HackerWorkspace2h ago

What Mythos Means - Marketing or Mayhem

https://www.youtube.com/watch?v=Gg3TtY1xXrc

#cybersecurity #exploit #zeroday

What Mythos Means - Marketing or Mayhem

YouTube
HackerWorkspace2h ago

The Mythos Situation | TheStandup

https://www.youtube.com/watch?v=6szQxMGX5JI

#cybersecurity #aisecurity #zeroday

What Mythos Means for Software Security | TheStandup

YouTube
Yazoul - Cybersecurity Alerts5h ago

🟠 New security advisory:

CVE-2026-40352 affects multiple systems.

• Impact: Significant security breach potential
• Risk: Unauthorized access or data exposure
• Mitigation: Apply patches within 24-48 hours

Full breakdown:
https://www.yazoul.net/advisory/cve/cve-2026-40352-fastgpt-nosql-injection-enables-account-takeover

#Cybersecurity #ZeroDay #ThreatIntel

FastGPT NoSQL injection enables account takeover (CVE-2026-40352)

CVE-2026-40352: A NoSQL injection in FastGPT's password change endpoint lets authenticated attackers reset passwords without the old one (CVSS 8.8). Update to version 4.14.9.5 immediately.

Yazoul Security
Yazoul - Cybersecurity Alerts12h ago

🔴 New security advisory:

CVE-2026-40477 affects multiple systems.

• Impact: Remote code execution or complete system compromise possible
• Risk: Attackers can gain full control of affected systems
• Mitigation: Patch immediately or isolate affected systems

Full breakdown:
https://www.yazoul.net/advisory/cve/cve-2026-40477-thymeleaf-ssti-allows-server-side-code-execution

#Cybersecurity #ZeroDay #ThreatIntel

Thymeleaf SSTI allows server-side code execution (CVE-2026-40477)

CVE-2026-40477: Thymeleaf 3.1.3 and prior allow Server-Side Template Injection, leading to remote code execution (CVSS 9.0). Update to version 3.1.4.RELEASE immediately.

Yazoul Security
Yazoul - Cybersecurity Alerts1d ago

🚨 New security advisory:

CVE-2026-40484 affects multiple systems.

• Impact: Remote code execution or complete system compromise possible
• Risk: Attackers can gain full control of affected systems
• Mitigation: Patch immediately or isolate affected systems

Full breakdown:
https://www.yazoul.net/advisory/cve/cve-2026-40484-churchcrm-admin-can-upload-webshell-for-rce

#Cybersecurity #ZeroDay #ThreatIntel

ChurchCRM admin can upload webshell for RCE (CVE-2026-40484)

CVE-2026-40484: Authenticated administrators in ChurchCRM <7.2.0 can upload a malicious backup to achieve remote code execution (CVSS 9.1). Patch immediately by updating to ChurchCRM version 7.2.0.

Yazoul Security
Yazoul - Cybersecurity Alerts1d ago

🚨 New security advisory:

CVE-2026-40351 affects multiple systems.

• Impact: Remote code execution or complete system compromise possible
• Risk: Attackers can gain full control of affected systems
• Mitigation: Patch immediately or isolate affected systems

Full breakdown:
https://www.yazoul.net/advisory/cve/cve-2026-40351-fastgpt-nosql-injection-grants-admin-login

#Cybersecurity #ZeroDay #ThreatIntel

FastGPT NoSQL injection grants admin login (CVE-2026-40351)

CVE-2026-40351: A critical NoSQL injection in FastGPT before v4.14.9.5 allows unauthenticated attackers to log in as any user, including the root administrator (CVSS 9.8). Update to FastGPT version 4.14.9.5 immediately.

Yazoul Security
(in)sicurezza digitale1d ago

Operation Masquerade: l’FBI smantella la rete di router compromessi dall’intelligence militare russa APT28 per il furto di credenziali Microsoft 365

Il Dipartimento di Giustizia USA ha neutralizzato l'infrastruttura di 18.000 router compromessi dall'Unità GRU 26165 (APT28/Forest Blizzard) in 120 paesi. L'operazione, denominata Masquerade, ha interrotto una campagna di DNS hijacking e furto di credenziali M365 contro obiettivi militari, governativi e infrastrutture critiche in Europa e USA, inclusa l'Italia.

https://insicurezzadigitale.com/operation-masquerade-lfbi-smantella-la-rete-di-router-compromessi-dallintelligence-militare-russa-apt28-per-il-furto-di-credenziali-microsoft-365/

Marcel SIneM(S)US1d ago
Vom #BlueHammer-Autor: Neuer #Windows  -#Zeroday verschafft Adminrechte | Security https://www.heise.de/news/Vom-BlueHammer-Autor-Neuer-Windows-Zeroday-verschafft-Adminrechte-11260913.html #0day #RedSun #exploit #Microsoft #MicrosoftWindows 
Vom BlueHammer-Autor: Neuer Windows-Zeroday verschafft Adminrechte

Der Exploit nutzt ausgerechnet ein unsicheres Verhalten des Windows Defender und eines Datei-API, um sich Systemrechte zu sichern. Er ist noch ungepatcht.

heise online
maniabel1d ago

UnDefend: noch ein ZeroDay-PoC von Chaotic Eclipse/Nightmare‑Eclipse. Und das war bestimmt noch nicht alles.

Mehr: https://maniabel.work/archiv/1462

#ChaoticEclipse #NightmareEclipse #PoC #UnDefend #Windows #ZeroDay #infosec #up2date

Noch ein PoC: UnDefend von Chaotic Eclipse/Nightmare‑Eclipse – maniabel

Entdecken Sie, was Sie für die Sicherheit und den Schutz Ihrer Daten selbst tun können: Digitale Daten selbst schützen & sichern <meta charset=

ml4den2d ago

This week brought a flood of urgent patches, newly weaponised vulnerabilities, and some unsettling developments in how AI is being used on both sides of the cybersecurity fence.
#PatchTuesday #ZeroDay #CVE #AICybersecurity #CyberAttack

https://cybernewsweekly.substack.com/p/cybersecurity-news-review-week-16-74b

Cybersecurity News Review - Week 16 (2026)

This week brought a flood of urgent patches, newly weaponised vulnerabilities, and some unsettling developments in how AI is being used on both sides of the cybersecurity fence.

Cybersecurity News Weekly