cyber·news

HIGH

CVE-2026-8416 (CVSS 8.8) — Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controlle...

NVD CVE-2026-8416 16d ago

HIGH

CVE-2026-8415 (CVSS 8.8) — Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controlle...

NVD CVE-2026-8415 16d ago

HIGH

CVE-2026-8414 (CVSS 8.8) — Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controlle...

NVD CVE-2026-8414 16d ago

HIGH

CVE-2026-8413 (CVSS 8.8) — Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controlle...

NVD CVE-2026-8413 16d ago

HIGH

CVE-2026-8412 (CVSS 8.8) — Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controll...

NVD CVE-2026-8412 16d ago

HIGH

CVE-2026-8411 (CVSS 8.8) — Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controlle...

NVD CVE-2026-8411 16d ago

HIGH

CVE-2026-8410 (CVSS 8.8) — Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controlle...

NVD CVE-2026-8410 16d ago

HIGH

CVE-2026-8409 (CVSS 8.8) — Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controlle...

NVD CVE-2026-8409 16d ago

CRITICAL

CVE-2026-6960 (CVSS 9.8) — The BookingPress Pro plugin for WordPress is vulnerable to arbitrary file uploads due to missing fil...

NVD CVE-2026-6960 16d ago

INFO

Canadian man arrested, charged for running KimWolf DDos botnet

The Record breachesransomwarenation-state +4 15d ago

INFO

Alleged Kimwolf Botmaster ‘Dort’ Arrested, Charged in U.S. and Canada

Krebs 16d ago

INFO

Kimwolf DDoS Botnet Operator Arrested in Canada Over DDoS-for-Hire Attacks

The Hacker News 15d ago

INFO

US and Canada arrest and charge suspected Kimwolf botnet admin

BleepingComputer 15d ago

INFO

Canadian Man Arrested for Operating Kimwolf Botnet

SecurityWeek 15d ago

HIGH

CVE-2026-8428 (CVSS 8.8) — Concrete CMS 9.5.0 and below emits a CSRF token in the local_available_update.php view ($token->outp...

NVD CVE-2026-8428 16d ago

HIGH

CVE-2026-8426 (CVSS 8.8) — Concrete CMS 9.5.0 and below does not validate a CSRF token before processing requests to /dashboard...

NVD CVE-2026-8426 16d ago

HIGH

CVE-2026-8421 (CVSS 8.8) — Concrete CMS 9.5.0 and below contains a CSRF vulnerability in the install_package() method of concre...

NVD CVE-2026-8421 16d ago

HIGH

CVE-2026-8417 (CVSS 8.8) — Concrete CMS 9.5.0 and below does not validate a CSRF token before processing requests to /dashboard...

NVD CVE-2026-8417 16d ago

HIGH

CVE-2026-8350 (CVSS 8.8) — Concrete CMS 9.5.0 and below is vulnerable to missing authorization in the bulk_user_assignment.php ...

NVD CVE-2026-8350 16d ago

HIGH

CVE-2026-8135 (CVSS 7.2) — Concrete CMS 9.5.0 and below is vulnerable to Remote Code Execution due to insecure deserialization...

NVD CVE-2026-8135 16d ago

HIGH

CVE-2026-8134 (CVSS 7.2) — Concrete CMS 9.5.0 and below fails to sanitize path traversal sequences in the ptComposerFormLayoutS...

NVD CVE-2026-8134 16d ago

HIGH

CVE-2026-47102 (CVSS 8.8) — LiteLLM prior to 1.83.10 allows a user to modify their own user_role via the /user/update endpoint. ...

NVD CVE-2026-47102 16d ago

HIGH

CVE-2026-47101 (CVSS 8.8) — LiteLLM prior to 1.83.14 allows an authenticated internal_user to create API keys with access to rou...

NVD CVE-2026-47101 16d ago

INFO

How CISOs Should Prep for Agentic-Ready AI BOMs

rss:darkreading breachesmalwarethreat-actors 16d ago

HIGH

CVE-2026-47114 (CVSS 8.8) — IINA before 1.4.3 contains a user-assisted command execution vulnerability that allows remote attack...

NVD CVE-2026-47114 16d ago

INFO

AI Agent Uncovers 21 Zero-Days in FFmpeg; Chrome Patches Record 429 Bugs

The Hacker News supply-chainbreachesmalware +19 19h ago

INFO

VoidStealer Malware Darts Past Google Chrome's Encryption

rss:darkreading 31d ago

INFO

Android Adds Intrusion Logging for Sophisticated Spyware Forensics

The Hacker News 24d ago

INFO

A 0-click exploit chain for the Pixel 10: When a Door Closes, a Window Opens

rss:googleprojectzero 24d ago

INFO

Google’s Surge in Chrome Vulnerability Discoveries Likely Driven by AI

SecurityWeek 16d ago

INFO

Google accidentally exposed details of unfixed Chromium flaw

BleepingComputer 16d ago

INFO

Google API Keys Remain Active After Deletion

rss:darkreading 16d ago

INFO

GlassWorm Malware Takedown Disrupts Developer Supply Chain Attack Infrastructure

The Hacker News 10d ago

INFO

Google Unveils AI Threat Defense Platform to Fight AI-Powered Cyberattacks

SecurityWeek 9d ago

INFO

US charges Google security engineer with Polymarket insider trading

BleepingComputer 8d ago

INFO

Google Chrome adds session cookie theft protection for all users

BleepingComputer 8d ago

INFO

Critical WP Maps Pro Flaw Actively Exploited to Create Admin Accounts

The Hacker News 5d ago

INFO

Google fixes one actively exploited Android zero-day, 124 flaws

BleepingComputer 4d ago

INFO

Google adds Android protection against AI deepfake scam calls

BleepingComputer 3d ago

INFO

Malicious Notifications Could Trick Google Gemini Users

rss:darkreading 3d ago

INFO

Google DoubleClick Abused in New Malspam Campaign to Deliver DesckVB RAT

The Hacker News 3d ago

INFO

WhatsApp, Slack Notifications Could Hijack Google Gemini on Android

The Hacker News 3d ago

INFO

Fake Sites Mimicking Open-Source Tools Rank High on Google to Deliver Malware via TDS

The Hacker News 2d ago

INFO

FlutterShell Backdoor Spreads to macOS via Malicious Google and YouTube Ads

The Hacker News 2d ago

INFO

Gemini Voice Assistant Hijacked via Messaging Notifications

SecurityWeek 2d ago

INFO

Hacking Meta’s AI Chatbot

rss:schneier analysispolicy +4 2d ago

INFO

Tech giants promise British regulator they will tweak platforms to protect kids online

The Record 16d ago

INFO

Hackers Used Meta’s AI Support Bot to Seize Instagram Accounts

Krebs 5d ago

INFO

Meta AI Hands Over High-Profile Instagram Accounts to Hackers

SecurityWeek 4d ago

INFO

Instagram users locked out after Meta AI abused to steal accounts

BleepingComputer 4d ago

HIGH

CVE-2026-48242 (CVSS 8.1) — Open ISES Tickets before 3.44.2 contains hardcoded MySQL database connection credentials (host, user...

NVD CVE-2026-48242 16d ago

HIGH

CVE-2026-48241 (CVSS 8.1) — Open ISES Tickets before 3.44.2 contains hardcoded MySQL database credentials in loader.php (a publi...

NVD CVE-2026-48241 16d ago

HIGH

CVE-2026-48240 (CVSS 7.1) — Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in ajax/statistics.php where ...

NVD CVE-2026-48240 16d ago

HIGH

CVE-2026-48239 (CVSS 7.1) — Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in ajax/reports.php where the...

NVD CVE-2026-48239 16d ago

HIGH

CVE-2026-48238 (CVSS 7.1) — Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in ajax/mobile_main.php where...

NVD CVE-2026-48238 16d ago

HIGH

CVE-2026-48237 (CVSS 7.1) — Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in message.php where the frm_...

NVD CVE-2026-48237 16d ago

HIGH

CVE-2026-48236 (CVSS 7.1) — Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in db_loader.php where the mu...

NVD CVE-2026-48236 16d ago

HIGH

CVE-2026-48235 (CVSS 8.2) — Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in incs/remotes.inc.php where...

NVD CVE-2026-48235 16d ago

HIGH

CVE-2026-48234 (CVSS 7.1) — Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in portal/ajax/list_requests....

NVD CVE-2026-48234 16d ago

HIGH

CVE-2026-48233 (CVSS 7.1) — Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in ajax/sit_incidents.php whe...

NVD CVE-2026-48233 16d ago

HIGH

CVE-2026-48232 (CVSS 7.1) — Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in ajax/fullsit_incidents.php...

NVD CVE-2026-48232 16d ago

HIGH

CVE-2026-48231 (CVSS 7.1) — Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in tables.php where the multi...

NVD CVE-2026-48231 16d ago

INFO

Two Americans plead guilty to assisting India-based tech support scam centers

The Record breachesransomwarenation-state 16d ago

INFO

Apple removes Russia’s state-backed messaging app Max from its store

The Record breachesransomwarenation-state +3 2d ago

INFO

Apple Rejected 2 Million App Store Submissions in 2025 for Security and Fraud Prevention

SecurityWeek 16d ago

INFO

Apple blocked over $11 billion in App Store fraud in 6 years

BleepingComputer 16d ago

INFO

macOS Kernel Memory Corruption Exploit

rss:schneier 16d ago

INFO

AI Agents Are Shifting Identity Security Budget Dynamics

rss:darkreading breachesmalwarethreat-actors 16d ago

INFO

UK plans for cybercrime law reform would protect almost no one, experts warn

The Record breachesransomwarenation-state 16d ago

INFO

Showboat Linux Malware Hits Middle East Telecom with SOCKS5 Proxy Backdoor

The Hacker News supply-chainbreachesmalware 16d ago

HIGH

CVE-2025-13479 (CVSS 7.5) — Authorization bypass through User-Controlled key vulnerability in PosCube Hardware Software and Cons...

NVD CVE-2025-13479 16d ago

HIGH

CVE-2025-13477 (CVSS 7.1) — Exposure of private personal information to an unauthorized actor, Insufficiently Protected Credenti...

NVD CVE-2025-13477 16d ago

INFO

Inside a Crypto Drainer: How to Spot it Before it Empties Your Wallet

BleepingComputer breachesransomwaresupply-chain 16d ago

INFO

Chinese hackers target telcos with new Linux, Windows malware

BleepingComputer breachesransomwaresupply-chain 16d ago

INFO

Chinese APTs Share Linux Backdoor in Central Asia Telco Attacks

rss:darkreading breachesmalwarethreat-actors 16d ago

INFO

Cisco warns of critical Unified CM flaw with PoC exploit code

BleepingComputer breachesransomwaresupply-chain +4 2d ago

INFO

Maximum Severity Cisco SD-WAN Bug Exploited in the Wild

rss:darkreading 23d ago

INFO

Cisco Patches Critical Vulnerability in Secure Workload

SecurityWeek 16d ago

INFO

Max severity Cisco Secure Workload flaw gives Site Admin privileges

BleepingComputer 16d ago

INFO

Cisco Warns of Available PoC for Critical Unified CM Vulnerability

SecurityWeek 2d ago

CRITICAL

CVE-2026-5118 (CVSS 9.8) — The Divi Form Builder plugin for WordPress is vulnerable to privilege escalation in versions up to, ...

NVD CVE-2026-5118 16d ago

INFO

First VPN Dismantled in Global Takedown Over Use by 25 Ransomware Groups

The Hacker News supply-chainbreachesmalware +2 15d ago

INFO

Europe dismantles VPN service used by cybercriminals to hide ransomware attacks

The Record 17d ago

INFO

Police seize “First VPN” service used in ransomware, data theft attacks

BleepingComputer 16d ago

Prev Page 24 / 44 Next

INFO The Record Fri, 22 May 2026 15:00:00 UTC

Canadian man arrested, charged for running KimWolf DDos botnet

https://therecord.media/canadian-man-arrested-charged-running-kimwolf-botnet

TL;DR

In court documents unsealed on Thursday, the Justice Department said Jacob Butler ran KimWolf as a DDoS-for-hire service that infected over a million devices worldwide.

breachesransomwarenation-state

Read full story ↗