Vulnerability News
Відкрити в Telegram
Every day new posts about vulnerabilities and cybersecurity news. Get the latest news about the cyberspace! Group: @VulnerabilityNewsGroup
Показати більше5 040
Підписники
+624 години
+377 днів
+11630 день
Триває завантаження даних...
Схожі канали
Хмара тегів
Вхідні та вихідні згадування
---
---
---
---
---
---
Залучення підписників
липень '26
липень '26
+55
в 0 каналах
червень '26
+156
в 0 каналах
Get PRO
травень '26
+204
в 0 каналах
Get PRO
квітень '26
+187
в 0 каналах
Get PRO
березень '26
+254
в 0 каналах
Get PRO
лютий '26
+116
в 0 каналах
Get PRO
січень '26
+166
в 0 каналах
Get PRO
грудень '25
+134
в 0 каналах
Get PRO
листопад '25
+139
в 0 каналах
Get PRO
жовтень '25
+8
в 0 каналах
Get PRO
вересень '25
+12
в 0 каналах
Get PRO
серпень '25
+13
в 0 каналах
Get PRO
липень '25
+11
в 0 каналах
Get PRO
червень '25
+12
в 0 каналах
Get PRO
травень '25
+18
в 1 каналах
Get PRO
квітень '25
+14
в 0 каналах
Get PRO
березень '25
+21
в 0 каналах
Get PRO
лютий '25
+17
в 0 каналах
Get PRO
січень '25
+15
в 1 каналах
Get PRO
грудень '24
+262
в 1 каналах
Get PRO
листопад '24
+206
в 1 каналах
Get PRO
жовтень '24
+166
в 0 каналах
Get PRO
вересень '24
+146
в 0 каналах
Get PRO
серпень '24
+137
в 0 каналах
Get PRO
липень '24
+96
в 1 каналах
Get PRO
червень '24
+91
в 0 каналах
Get PRO
травень '24
+95
в 0 каналах
Get PRO
квітень '24
+104
в 0 каналах
Get PRO
березень '24
+149
в 0 каналах
Get PRO
лютий '24
+279
в 0 каналах
Get PRO
січень '24
+395
в 0 каналах
Get PRO
грудень '23
+327
в 0 каналах
Get PRO
листопад '23
+38
в 0 каналах
Get PRO
жовтень '23
+32
в 0 каналах
Get PRO
вересень '23
+47
в 0 каналах
Get PRO
серпень '23
+53
в 0 каналах
Get PRO
липень '23
+51
в 0 каналах
Get PRO
червень '23
+42
в 0 каналах
Get PRO
травень '23
+43
в 0 каналах
Get PRO
квітень '23
+67
в 0 каналах
Get PRO
березень '23
+65
в 0 каналах
Get PRO
лютий '23
+45
в 0 каналах
Get PRO
січень '23
+67
в 0 каналах
Get PRO
грудень '22
+62
в 0 каналах
Get PRO
листопад '22
+71
в 0 каналах
Get PRO
жовтень '22
+70
в 0 каналах
Get PRO
вересень '22
+55
в 0 каналах
Get PRO
серпень '22
+44
в 0 каналах
Get PRO
липень '22
+54
в 0 каналах
Get PRO
червень '22
+78
в 0 каналах
Get PRO
травень '22
+46
в 0 каналах
Get PRO
квітень '22
+77
в 0 каналах
Get PRO
березень '22
+105
в 0 каналах
Get PRO
лютий '22
+48
в 0 каналах
Get PRO
січень '22
+61
в 0 каналах
Get PRO
грудень '21
+99
в 0 каналах
Get PRO
листопад '21
+68
в 0 каналах
Get PRO
жовтень '21
+170
в 0 каналах
Get PRO
вересень '21
+72
в 0 каналах
Get PRO
серпень '21
+104
в 0 каналах
Get PRO
липень '21
+72
в 0 каналах
Get PRO
червень '21
+292
в 0 каналах
Get PRO
травень '21
+1 344
в 0 каналах
| Дата | Залучення підписників | Згадування | Канали | |
| 09 липня | +2 | |||
| 08 липня | +7 | |||
| 07 липня | +9 | |||
| 06 липня | +4 | |||
| 05 липня | +7 | |||
| 04 липня | +9 | |||
| 03 липня | +10 | |||
| 02 липня | +3 | |||
| 01 липня | +4 |
Дописи каналу
[webapps] Atarim WordPress Plugin 4.2.2 - Sensitive Information Exposure
Atarim WordPress Plugin 4.2.2 - Sensitive Information Exposure
https://www.exploit-db.com/exploits/52628
| 2 | [webapps] Krayin CRM v2.2.x - Authenticated Remote Code Execution
Krayin CRM v2.2.x - Authenticated Remote Code Execution
https://www.exploit-db.com/exploits/52629 | 73 |
| 3 | Protecting Microsoft at AI speed: How SFI proactively hardens our cloud
At Microsoft we encompass these security requirements, along with threat knowledge, and operational frameworks in our Secure Future Initiative (SFI), to guide what a well-defended cloud service looks like. But defining the requirements is only the start. Meeting the requirements means continuously evaluating our live services against them, at AI speed.
The post Protecting Microsoft at AI speed: How SFI proactively hardens our cloud appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2026/07/08/protecting-microsoft-at-ai-speed-how-sfi-proactively-hardens-our-cloud/ | 60 |
| 4 | Critical Vulnerability Exposes GitHub Agentic Workflows to Prompt Injection
Researchers show how attackers can use a crafted public GitHub Issue to trick AI-powered workflows into exposing data from private repositories without authentication.
The post Critical Vulnerability Exposes GitHub Agentic Workflows to Prompt Injection appeared first on SecurityWeek.
https://www.securityweek.com/critical-vulnerability-exposes-github-agentic-workflows-to-prompt-injection/ | 37 |
| 5 | CISA Urges Immediate Patching of Exploited ColdFusion, Langflow, Joomla Flaws
Two newly disclosed critical vulnerabilities in Adobe ColdFusion and Langflow join two Joomla extension flaws in CISA's Known Exploited Vulnerabilities catalog, with federal agencies given until July 10 to patch.
The post CISA Urges Immediate Patching of Exploited ColdFusion, Langflow, Joomla Flaws appeared first on SecurityWeek.
https://www.securityweek.com/cisa-urges-immediate-patching-of-exploited-coldfusion-langflow-joomla-flaws/ | 31 |
| 6 | Google Dialogflow CX Bug Allowed Attackers to Hijack AI Conversations
The "Rogue Agent" vulnerability could have enabled attackers to silently manipulate AI conversations, exfiltrate data, and compromise every Dialogflow CX agent within the same Google Cloud project.
The post Google Dialogflow CX Bug Allowed Attackers to Hijack AI Conversations appeared first on SecurityWeek.
https://www.securityweek.com/google-dialogflow-cx-bug-allowed-attackers-to-hijack-ai-conversations/ | 21 |
| 7 | Webinar Today: Why Email Security Keeps Failing
Join the webinar as we break down why email-layer defenses alone can’t keep pace with the modern phishing ecosystem.
The post Webinar Today: Why Email Security Keeps Failing appeared first on SecurityWeek.
https://www.securityweek.com/webinar-today-why-email-security-keeps-failing/ | 21 |
| 8 | China-Linked APT Expands Arsenal With New ‘Leash’ Backdoors
Cisco says the threat actor behind the LapDogs campaign has expanded its SOHO router malware toolkit with LongLeash, DogLeash, and JarLeash backdoors.
The post China-Linked APT Expands Arsenal With New ‘Leash’ Backdoors appeared first on SecurityWeek.
https://www.securityweek.com/china-linked-apt-expands-arsenal-with-new-leash-backdoors/ | 23 |
| 9 | Accenture Confirms Data Breach After Hacker Claims Source Code Theft
The professional services giant says it contained the incident, remediated its source, and experienced no operational or service delivery impact.
The post Accenture Confirms Data Breach After Hacker Claims Source Code Theft appeared first on SecurityWeek.
https://www.securityweek.com/accenture-confirms-data-breach-after-hacker-claims-source-code-theft/ | 21 |
| 10 | Felons, Fraudsters Flog Offensive Cybersecurity Startup
A cybersecurity startup dangling millions of dollars to acquire zero-day security vulnerabilities in popular software is run by a pair of far-right conspiracy theorists and convicted felons whose most recent ventures included fake intelligence companies and a now-defunct AI-based lobbying platform they operated under assumed names.
https://krebsonsecurity.com/2026/07/felons-fraudsters-flog-offensive-cybersecurity-startup/ | 19 |
| 11 | CISA orders feds to patch max severity ColdFusion flaw by Friday
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has ordered government agencies to patch an actively exploited maximum-severity flaw in the Adobe ColdFusion commercial web app development platform by Friday. [...]
https://www.bleepingcomputer.com/news/security/cisa-orders-feds-to-patch-max-severity-coldfusion-flaw-by-friday/ | 20 |
| 12 | Ubiquiti warns of new max severity UniFi OS vulnerability
Ubiquiti has released security updates to patch seven critical vulnerabilities in UniFi OS, including a maximum-severity flaw that can be exploited in command injection attacks. [...]
https://www.bleepingcomputer.com/news/security/ubiquiti-warns-of-new-max-severity-unifi-os-vulnerability/ | 21 |
| 13 | CISA orders feds to prioritize patching Langflow auth bypass flaw
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) gave federal agencies until Friday to patch an actively exploited vulnerability in the Langflow visual framework for building AI agents. [...]
https://www.bleepingcomputer.com/news/security/cisa-orders-feds-to-prioritize-patching-langflow-auth-bypass-flaw/ | 22 |
| 14 | Telco giant KDDI says data breach affects over 12 million people
Japanese telecommunications giant KDDI says that millions of people had their email addresses and passwords exposed after attackers breached an email platform used by five internet service providers (ISPs) in the country. [...]
https://www.bleepingcomputer.com/news/security/japanese-telecom-giant-kddi-says-data-breach-affects-12-million-people/ | 22 |
| 15 | DuckDuckGo browser now blocks YouTube video ads
DuckDuckGo announced that its browser can now block most video ads on YouTube, including those shown before the video starts playing and during playback. [...]
https://www.bleepingcomputer.com/news/software/duckduckgo-browser-now-blocks-youtube-video-ads/ | 23 |
| 16 | 3 Ways AI Powers Service Desk Attacks and How to Prevent Them
Specops Software explains how AI is making service desk impersonation attacks more convincing, personalized, and scalable, along with practical steps organizations can take to strengthen onboarding and identity verification. [...]
https://www.bleepingcomputer.com/news/security/3-ways-ai-powers-service-desk-attacks-and-how-to-prevent-them/ | 25 |
| 17 | Entra passkey enrollment vishing targets Microsoft 365 users
A threat actor has been targeting organizations across multiple sectors with voice-based fake security requests that ask Microsoft 365 users to enroll a new Entra passkey. [...]
https://www.bleepingcomputer.com/news/security/entra-passkey-enrollment-vishing-targets-microsoft-365-users/ | 25 |
| 18 | Hackers exploit Roundcube flaw to spy on academic researchers
A China-linked threat cluster has been exploiting vulnerable Roundcube servers at U.S. and Canadian universities to steal credentials and deploy backdoor malware. [...]
https://www.bleepingcomputer.com/news/security/hackers-exploit-roundcube-flaw-to-spy-on-academic-researchers/ | 25 |
| 19 | Fake Paysafe, Skrill SDKs on NPM and PyPi steal credentials
Malicious packages on the Node Package Manager (npm) and the Python Package Index (PyPI) delivered stealer malware to developers and users of Paysafe, Skrill, and Neteller payment applications. [...]
https://www.bleepingcomputer.com/news/security/fake-paysafe-skrill-sdks-on-npm-and-pypi-steal-credentials/ | 32 |
| 20 | Mount Royal University confirms breach as hackers claim attack
Mount Royal University in Calgary says hackers stole and then deleted data from its file storage systems after breaching the university's network. [...]
https://www.bleepingcomputer.com/news/security/mount-royal-university-confirms-breach-as-hackers-claim-attack/ | 45 |
