Cybersecurity
- Russia Hacked Routers to Steal Microsoft Office Tokens
Hackers linked to Russia's military intelligence units are using known flaws in older Internet routers to mass harvest authentication tokens from Microsoft Office users, security experts warned today. The spying campaign allowed state-backed Russian hackers to quietly siphon authentication tokens from users on more th…
- Russia Hacked Routers to Steal Microsoft Office Tokens
Hackers linked to Russia's military intelligence units are using known flaws in older Internet routers to mass harvest authentication tokens from Microsoft Office users, security experts warned today. The spying campaign allowed state-backed Russian hackers to quietly siphon authentication tokens from users on more than 18,000 networks without deploying any malicious software or code.
- RSAC 2026: How AI Is Reshaping Cybersecurity Faster Than Ever
Dark Reading's Kelly Jackson Higgins shares insights on the past, present, and future of cybersecurity after attending RSAC 2026 Conference.
- RSAC 2026: How AI Is Reshaping Cybersecurity Faster Than Ever
Dark Reading's Kelly Jackson Higgins shares insights on the past, present, and future of cybersecurity after attending RSAC 2026 Conference.
- Human vs. AI: Debates Shape RSAC 2026 Cybersecurity Trends
As AI dominated RSAC 2026, CISOs and industry leaders debated its role in security, from agentic applications to the challenges of scaling human involvement in decision-making.
- Human vs. AI: Debates Shape RSAC 2026 Cybersecurity Trends
As AI dominated RSAC 2026, CISOs and industry leaders debated its role in security, from agentic applications to the challenges of scaling human involvement in decision-making.
- Lies, Damned Lies, and Cybersecurity Metrics
A panel of five C-suite leaders discuss how cybersecurity success is measured and why it isn't improving results.
- Lies, Damned Lies, and Cybersecurity Metrics
A panel of five C-suite leaders discuss how cybersecurity success is measured and why it isn't improving results.
- Focusing on the People in Cybersecurity at RSAC 2026 Conference
AI dominated RSAC 2026 Conference, but it's still the humans in cybersecurity who matter most.
- Focusing on the People in Cybersecurity at RSAC 2026 Conference
AI dominated RSAC 2026 Conference, but it's still the humans in cybersecurity who matter most.
- Mitsubishi Electric GENESIS64 and ICONICS Suite products
<p><a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-097-01.json"><strong>View CSAF</strong></a></p> <h2>Summary</h2> <p><strong>Successful exploitation of these vulnerabilities could allow a local attacker to disclose SQL Server credentials used by…
- Iranian-Affiliated Cyber Actors Exploit Programmable Logic Controllers Across US Critical Infrastructure
<h2><strong>Advisory at a Glance</strong></h2> <table> <tbody> <tr> <th>Title</th> <td>Iranian-Affiliated Cyber Actors Exploit Programmable Logic Controllers Across US Critical Infrastructure</td> </tr> <tr> <th>Original Publication</th> <td>April 7, 2026</td> <&…
- Mitsubishi Electric GENESIS64 and ICONICS Suite products
View CSAF Summary Successful exploitation of these vulnerabilities could allow a local attacker to disclose SQL Server credentials used by the affected products and use them to disclose, tamper with, or destroy data, or to cause a denial-of-service (DoS) condition on the system. The following versions of Mitsubishi Electric GENESIS64 and ICONICS Suite products are affected: GENESIS64 <=10.97.3 (CVE-2025-14815, CVE-2025-14816) ICONICS Suite <=10.97.3 (CVE-2025-14815, CVE-2025-14816) MobileHMI <=1…
- Iranian-Affiliated Cyber Actors Exploit Programmable Logic Controllers Across US Critical Infrastructure
Advisory at a Glance Title Iranian-Affiliated Cyber Actors Exploit Programmable Logic Controllers Across US Critical Infrastructure Original Publication April 7, 2026 Executive Summary Iran-affiliated advanced persistent threat (APT) actors are conducting exploitation activity targeting internet-facing operational technology (OT) devices, including programmable logic controllers (PLCs) manufactured by Rockwell Automation/Allen-Bradley. This activity has led to PLC disruptions across several U.S.…
- AI-Assisted Supply Chain Attack Targets GitHub
PRT-scan is the second campaign in recent months where a threat actor appears to have leveraged AI for automated targeting of a widespread GitHub misconfiguration.
- AI-Assisted Supply Chain Attack Targets GitHub
PRT-scan is the second campaign in recent months where a threat actor appears to have leveraged AI for automated targeting of a widespread GitHub misconfiguration.
- Axios Attack Shows How Complex Social Engineering Is Industrialized
The attack on the popular NPM package Axios is just one of many targeting maintainers and has shone a light on how threat actors can scale sophisticated social engineering campaigns.
- Axios Attack Shows How Complex Social Engineering Is Industrialized
The attack on the popular NPM package Axios is just one of many targeting maintainers and has shone a light on how threat actors can scale sophisticated social engineering campaigns.
- Fortinet Issues Emergency Patch for FortiClient Zero-Day
The authentication bypass flaw, tracked as CVE-2026-35616, is the latest in a series of Fortinet vulnerabilities that have been exploited in the wild.
- Fortinet Issues Emergency Patch for FortiClient Zero-Day
The authentication bypass flaw, tracked as CVE-2026-35616, is the latest in a series of Fortinet vulnerabilities that have been exploited in the wild.
- CISA Adds One Known Exploited Vulnerability to Catalog
<p>CISA has added one new vulnerability to its <a href="https://www.cisa.gov/known-exploited-vulnerabilities-catalog" data-entity-type="node" data-entity-uuid="79453b83-86b9-4e2f-b1ec-abf73c6eb291" data-entity-substitution="canonical" title="Known Exploited Vulnerabilities Catalog">Known Exploited Vulnerabilities (KEV) Catal…
- CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2026-35616 - Fortinet FortiClient EMS Improper Access Control Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living li…
- Germany Doxes “UNKN,” Head of RU Ransomware Gangs REvil, GandCrab
An elusive hacker who went by the handle "UNKN" and ran the early Russian ransomware groups GandCrab and REvil now has a name and a face. Authorities in Germany say 31-year-old Russian Daniil Maksimovich Shchukin headed both cybercrime gangs and helped carry out at least 130 acts of computer s…
- Germany Doxes “UNKN,” Head of RU Ransomware Gangs REvil, GandCrab
An elusive hacker who went by the handle "UNKN" and ran the early Russian ransomware groups GandCrab and REvil now has a name and a face. Authorities in Germany say 31-year-old Russian Daniil Maksimovich Shchukin headed both cybercrime gangs and helped carry out at least 130 acts of computer sabotage and extortion against victims across the country between 2019 and 2021.
- [local] is-localhost-ip 2.0.0 - SSRF
is-localhost-ip 2.0.0 - SSRF
- [webapps] Fortinet FortiWeb v8.0.1 - Auth Bypass
Fortinet FortiWeb v8.0.1 - Auth Bypass
- [local] Windows Kernel - Elevation of Privilege
Windows Kernel - Elevation of Privilege
- [local] Desktop Window Manager Core Library 10.0.10240.0 - Privilege Escalation
Desktop Window Manager Core Library 10.0.10240.0 - Privilege Escalation
- [webapps] ASP.net 8.0.10 - Bypass
ASP.net 8.0.10 - Bypass
- [webapps] Grafana 11.6.0 - SSRF
Grafana 11.6.0 - SSRF
- [webapps] Zhiyuan OA - arbitrary file upload leading
Zhiyuan OA - arbitrary file upload leading
- [webapps] WBCE CMS 1.6.4 - Remote Code Execution
WBCE CMS 1.6.4 - Remote Code Execution
- [webapps] RiteCMS 3.1.0 - Authenticated Remote Code Execution
RiteCMS 3.1.0 - Authenticated Remote Code Execution
- [webapps] WordPress Madara - Local File Inclusion
WordPress Madara - Local File Inclusion
- SEC Consult SA-20260401-0 :: Broken Access Control in Open WebUI
Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Apr 02SEC Consult Vulnerability Lab Security Advisory < 20260401-0 > ======================================================================= title: Broken Access Control product: Open WebUI vulnerable version: <v0.8.11 fixed version: v0.8.11 CVE number: CVE-2026-34222 impact: high homepage:https://openwebui.com found: 2026-02-06...
- SEC Consult SA-20260326-0 :: Local Privilege Escalation in Vienna Assistant (MacOS) - Vienna Symphonic Library
Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Apr 02SEC Consult Vulnerability Lab Security Advisory < 20260326-0 > ======================================================================= title: Local Privilege Escalation product: Vienna Assistant (MacOS) - Vienna Symphonic Library vulnerable version: 1.2.542 fixed version: - CVE number: CVE-2026-24068 impact: high homepage:https://www.vsl.co.at/ ...
- Apple OHTTP Relay: 14 Third-Party Endpoints, 6 Countries, Zero User Visibility
Posted by Joseph Goydish II via Fulldisclosure on Apr 02SUMMARY Apple's Oblivious HTTP relay for Live Caller ID Lookup (iOS 18+) routes traffic through 14 third-party endpoints across six countries. These include an anonymous Delaware LLC sharing data with OpenAI, a Russian endpoint (Yandex), and a Swiss GmbH whose privacy policy names "The Legal Entity to be Confirmed" as its data controller. None of this is disclosed to users. This is shared infrastructure. All devices using Live...
- [KIS-2026-06] MetInfo CMS <= 8.1 (weixinreply.class.php) PHP Code Injection Vulnerability
Posted by Egidio Romano on Apr 02--------------------------------------------------------------------------- MetInfo CMS <= 8.1 (weixinreply.class.php) PHP Code Injection Vulnerability --------------------------------------------------------------------------- [-] Software Link: https://www.metinfo.cn [-] Affected Versions: Versions 7.9, 8.0, and 8.1. [-] Vulnerability Description: The vulnerable code is located into the...
- [CVE-2026-33691] OWASP CRS whitespace padding bypass vulnerability
Posted by cyber security on Apr 02A vulnerability was identified in OWASP CRS where whitespace padding in filenames can bypass file upload extension checks, allowing uploads of dangerous files such as .php, .phar, .jsp, and .jspx. This issue has been assigned CVE‑2026‑33691. Impact: Attackers may evade CRS protections and upload web shells disguised with whitespace‑padded extensions. Exploitation is most practical on Windows backends that normalize whitespace in filenames...
- Siemens SICAM 8 Products
<p><a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-092-01.json"><strong>View CSAF</strong></a></p> <h2>Summary</h2> <p><strong>Multiple SICAM 8 products are affected by multiple vulnerabilities that could lead to denial of service, namely: -&#…
- CISA Adds One Known Exploited Vulnerability to Catalog
<p>CISA has added one new vulnerability to its <a href="https://www.cisa.gov/known-exploited-vulnerabilities-catalog">Known Exploited Vulnerabilities (KEV) Catalog</a>, based on evidence of active exploitation. </p> <ul> <li><a href="https://www.cve.org/CVERecord?id=CVE-2026-3502…
- Hitachi Energy Ellipse
<p><a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-092-03.json"><strong>View CSAF</strong></a></p> <h2>Summary</h2> <p><strong>Hitachi Energy is aware of a Jasper Report vulnerability that affects the Ellipse product versions mentioned in this…
- Yokogawa CENTUM VP
<p><a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-092-02.json"><strong>View CSAF</strong></a></p> <h2>Summary</h2> <p><strong>Successful exploitation of this vulnerability could allow an attacker to login as the PROG user and modify permissio…
- Siemens SICAM 8 Products
View CSAF Summary Multiple SICAM 8 products are affected by multiple vulnerabilities that could lead to denial of service, namely: - SICAM A8000 Device firmware - CPCI85 for CP-8031/CP-8050 - SICORE for CP-8010/CP-8012 - RTUM85 for CP-8010/CP-8012 - SICAM EGS Device firmware - CPCI85 - SICAM S8000 - SICORE - RTUM85 Siemens has released new versions for the affected products and recommends to update to the latest versions. The following versions of Siemens SICAM 8 Products are affected: CPCI85 Ce…
- CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2026-3502 TrueConf Client Download of Code Without Integrity Check Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a livi…
- Hitachi Energy Ellipse
View CSAF Summary Hitachi Energy is aware of a Jasper Report vulnerability that affects the Ellipse product versions mentioned in this document below. This vulnerability can be exploited to carry out remote code execution (RCE) attack on the product. Please refer to the Recommended Immediate Actions for information about the mitigation/remediation. The following versions of Hitachi Energy Ellipse are affected: Ellipse vers:Ellipse/<=9.0.50 (CVE-2025-10492) CVSS Vendor Equipment Vulnerabilities v…
- Yokogawa CENTUM VP
View CSAF Summary Successful exploitation of this vulnerability could allow an attacker to login as the PROG user and modify permissions. The following versions of Yokogawa CENTUM VP are affected: CENTUM VP >=R5.01.00| CENTUM VP >=R6.01.00| CENTUM VP vR7.01.00 (CVE-2025-7741) CVSS Vendor Equipment Vulnerabilities v3 4 Yokogawa Yokogawa CENTUM VP Use of Hard-coded Password Background Critical Infrastructure Sectors: Critical Manufacturing, Energy, Food and Agriculture Countries/Areas Deployed: Wo…
- r/netsec monthly discussion & tool thread
<!-- SC_OFF --><div class="md"><p>Questions regarding netsec and discussion related directly to netsec are welcome here, as is sharing tool links.</p> <h1>Rules & Guidelines</h1> <ul> <li>Always maintain civil discourse. Be awesome to one another - moderator intervention will&#…
- CISA Adds One Known Exploited Vulnerability to Catalog
<p>CISA has added one new vulnerability to its<a href="https://www.cisa.gov/known-exploited-vulnerabilities-catalog" data-entity-type="node" data-entity-uuid="79453b83-86b9-4e2f-b1ec-abf73c6eb291" data-entity-substitution="canonical" title="Known Exploited Vulnerabilities Catalog"> Known Exploited Vulnerabilities (KEV) Catal…
- CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2026-5281 Google Dawn Use-After-Free Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of known Common Vulner…