cyber·news

HIGH

CVE-2026-9560 (CVSS 7.8) — Privilege escalation via background service of OpenVPN Connect 3.5.1 through 3.8.1 on macOS allows a...

NVD CVE-2026-9560 10d ago

HIGH

CVE-2026-9170 (CVSS 7.5) — IBM Web Server Plug-ins for WebSphere Application Server and WebSphere Liberty 8.5, 9.0 IBM WebSpher...

NVD CVE-2026-9170 10d ago

HIGH

CVE-2026-8856 (CVSS 7.7) — IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service in configurations where an attacker ...

NVD CVE-2026-8856 10d ago

HIGH

CVE-2026-8855 (CVSS 8.1) — IBM HTTP Server 8.5, and 9.0 is vulnerable to remote code execution and denial of service in configu...

NVD CVE-2026-8855 10d ago

HIGH

CVE-2026-8854 (CVSS 7.5) — IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service via the optional module mod_mem_cach...

NVD CVE-2026-8854 10d ago

HIGH

CVE-2026-8835 (CVSS 7.3) — IBM HTTP Server 8.5, and 9.0 is vulnerable to invalid pointer dereference. A privileged user, authen...

NVD CVE-2026-8835 10d ago

HIGH

CVE-2026-8834 (CVSS 8) — IBM HTTP Server 8.5, and 9.0 contains a buffer overflow vulnerability. A privileged user, authentica...

NVD CVE-2026-8834 10d ago

CRITICAL

CVE-2026-8633 (CVSS 9.8) — IBM Web Server Plug-ins for WebSphere Application Server and WebSphere Liberty 8.5, 9.0 IBM WebSpher...

NVD CVE-2026-8633 10d ago

HIGH

CVE-2026-8620 (CVSS 7.5) — IBM Web Server Plug-ins for WebSphere Application Server and WebSphere Liberty 8.5, 9.0 IBM WebSpher...

NVD CVE-2026-8620 10d ago

HIGH

CVE-2026-7454 (CVSS 7.8) — A maliciously crafted WRL file, when parsed through Autodesk 3ds Max, can force a Memory Corruption ...

NVD CVE-2026-7454 10d ago

HIGH

CVE-2026-7452 (CVSS 7.8) — A maliciously crafted WRL file, when parsed through Autodesk 3ds Max, can force a Memory Corruption ...

NVD CVE-2026-7452 10d ago

HIGH

CVE-2026-7451 (CVSS 7.8) — A maliciously crafted TIF file, when parsed through Autodesk 3ds Max, can force an Out-of-Bounds Wri...

NVD CVE-2026-7451 10d ago

HIGH

CVE-2026-48695 (CVSS 8.1) — FastNetMon Community Edition through 1.2.9 contains an OS command injection vulnerability in the Mik...

NVD CVE-2026-48695 10d ago

HIGH

CVE-2026-48694 (CVSS 8.1) — FastNetMon Community Edition through 1.2.9 contains a configuration injection vulnerability in the J...

NVD CVE-2026-48694 10d ago

HIGH

CVE-2026-44728 (CVSS 8.2) — Babel is a compiler for writing next generation JavaScript. From 7.12.0 to before 7.29.4 and 8.0.0-a...

NVD CVE-2026-44728 10d ago

HIGH

CVE-2026-9562 (CVSS 7.3) — A vulnerability has been found in sambitraj STUDENT-MANAGEMENT-SYSTEM up to 56ba287f2e9031523ccb4244...

NVD CVE-2026-9562 10d ago

MEDIUM

CVE-2026-8852 (CVSS 6.2) — IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service via the optional module mod_fastcgi ...

NVD CVE-2026-8852 10d ago

HIGH

CVE-2026-8850 (CVSS 7.5) — IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service via the optional module mod_ibm_uplo...

NVD CVE-2026-8850 10d ago

CRITICAL

CVE-2026-48904 (CVSS 9.8) — An improper access check allows privelege escalation through the com_users group editing webservice ...

NVD CVE-2026-48904 10d ago

CRITICAL

CVE-2026-48899 (CVSS 9.8) — An improper access check allows privilege escalation through the com_users batch task.

NVD CVE-2026-48899 10d ago

CRITICAL

CVE-2026-48898 (CVSS 9.8) — An improper access check allows privilege escalation through the com_users batch task.

NVD CVE-2026-48898 10d ago

HIGH

CVE-2026-48897 (CVSS 7.5) — Insufficient state checks lead to a vector that allows to bypass 2FA checks.

NVD CVE-2026-48897 10d ago

HIGH

CVE-2026-48896 (CVSS 7.5) — Insufficient state checks lead to a vector that allows to bypass 2FA checks.

NVD CVE-2026-48896 10d ago

HIGH

CVE-2026-48864 (CVSS 7.8) — A flaw was found in libsolv. This heap buffer overflow occurs during the decompression of attacker-c...

NVD CVE-2026-48864 10d ago

HIGH

CVE-2026-48697 (CVSS 7.4) — FastNetMon Community Edition through 1.2.9 does not verify TLS certificates on outbound HTTPS connec...

NVD CVE-2026-48697 10d ago

CRITICAL

CVE-2026-48691 (CVSS 9.8) — FastNetMon Community Edition through 1.2.9 contains an integer overflow in the BGP AS_PATH attribute...

NVD CVE-2026-48691 10d ago

HIGH

CVE-2026-48690 (CVSS 7.1) — FastNetMon Community Edition through 1.2.9 contains an integer overflow vulnerability in the packet ...

NVD CVE-2026-48690 10d ago

MEDIUM

CVE-2026-44723 (CVSS 5) — Vowpal Wabbit is a machine learning system. The workflow .github/workflows/python_checks.yml embeds ...

NVD CVE-2026-44723 10d ago

HIGH

CVE-2026-40384 (CVSS 7.5) — An improper validation of the search parameter of the com_media files API endpoint leads to a path t...

NVD CVE-2026-40384 10d ago

CRITICAL

CVE-2026-40383 (CVSS 9.8) — An improper validation of user-supplied input leads to a local file inclusion vulnerability.

NVD CVE-2026-40383 10d ago

CRITICAL

CVE-2026-35223 (CVSS 9.8) — An improper access check allows unauthorized access to com_config webservice endpoints.

NVD CVE-2026-35223 10d ago

CRITICAL

CVE-2026-35222 (CVSS 9.8) — Improperly validated order clauses lead to a SQL injection vulnerability in com_tags.

NVD CVE-2026-35222 10d ago

CRITICAL

CVE-2026-35221 (CVSS 9.8) — Improperly built filter clauses lead to a SQL injection vulnerability in the search query for com_fi...

NVD CVE-2026-35221 10d ago

HIGH

CVE-2026-24212 (CVSS 7.5) — NVIDIA Isaac Launchable for Linux contains a vulnerability where sensitive information is transmitte...

NVD CVE-2026-24212 10d ago

MEDIUM

CVE-2025-36221 (CVSS 5.3) — IBM Cloud Pak for Data System - Cyclops 11.3.0.2 through Interim Fix 002 IBM Cloud Pak for Data Sys...

NVD CVE-2025-36221 10d ago

MEDIUM

CVE-2025-36220 (CVSS 4.3) — IBM Cloud Pak for Data System - Cyclops 11.3.0.2 through Interim Fix 002 IBM Cloud Pak for Data Sys...

NVD CVE-2025-36220 10d ago

MEDIUM

CVE-2025-36126 (CVSS 6.4) — IBM Cognos Analytics 11.2.0, 12.0, and 12.1.0 and IBM Cognos Transformer 12.0, 11.2.4, and 12.1.0 is...

NVD CVE-2025-36126 10d ago

HIGH

CVE-2026-48692 (CVSS 8.1) — FastNetMon Community Edition through 1.2.9 exposes a gRPC API server on port 50052 with no authentic...

NVD CVE-2026-48692 11d ago

HIGH

CVE-2026-48688 (CVSS 7.5) — FastNetMon Community Edition through 1.2.9 contains multiple out-of-bounds reads in the BGP MP_REACH...

NVD CVE-2026-48688 11d ago

CRITICAL

CVE-2026-48687 (CVSS 9.8) — FastNetMon Community Edition through 1.2.9 contains an OS command injection vulnerability in the Jun...

NVD CVE-2026-48687 11d ago

CRITICAL

CVE-2026-48686 (CVSS 9.8) — FastNetMon Community Edition through 1.2.9 contains a stack-based buffer overflow in the BGP NLRI (N...

NVD CVE-2026-48686 11d ago

INFO

China-Linked TA4922 Expands Phishing Attacks to UK, Germany, Italy, and South Africa

The Hacker News supply-chainbreachesmalware +10 2d ago

INFO

Middle East Cyber Battle Field Broadens — Especially in UAE

rss:darkreading 31d ago

INFO

Cyber Resilience is the New Business Continuity Plan

SecurityWeek 18d ago

INFO

Windows Zero-Day Barrage Continues After Patch Tuesday

rss:darkreading 17d ago

INFO

Identity Alone Isn't Enough: Why Device Security Has to Share the Load

BleepingComputer 17d ago

INFO

Anthropic: Mythos Detected 23,000 Potential Vulnerabilities Across 1,000 OSS Projects

SecurityWeek 12d ago

INFO

Iranian APT Targets Aviation, Software Companies With Updated Tools

SecurityWeek 11d ago

INFO

MuddyWater Uses DLL Side-Loading in Espionage Campaign Targeting 9 Countries

The Hacker News 11d ago

INFO

Threat Actors Exploit Critical FortiClient EMS Flaw to Deploy Credential Stealer

The Hacker News 9d ago

INFO

Global Stock Exchange Hit by Monthslong Email Campaign

rss:darkreading 3d ago

INFO

What 345 Days of Untested Exposure Looks Like at a Bank

BleepingComputer 3d ago

HIGH

CVE-2026-9552 (CVSS 7.3) — A security flaw has been discovered in Das Parking Management System 停车场管理系统 6.2.0. This vulnerabili...

NVD CVE-2026-9552 11d ago

HIGH

CVE-2026-9551 (CVSS 7.3) — A vulnerability was identified in Das Parking Management System 停车场管理系统 6.2.0. This affects the func...

NVD CVE-2026-9551 11d ago

HIGH

CVE-2026-9550 (CVSS 7.3) — A vulnerability was determined in Acrel Electrical EEMS Enterprise Power Operation and Maintenance C...

NVD CVE-2026-9550 11d ago

HIGH

CVE-2026-4480 (CVSS 8.5) — A flaw was found in the Samba printing subsystem. Samba passes the client-controlled job description...

NVD CVE-2026-4480 11d ago

HIGH

CVE-2026-46368 (CVSS 8.8) — luci-app-https-dns-proxy through 2025.12.29-5 — an optional LuCI web UI add-on for the https-dns-pro...

NVD CVE-2026-46368 11d ago

CRITICAL

CVE-2026-45247: Mirasvit Full Page Cache Warmer Deserialization of Untrusted Data Vulnerability (Mirasvit Mirasvit Full Page Cache Warmer)

CISA KEV CVE-2026-45247actively-exploited +2 3d ago

CRITICAL

CVE-2026-45247 (CVSS 9.8) — Mirasvit Full Page Cache Warmer for Magento 2 before version 1.11.12 contains a PHP object injection...

NVD 11d ago

INFO

CISA Adds Exploited Magento RCE Flaw CVE-2026-45247 to KEV Catalog

The Hacker News 2d ago

HIGH

CVE-2026-42785 (CVSS 7.2) — OpenKM 6.3.12 contains a remote code execution vulnerability that allows authenticated administrator...

NVD CVE-2026-42785 11d ago

HIGH

CVE-2026-42425 (CVSS 7.2) — OpenKM 6.3.12 contains an unrestricted SQL execution vulnerability that allows authenticated adminis...

NVD CVE-2026-42425 11d ago

Prev Page 15 / 39 Next

INFO The Hacker News Thu, 04 Jun 2026 12:22:25 UTC

China-Linked TA4922 Expands Phishing Attacks to UK, Germany, Italy, and South Africa

https://thehackernews.com/2026/06/china-linked-ta4922-expands-phishing.html

TL;DR

A new China-linked cybercrime group known as TA4922 has expanded its targeting focus to target European organizations in the U.K., Germany, Italy, and South Africa. These efforts have been complemented by a "rapid operational tempo" and a continually evolving malware arsenal comprising known familie

supply-chainbreachesmalwarenation-state

Read full story ↗