 18.10 before 18.10.4, and
Latest News
No articles found.
Data Breaches
Cosmetics giant Rituals discloses data breach affecting customers
Dutch cosmetics giant Rituals disclosed a data breach after attackers stole the personal information of an undisclosed number of customers from its "My Ritua...
Vercel Confirms Security Breach Affecting Customer Accounts
Vercel has confirmed a security breach involving unauthorised access to certain internal systems, and the company says the incident affected a limited number...
Luxury Cosmetics Giant Rituals Discloses Data Breach
The company is notifying My Rituals members that hackers downloaded part of their data, including names and addresses. The post Luxury Cosmetics Giant Ritual...
RAMP Uncovered: Anatomy of Russia’s Ransomware Marketplace
Leaked data from RAMP reveals Russia’s ransomware ecosystem, analyzing 1,732 threads, 7,707 users, and 340,000 IP records from the forum. RAMP was not just a...
Vercel Finds More Compromised Accounts in Context.ai-Linked Breach
Vercel on Wednesday revealed that it has identified an additional set of customer accounts that were compromised as part of a security incident that enabled ...
Xinference PyPI Breach Exposes Developers to Cloud Credential Theft
A severe supply chain attack has compromised the popular Python package Xinference, exposing developers to massive data theft. Threat actors uploaded malicio...
Agoda refutes claims of massive data breach
Asia-centric booking platform Agoda has denied the alleged theft of 82 million records from its systems just a week after its parent firm Booking Holdings di...
Almost 600K reportedly impacted by separate US healthcare breaches
Three healthcare providers across the U.S.
Discord-Linked Group Accessed Anthropic’s Claude Mythos AI in Vendor Breach
Anthropic is investigating a vendor breach after a Discord-linked group accessed its Claude Mythos AI model, with no evidence of impact on core systems.
Adaptavist Group investigates security breach amidst ransomware claims
The breach was detected in late March when an attacker exploited compromised login details.
Cyberattack on French government agency triggers phishing alert
France Titres, a French government agency, has disclosed a data breach that may have exposed user data from its online portal. France Titres, also known as t...