85Articles
7Categories
2026-04-06Date
🚨 CISA KEV 2[−]
6 Apr KEVCISA Adds One Known Exploited Vulnerability to CatalogCISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog , based on evidence of active exploitation. CVE-2026-35616 - Fortinet FortiClient EMS Improper Access Control Vulnerability This type of vulnerability is a frequent attack vector for malicio…CISA.GOV
6 Apr KEVCVE-2026-35616: Fortinet FortiClientEMS improper access control vulnerability exploited in the wildExploitation has been observed for CVE-2026-35616, a critical improper access control zero-day vulnerability affecting Fortinet FortiClientEMS devices. Key takeaways: CVE-2026-35616, an improper access control vulnerability, has been exploited in the wild as a zero-day.   Pu…TENABLE.COM
🐛 COMMON VULNERABILITIES AND EXPOSURES 9[−]
6 Apr2,000+ FortiClient EMS Instances Exposed Online as Attackers Exploit Active RCE FlawCybersecurity researchers have issued an urgent warning for organizations using Fortinet’s FortiClient Enterprise Management Server (EMS). Over 2,000 instances of this critical administrative tool are currently exposed to the public internet. Threat actors are actively expl…GBHACKERS.COM
6 AprCritical Dgraph Database Flaw Allowed Attackers to Bypass AuthenticationA newly discovered critical vulnerability in the open-source Dgraph database system leaves servers exposed to complete system takeovers. Tracked as CVE-2026-34976 and carrying a maximum CVSS score of 10.0, this missing authorization flaw allows remote, unauthenticated attackers t…GBHACKERS.COM
6 Apr6 ways attackers abuse AI services to hack your businessAttackers are starting to exploit AI systems to mount attacks in the same way they once relied on built-in enterprise tools such as PowerShell. Instead of relying on malware, cybercriminals are increasingly abusing AI tools enterprises depend on — a trend some experts describe as…CSOONLINE.COM
6 AprNew multilingual severity classifiers for vulnerability analysissubmitted by cm0002 to cybersecurity 1 points | 0 comments https://www.vulnerability-lookup.org/2026/04/06/russian-severity-classifier/ 🚀 We’ve just published a new article introducing a Russian-language severity classifier, along with improved English and Chinese models for vuln…INFOSEC.PUB
6 Apr KEVIranian-Affiliated Cyber Actors Exploit Programmable Logic Controllers Across US Critical InfrastructureAdvisory at a Glance Title Iranian-Affiliated Cyber Actors Exploit Programmable Logic Controllers Across US Critical Infrastructure Original Publication April 7, 2026 Executive Summary Iran-affiliated advanced persistent threat (APT) actors are conducting exploitation activity ta…CISA.GOV
6 AprZDI-26-257: (0Day) Labcenter Electronics Proteus PDSPRJ File Parsing Out-Of-Bounds Write Remote Code Execution VulnerabilityThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Labcenter Electronics Proteus. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigne…ZERODAYINITIATIVE.COM
6 AprZDI-26-256: (0Day) Labcenter Electronics Proteus PDSPRJ File Parsing Out-Of-Bounds Write Remote Code Execution VulnerabilityThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Labcenter Electronics Proteus. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigne…ZERODAYINITIATIVE.COM
6 AprZDI-26-255: (0Day) Labcenter Electronics Proteus PDSPRJ File Parsing Out-Of-Bounds Write Remote Code Execution VulnerabilityThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Labcenter Electronics Proteus. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigne…ZERODAYINITIATIVE.COM
6 AprZDI-26-254: (0Day) Labcenter Electronics Proteus PDSPRJ File Parsing Type Confusion Remote Code Execution VulnerabilityThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Labcenter Electronics Proteus. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigne…ZERODAYINITIATIVE.COM
⚠️ VULNERABILITY DISCLOSURE 30[−]
6 AprGermany Doxes “UNKN,” Head of RU Ransomware Gangs REvil, GandCrabAn elusive hacker who went by the handle "UNKN" and ran the early Russian ransomware groups GandCrab and REvil now has a name and a face. Authorities in Germany say 31-year-old Russian Daniil Maksimovich Shchukin headed both cybercrime gangs and helped carry out at least 130 acts…KREBSONSECURITY.COM
6 Apr36 Malicious Strapi npm Packages Deliver Redis RCE, Persistent C2 MalwareA coordinated supply chain attack has been uncovered involving 36 malicious npm packages masquerading as Strapi CMS plugins, delivering a range of payloads including Redis remote code execution (RCE), credential harvesting, and persistent command-and-control (C2) malware. The cam…GBHACKERS.COM
6 AprGoogle DeepMind Flags New Threat as Malicious Web Content Puts AI Agents at RiskAs artificial intelligence evolves from simple chatbots to autonomous agents that actively browse the web, a new cybersecurity threat has emerged. Researchers at Google DeepMind have identified a critical vulnerability they call “AI Agent Traps.” These are adversarial…GBHACKERS.COM
6 AprHackers Breach ILSpy WordPress Domain to Deliver MalwareThe official WordPress website for ILSpy, a highly popular open-source tool used by software developers to examine .NET code, has been compromised. Hackers successfully breached the site to redirect visitors and deliver malware, turning a trusted developer resource into a dangero…GBHACKERS.COM
6 AprApache Traffic Server Flaw Allowed Attackers to Trigger Denial-of-Service AttacksThe Apache Software Foundation has released critical security updates to address two vulnerabilities in Apache Traffic Server (ATS). Disclosed on April 2, 2026, these flaws could allow remote threat actors to trigger denial-of-service (DoS) conditions or execute HTTP request smug…GBHACKERS.COM
6 AprHow often are redirects used in phishing in 2026?, (Mon, Apr 6th)In one of his recent diaries, Johannes discussed how open redirects are actively being sought out by threat actors[ 1 ], which made me wonder about how commonly these mechanisms are actually misused… ISC.SANS.EDU
6 AprEscaping the COTS trapOver the years, enterprise cybersecurity environments have accumulated staggering numbers of commercial tools. Industry research converges on a consistent picture of tool proliferation that drives complexity, cost, and risk. The global cybersecurity market is valued at approximat…CSOONLINE.COM
6 AprBattling payment fraud with tokenization and executive interviews from RSAC 2026 - ESW #453Interview with Brian Oh from FIS Global Merchant-Specific Tokenization: Making Embedded Finance More Fraud-Resistant Payment fraud has not gone away. It has evolved into a largely social engineering-driven problem that increasingly lands on security leaders’ desks. In this episod…YOUTUBE.COM
6 AprFortinet Rushes Emergency Fixes for Exploited Zero-DayThe improper access control bug in FortiClient EMS allows unauthenticated attackers to execute arbitrary code remotely. The post Fortinet Rushes Emergency Fixes for Exploited Zero-Day appeared first on SecurityWeek .SECURITYWEEK.COM
6 AprGoogle’s Bug Bounty Program Hits Record $17 Million in 2025 PayoutsGoogle has announced a record-breaking year for its Vulnerability Reward Program (VRP). In 2025, the tech giant paid out more than $17 million to ethical hackers worldwide to help secure its platforms. This major milestone marks a massive 40% increase compared to 2024 and perfect…GBHACKERS.COM
6 AprAuthentication is broken: Here’s how security leaders can actually fix itAuthentication keeps breaking where it matters most: On regulated front lines such as healthcare, government, aerospace and travel. The core issue is not a lack of innovation. Instead, it is a brittle and fragmented ecosystem of cards, readers, middleware and software that rarely…CSOONLINE.COM
6 AprCritical Claude Code Flaw Silently Bypasses User-Configured Security RulesAnthropic’s flagship AI coding agent, Claude Code, was recently discovered to contain a critical security flaw that silently bypasses developer-configured safety rules. The vulnerability allows attackers to execute blocked commands, such as data exfiltration scripts, by sim…GBHACKERS.COM
6 AprNorth Korea’s Modular Malware Strategy Hides Attribution, Defies TakedownsNorth Korea’s cyber program is shifting from monolithic “families” to a modular, portfolio-style malware ecosystem designed to survive exposure, frustrate attribution, and keep operations running under constant pressure. Years of sanctions, coordinated law-enforcement pressure, a…GBHACKERS.COM
6 AprNorth Korean hackers abuse LNKs and GitHub repos in ongoing campaignDPRK-linked threat actors are preferring stealth over sophistication in their targeting of South Korean organizations, as researchers report use of weaponized Windows shortcut ( .LNK ) files and GitHub-based command-and-control (C2) channels in a new campaign. According to new Fo…CSOONLINE.COM
6 AprHackers exploit React2Shell in automated credential theft campaignsubmitted by kid to cybersecurity 1 points | 0 comments https://www.bleepingcomputer.com/news/security/hackers-exploit-react2shell-in-automated-credential-theft-campaign/SH.ITJUST.WORKS
6 AprA Vulnerability in Fortinet FortiClientEMS Could Allow for Arbitrary Code Executionsubmitted by kid to cybersecurity 1 points | 0 comments https://www.cisecurity.org/advisory/a-vulnerability-in-fortinet-forticlientemscould-allow-for-arbitrary-code-execution_2026-031SH.ITJUST.WORKS
6 AprYour KnowBe4 Fresh Compliance Plus Content Updates | March 2026John N Just, Ed.D. - Chief Learning Officer Evolving Standards for Digital and Workplace Compliance It is a common misconception that digital accessibility and AI safety are niche concerns for specialized teams, but they are actually core operational requirements for every employ…KNOWBE4.COM
6 AprGoogle Brings Lazy Loading to Media Files in New Chrome ReleaseGoogle has announced a significant update for its Chrome browser, extending native lazy loading capabilities to audio and video elements. This highly anticipated feature aims to improve web performance, drastically save bandwidth, and offer subtle security benefits by controlling…GBHACKERS.COM
6 Apr⚡ Weekly Recap: Axios Hack, Chrome 0-Day, Fortinet Exploits, Paragon Spyware and MoreThis week had real hits. The key software got tampered with. Active bugs showed up in the tools people use every day. Some attacks didn’t even need much effort because the path was already there. One weak spot now spreads wider than before. What star…THEHACKERNEWS.COM
6 AprGoogle DeepMind Researchers Map Web Attacks Against AI AgentsMalicious web content can be used to manipulate, deceive, and exploit autonomous AI agents navigating the internet, Google DeepMind researchers show. The researchers have identified six types of attacks against AI agents that can be mounted via web content to inject malicious con…SECURITYWEEK.COM
6 Apr KEVCISA orders feds to patch Fortinet flaw exploited in attacks by FridayThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) ordered federal agencies to secure FortiClient Enterprise Management Server (EMS) instances against an actively exploited vulnerability by Friday. [...]BLEEPINGCOMPUTER.COM
6 AprNorth Korea’s hijack of one of the web’s most used open source projects was likely weeks in the makingNorth Korean hackers pushed out malicious updates to a popular open source project by hacking a top developer's computer in a long-running campaign.TECHCRUNCH.COM
6 AprStorm-1175 focuses gaze on vulnerable web-facing assets in high-tempo Medusa ransomware operationsThe financially motivated cybercriminal threat actor Storm-1175 operates high-velocity ransomware campaigns that weaponize recently disclosed vulnerabilities to obtain initial access, exfiltrate data, and deploy Medusa ransomware (Gaze.exe). The post Storm-1175 focuses gaze on vu…MICROSOFT.COM
6 AprMicrosoft links Medusa ransomware affiliate to zero-day attacksMicrosoft says that Storm-1175, a China-based financially motivated cybercriminal group known for deploying Medusa ransomware payloads, has been deploying n-day and zero-day exploits in high-velocity attacks. [...]BLEEPINGCOMPUTER.COM
6 AprNew Mexico’s Meta Ruling and EncryptionMike Masnick points out that the recent New Mexico court ruling against Meta has some bad implications for end-to-end encryption, and security in general: If the “design choices create liability” framework seems worrying in the abstract, the New Mexico case provides a…SCHNEIER.COM
6 AprDisgruntled researcher leaks “BlueHammer” Windows zero-day exploitExploit code has been released for an unpatched Windows privilege escalation flaw reported privately to Microsoft, allowing attackers to gain SYSTEM or elevated administrator permissions. [...]BLEEPINGCOMPUTER.COM
6 AprMicrosoft links Medusa ransomware affiliate to zero-day attackssubmitted by kid to cybersecurity 2 points | 0 comments https://www.bleepingcomputer.com/news/security/microsoft-links-medusa-ransomware-affiliate-to-zero-day-attacks/SH.ITJUST.WORKS
6 Apr[local] Desktop Window Manager Core Library 10.0.10240.0 - Privilege EscalationDesktop Window Manager Core Library 10.0.10240.0 - Privilege EscalationEXPLOIT-DB.COM
6 Apr[webapps] WBCE CMS 1.6.4 - Remote Code ExecutionWBCE CMS 1.6.4 - Remote Code ExecutionEXPLOIT-DB.COM
6 Apr[webapps] RiteCMS 3.1.0 - Authenticated Remote Code ExecutionRiteCMS 3.1.0 - Authenticated Remote Code ExecutionEXPLOIT-DB.COM
🔥 INCIDENT REPORTING 13[−]
6 AprThreat Actors Weaponize Fake Microsoft Teams Domains to Target UsersThreat actors associated with North Korea are deploying fake Microsoft Teams domains to conduct social engineering attacks and distribute malware. The threat group, identified as UNC1069, uses convincing meeting lures and compromised communication channels to target unsuspecting …GBHACKERS.COM
6 AprBKA Identifies REvil Leaders Behind 130 German Ransomware AttacksGermany's Federal Criminal Police Office (aka BKA or the Bundeskriminalamt) has unmasked the real identity of the main threat actors associated with the now-defunct REvil (aka Sodinokibi) ransomware-as-a-service (RaaS) operation. The threat actor, who went by the alias UNKN, func…THEHACKERNEWS.COM
6 AprQilin and Warlock Ransomware Use Vulnerable Drivers to Disable 300+ EDR ToolsThreat actors associated with Qilin and Warlock ransomware operations have been observed using the bring your own vulnerable driver (BYOVD) technique to silence security tools running on compromised hosts, according to findings from Cisco Talos and Trend&…THEHACKERNEWS.COM
6 AprAlleged REvil Leader ‘UNKN’ Identified by German Authorities in New Takedown EffortGerman authorities have officially put a face to one of the most notorious names in cybercrime. The German Federal Criminal Police (BKA) recently identified 31-year-old Russian national Daniil Maksimovich Shchukin as the man behind the hacker alias “UNKN.” According t…GBHACKERS.COM
6 AprDrift Protocol Hit in $286M Suspected North Korea-Linked Crypto HeistHackers have stolen approximately $286 million from Drift Protocol, a leading decentralized perpetual futures exchange on the Solana blockchain, in what security researchers believe may be a North Korea-linked cyberattack. The incident occurred on April 1, 2026, and is already be…GBHACKERS.COM
6 AprTrojanized PyPI AI Proxy Steals Claude Prompt, Exfiltrates DataA malicious PyPI package, hermes-px, that masquerades as a “Secure AI Inference Proxy” while secretly stealing user prompts and abusing a private university AI service. Marketed as an OpenAI-compatible, Tor-routed proxy requiring no API keys, the package actually hijacks a Tunisi…GBHACKERS.COM
6 AprWhy Simple Breach Monitoring is No Longer EnoughInfostealers are harvesting credentials and session cookies at scale, bypassing traditional defenses. Lunar explains why simple breach monitoring alone can't keep up with modern credential-based attacks. [...]BLEEPINGCOMPUTER.COM
6 AprSocial Engineering Fraud ExplodesSocial engineering is responsible for 98% of fraud attempts, increasingly powered by AI tools that scale attacks like sim farming and spoofing. Even savvy individuals can fall victim, leading to compromised access and payment fraud. How can individuals and organizations strengthe…YOUTUBE.COM
6 AprMulti-OS Cyberattacks: How SOCs Close a Critical Risk in 3 StepsYour attack surface no longer lives on one operating system, and neither do the campaigns targeting it. In enterprise environments, attackers move across Windows endpoints, executive MacBooks, Linux infrastructure, and mobile devices, taking advantage of the fact t…THEHACKERNEWS.COM
6 AprWhy Simple Breach Monitoring is No Longer Enoughsubmitted by kid to cybersecurity 1 points | 0 comments https://www.bleepingcomputer.com/news/security/why-simple-breach-monitoring-is-no-longer-enough/SH.ITJUST.WORKS
6 AprNew GPUBreach attack enables system takeover via GPU rowhammerA new attack, dubbed GPUBreach, can induce Rowhammer bit-flips on GPU GDDR6 memories to escalate privileges and lead to a full system compromise. [...]BLEEPINGCOMPUTER.COM
6 AprGerman authorities identify REvil and GangCrab ransomware bossesThe Federal Police in Germany (BKA) has identified two Russian nationals as the leaders of GandCrab and REvil ransomware operations between 2019 and 2021. [...]BLEEPINGCOMPUTER.COM
6 AprGerman authorities identify REvil and GandCrab ransomware bossesThe Federal Police in Germany (BKA) has identified two Russian nationals as the leaders of GandCrab and REvil ransomware operations between 2019 and 2021. [...]BLEEPINGCOMPUTER.COM
🕵️ THREAT INTELLIGENCE 16[−]
6 AprISC Stormcast For Monday, April 6th, 2026 https://isc.sans.edu/podcastdetail/9880, (Mon, Apr 6th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
6 AprResokerRAT Hijacks Telegram API to Command Infected Windows PCsA newly identified Windows malware dubbed ResokerRAT abuses Telegram’s Bot API as its main command-and-control (C2) channel to remotely monitor and control infected systems without relying on a traditional attacker‑owned server. By blending in with legitimate encrypted Telegram t…GBHACKERS.COM
6 AprPoisoned Axios Package Spreads Cross-Platform Malware via Phantom DependencyHackers hijacked the npm account of Axios’s lead maintainer. They used it to push two malicious releases that silently installed a cross‑platform remote access trojan (RAT) on macOS, Windows, and Linux systems. Axios is one of the JavaScript ecosystem’s most widely used HTTP clie…GBHACKERS.COM
6 AprGoogle Wants to Transition to Post-Quantum Cryptography by 2029Google says that it will fully transition to post-quantum cryptography by 2029. I think this is a good move, not because I think we will have a useful quantum computer anywhere near that year, but because crypto-agility is always a good thing. Slashdot thread .SCHNEIER.COM
6 AprNorth Korean Hackers Target High-Profile Node.js MaintainersThe threat actor behind the Axios supply chain attack has been aiming at other maintainers in its social engineering campaign. The post North Korean Hackers Target High-Profile Node.js Maintainers appeared first on SecurityWeek .SECURITYWEEK.COM
6 AprGuardarian Users Targeted With Malicious Strapi NPM PackagesHackers published 36 NPM packages posing as Strapi plugins to execute shells, escape containers, and harvest credentials. The post Guardarian Users Targeted With Malicious Strapi NPM Packages appeared first on SecurityWeek .SECURITYWEEK.COM
6 AprFake GitHub CI Update Steals Secrets and TokensAn automated campaign abusing GitHub’s pull_request_target workflow trigger to steal CI/CD secrets at scale. The attacker, using the handle ezmtebo, fired off more than 475 malicious pull requests (PRs) in just 26 hours, impersonating routine CI configuration updates to trick mai…GBHACKERS.COM
6 AprGitHub-Backed Malware Spread via LNK Files in South KoreaHackers are abusing Windows shortcut files and GitHub to run a stealthy, multi‑stage malware campaign against organizations in South Korea. The operation chains LNK files, PowerShell, and GitHub APIs to deliver surveillance tools while blending into normal enterprise traffic.The …GBHACKERS.COM
6 AprTraffic violation scams switch to QR codes in new phishing textssubmitted by kid to cybersecurity 1 points | 0 comments https://www.bleepingcomputer.com/news/security/traffic-violation-scams-switch-to-qr-codes-in-new-phishing-texts/SH.ITJUST.WORKS
6 AprHow LiteLLM Turned Developer Machines Into Credential Vaults for AttackersThe most active piece of enterprise infrastructure in the company is the developer workstation. That laptop is where credentials are created, tested, cached, copied, and reused across services, bots, build tools, and now local AI agents. In March 2026, the Tea…THEHACKERNEWS.COM
6 AprDetection and Prevention of Misdirected Emails: What to KnowWhen it comes to email security, phishing and other social engineering attacks tend to grab headlines. But a simple mistake by an employee, like addressing an email to the wrong person, can be just as damaging.KNOWBE4.COM
6 AprHackers Using Fake "Microsoft Teams" Domains to Attack Users Via Malicious Payloadsubmitted by kid to cybersecurity 1 points | 0 comments https://cybersecuritynews.com/hackers-using-fake-microsoft-teams-domains-attack-via-malicious-payload/SH.ITJUST.WORKS
6 AprWatch this video of how a job interviewer exposes a North Korean fake IT workerAn apparent North Korean worker was caught visibly stumped during a remote job interview when asked to insult the country's leader.TECHCRUNCH.COM
6 AprAdobe modifies hosts file to detect whether Creative Cloud is installedsubmitted by floofloof to cybersecurity 3 points | 0 comments https://www.osnews.com/story/144737/adobe-secretly-modifies-your-hosts-file-for-the-stupidest-reason/ cross-posted from: lemmy.bestiver.se/post/1033182 CommentsINFOSEC.PUB
6 AprInside an AI‑enabled device code phishing campaignA new wave of device code phishing shows how threat actors are scaling account compromise using AI and end‑to‑end automation. This campaign goes beyond traditional phishing by generating live authentication codes on demand, enabling higher success rates and sustained post‑comprom…MICROSOFT.COM
6 AprYour Behavior Can Expose FraudBehavioral biometrics analyze how a user interacts with a device—typing patterns, pressure, movement, and more—combined with signals like device fingerprint and geolocation. This allows systems to quickly detect anomalies and flag fraudulent access, even when login credentials ap…YOUTUBE.COM
🌐 CYBER THREAT LANDSCAPE 2[−]
6 AprConvicted spyware maker Bryan Fleming avoids jail at sentencingThe pcTattletale founder escapes a custodial sentence following the first successful prosecution of a spyware maker in the U.S. for over a decade.TECHCRUNCH.COM
6 AprA week in security (March 30 – April 5)A list of topics we covered in the week of March 30 to April 5 of 2026MALWAREBYTES.COM
📡 INFOSEC NEWS 13[−]
6 AprTicket savings of up to $500 this week for TechCrunch Disrupt 2026Starting today, you have 5 days to save nearly $500 on your ticket to TechCrunch Disrupt 2026. This offer disappears Friday, April 10, at 11:59 p.m. PT. Register here to secure these low rates.TECHCRUNCH.COM
6 AprDrift $280M crypto theft linked to 6-month in-person operationThe Drift Protocol says that the $280+ million hack it suffered last week was the result of a long-term, carefully planned operation that included building "a functioning operational presence inside the Drift ecosystem." [...]BLEEPINGCOMPUTER.COM
6 AprDPRK-Linked Hackers Use GitHub as C2 in Multi-Stage Attacks Targeting South KoreaThreat actors likely associated with the Democratic People's Republic of Korea (DPRK) have been observed using GitHub as command-and-control (C2) infrastructure in multi-stage attacks targeting organizations in South Korea. The attack chain, per Fortinet Forti…THEHACKERNEWS.COM
6 AprMicrosoft removes Support and Recovery Assistant from WindowsMicrosoft has deprecated and removed the Support and Recovery Assistant (SaRA) command-line utility from all in-support versions of Windows updates starting March 10. [...]BLEEPINGCOMPUTER.COM
6 AprMicrosoft fixes Classic Outlook bug causing email delivery issuesMicrosoft has resolved a known issue that was preventing some Classic Outlook users from sending emails via Outlook.com. [...]BLEEPINGCOMPUTER.COM
6 Apr[local] is-localhost-ip 2.0.0 - SSRFis-localhost-ip 2.0.0 - SSRFEXPLOIT-DB.COM
6 Apr[webapps] Fortinet FortiWeb v8.0.1 - Auth BypassFortinet FortiWeb v8.0.1 - Auth BypassEXPLOIT-DB.COM
6 Apr[local] Windows Kernel - Elevation of PrivilegeWindows Kernel - Elevation of PrivilegeEXPLOIT-DB.COM
6 Apr[webapps] ASP.net 8.0.10 - BypassASP.net 8.0.10 - BypassEXPLOIT-DB.COM
6 Apr[webapps] Grafana 11.6.0 - SSRFGrafana 11.6.0 - SSRFEXPLOIT-DB.COM
6 Apr[webapps] Zhiyuan OA - arbitrary file upload leadingZhiyuan OA - arbitrary file upload leadingEXPLOIT-DB.COM
6 Apr[webapps] WordPress Madara - Local File InclusionWordPress Madara - Local File InclusionEXPLOIT-DB.COM