Toute l'actualité de la Cybersécurité
USN-8138-2: tar-rs vulnerability
2026-04-14 20:01:22
USN-8138-1 fixed a vulnerability in tar-rs. This update provides the
corresponding update for Ubuntu 20.04 LTS.
Original advisory details:
It was discovered that tar-rs incorrectly handled symlinks...
wolfSSL Vulnerability Hits IoT, Routers and Military Systems, Update to 5.9.1 Now
2026-04-14 18:30:42
Critical wolfSSL flaw CVE-2026-5194 allows digital ID forgery across billions of devices, update to version 5.9.1 to fix the issue and reduce risk.
Hack the AI agent: Build agentic AI security skills with the GitHub Secure Code Game
2026-04-14 18:17:59
Learn to find and exploit real-world agentic AI vulnerabilities through five progressive challenges in this free, open source game that over 10,000 developers have already used to sharpen their security...
Personal data of 1 million gym members compromised in Basic-Fit security incident
2026-04-14 18:10:33
A breach at Basic-Fit exposed data of 1M members, including names, birth dates and bank details after unauthorized access. Basic-Fit, Europe's largest gym chain, has disclosed a data breach affecting...
Microsoft releases Windows 10 KB5082200 extended security update
2026-04-14 18:09:39
Microsoft has released the Windows 10 KB5082200 extended security update to fix the April 2026 Patch Tuesday vulnerabilities, including 2 zero-days. [...]
Security Risk Advisors Purple Team Participants Can Now Earn CPE Credits
2026-04-14 17:40:30
Philadelphia, United States / Pennsylvania, 14th April 2026, CyberNewswire
McGraw-Hill confirms data breach following extortion threat
2026-04-14 18:07:07
Education company McGraw-Hill has confirmed in a statement to BleepingComputer that hackers exploited a Salesforce misconfiguration and accessed its internal data. [...]
USN-8168-2: Rust vulnerability
2026-04-14 18:01:04
USN-8168-1 fixed a vulnerability in Rust. This update provides the
corresponding update to Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04
LTS and Ubuntu 20.04 LTS.
Original advisory details:
It was...
Fortinet Patches 11 Vulnerabilities Across FortiSandbox, FortiOS, FortiAnalyzer, and FortiManager
2026-04-14 17:59:01
Fortinet released a sweeping batch of security advisories on April 14, 2026, addressing 11 vulnerabilities spanning multiple product lines, including two rated Critical, two rated High, and seven rated...
Windows 11 cumulative updates KB5083769 & KB5082052 released
2026-04-14 17:46:31
Microsoft has released Windows 11 KB5083769 and KB5082052 cumulative updates for versions 25H2/24H2 and 23H2 to fix security vulnerabilities, bugs, and add new features. [...]
Microsoft April 2026 Patch Tuesday fixes 167 flaws, 2 zero-days
2026-04-14 17:41:13
Today is Microsoft's April 2026 Patch Tuesday with security updates for 167 flaws, including 2 zero-day vulnerabilities. [...]
Issues with AWS Research and Engineering Studio (RES)
2026-04-14 17:31:02
Bulletin ID: 2026-014-AWS Scope: AWS Content Type: Important (requires attention) Publication Date: 2026/04/06 14:00 PM PDT
Description:
Research and Engineering Studio (RES) on AWS is an open source,...
Microsoft Patch Tuesday April 2026 – 168 Vulnerabilities Fixed, Including Actively Exploited 0-day
2026-04-14 17:19:30
Microsoft has released its April 2026 Patch Tuesday security update, addressing 168 vulnerabilities across its product portfolio, including one actively exploited zero-day and one publicly disclosed flaw...
Critical etcd Auth Bypass Flaw Allows Unauthorized Access to Sensitive Cluster APIs
2026-04-14 16:59:13
A critical authentication bypass vulnerability has emerged in etcd, the foundational distributed key-value store that supports countless cloud-native systems and Kubernetes clusters globally. Tracked...
Ivanti Neurons for ITSM Vulnerabilities Allow Remote Attacker to Obtain User Sessions
2026-04-14 16:52:20
Ivanti has released security updates addressing two medium-severity vulnerabilities in Ivanti Neurons for ITSM (N-ITSM), its on-premise IT service management platform. The flaws, if exploited, could allow...
Fake Ledger Live app on Apple's App Store stole .5M in crypto
2026-04-14 16:37:01
A malicious Ledger Live app for macOS available from Apple's App Store has drained approximately .5 million in cryptocurrency from 50 victims in just a few days this month. [...]
CISA Warns of Microsoft Exchange and Windows CLFS Vulnerabilities Exploited in Attacks
2026-04-14 16:31:41
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning to organizations regarding two severe Microsoft vulnerabilities. On April 13, 2026, the agency officially added...
Critical ShowDoc RCE Vulnerability Active Exploited in the Wild
2026-04-14 16:28:09
Threat actors are actively exploiting a critical vulnerability in ShowDoc, a popular online document-sharing and collaboration tool used by IT teams worldwide. Tracked under the identifier CNVD-2020-26585,...
Synology SSL VPN Client Vulnerabilities Let Remote Attackers Access Sensitive Files
2026-04-14 16:25:46
Synology reveals two severe SSL VPN Client flaws that could let remote attackers steal sensitive files and intercept network traffic. The vulnerabilities affect users running older versions of the software...
Critical FortiSandbox Vulnerabilities Allow Attackers to Execute Unauthorized Commands
2026-04-14 16:10:42
Fortinet has disclosed two critical security vulnerabilities affecting its FortiSandbox platform, both carrying a CVSSv3 score of 9.1. The flaws, published on April 14, 2026, could allow unauthenticated...
Les impacts d'Anthropic Claude Mythos sur les RSSI
2026-04-14 16:10:00
La semaine dernière, la divulgation du projet Glasswing par Anthropic a provoqué deux types assez classiques de réactions. D'une part, (...)
War Game Exercise Demonstrates How Social Media Manipulation Works
2026-04-14 16:06:14
In an educational game called "Capture the Narrative," students created bots to sway a fictional election, simulating influence in real-world political scenarios.
Kraken Exchange Faces Extortion After Insider Recorded System Footage
2026-04-14 15:58:05
Kraken exchange faces extortion after a staff member misused access to record internal systems, about 2,000 accounts affected, no funds or systems breached.
New PHP Composer Flaws Enable Arbitrary Command Execution — Patches Released
2026-04-14 15:57:00
Two high-severity security vulnerabilities have been disclosed in Composer, a package manager for PHP, that, if successfully exploited, could result in arbitrary command execution.
The...
Microsoft rolls out fast-track to reinstate Windows hardware dev accounts
2026-04-14 15:53:50
Microsoft has rolled out a fast-track process to help developers regain access to accounts recently suspended from its Windows Hardware Program, following widespread complaints that they were locked out...
I Had to Reverse-Engineer React, Shadow DOM, and CSP to Automate Safari Without Chrome
2026-04-14 15:38:13
Modern browser automation relies heavily on Chrome DevTools Protocol, but Safari lacks native CDP support. This article explores how to build automation from scratch by solving three core challenges:...
The CLARITY Act Could Finally Define Crypto in the U.S. (If It Clears Congress)
2026-04-14 15:28:08
The CLARITY Act passed the House 294-134 and is awaiting a Senate Banking Committee markup expected mid-April 2026. The entire bill is stalled over one issue: whether stablecoin holders should earn interest...
Mastering Quality Engineering in Connected Hardware Ecosystems
2026-04-14 15:14:08
In connected hardware systems, a faulty OTA update can cause large-scale device failures, making traditional “fail fast” approaches untenable. This article outlines a modern Quality Engineering framework...
Toolora Earns a 52 Proof of Usefulness Score by Building a Privacy-First Online Tools Platform
2026-04-14 15:01:28
oolora is a privacy-first platform offering 28+ browser-based tools that process data entirely on the client side, eliminating the need for file uploads. Built with modern browser APIs, it targets developers,...
How exposed is your code? Find out in minutes—for free
2026-04-14 15:00:00
The new Code Security Risk Assessment gives you a one-click view of vulnerabilities across your organization, at no cost.
The post How exposed is your code? Find out in minutes—for free appeared first...
Google Adds Rust-Based DNS Parser into Pixel 10 Modem to Enhance Security
2026-04-14 14:56:00
Google has announced the integration of a Rust-based Domain Name System (DNS) parser into the modem firmware as part of its ongoing efforts to beef up the security of Pixel devices and push memory-safe...
Amazon s'offre Globalstar pour propulser son réseau « Leo »
2026-04-14 14:55:53
Amazon rachète l'opérateur satellitaire Globalstar pour b11?5 milliards $. Une opération qui lui permet de passer à la vitesse supérieure dans la course au "Direct-to-Device".
The post Amazon s’offre...
Android Malware Analysis: A Practical Guide for Security Analysts
2026-04-14 14:51:24
From APK unpacking to behavioral analysis — with three real-world malware case studies and a companion automated analysis toolContinue reading on InfoSec Write-ups »
From Threat Intelligence to Detection: A Practitioner's Guide
2026-04-14 14:50:01
Building atomic, collection, correlational, TTP-based, and anomaly detection rules from real adversary behavior.Continue reading on InfoSec Write-ups »
I Tricked an AI Into Deleting a User Account (No Direct Access Needed)
2026-04-14 14:49:18
How I Exploited a Chatbot to Execute a Hidden Command via Product Reviews (PortSwigger Lab Walkthrough)Continue reading on InfoSec Write-ups »
Why Your AI System Can Look Healthy While Producing Zero Value
2026-04-14 14:49:14
An AI agent system ran continuously for three weeks with near-perfect uptime, executing tasks and storing over 600 user-relevant memories—yet delivered zero meaningful outcomes. The root cause was a...
GraphQL RCE: The Kill Chain to Cloud Identity…!
2026-04-14 14:48:04
From a simple query to Production “God Mode…!”Imagine this: You're logged into a modern SaaS platform…It's sleek, it's fast, and it has one killer feature — Custom Python Functions…To...
How Dark Web Intelligence Helped Me Prioritize High-Value Targets
2026-04-14 14:47:21
Free Link 🎈Continue reading on InfoSec Write-ups »
Exam Review: Certified Network Security Practitioner (CNSP)
2026-04-14 14:47:08
I recently sat for the Certified Network Security Practitioner (CNSP) exam offered by The SecOps Group and here’s my honest take on the…Continue reading on InfoSec Write-ups »
Rocket — CVE-2021–22911 NoSQL Injection + Ruby cap_setuid to Root | TryHackMe
2026-04-14 14:46:43
The Rocket machine presents a layered, multi-service attack surface that rewards methodical enumeration and precise exploit chaining. The entry point is a Rocket.Chat 3.12.1 instance exposed on a virtual...
Lian_Yu — TryHackMe Walkthrough
2026-04-14 14:46:24
IntroductionIn this walkthrough, I tackle the Lian_Yu room, moving from initial enumeration to full root access by chaining web discovery, credential extraction, steganography, and privilege escalation.Lian_YuTask...
You Are Part of the Harness: Building a 100+ Agent Swarm in Web3 (Part 4)
2026-04-14 14:42:56
AI agents amplify every habit you have. Skip planning? They generate unplanned code faster than you ever could. Believe in DRY but never enforce it? They violate it at scale. The biggest constraint in...
Master Advanced Netcat Usage for Hackers: Techniques Beyond Reverse Shells
2026-04-14 14:41:37
✨ Link for the full article in the first commentContinue reading on InfoSec Write-ups »
Exploiting LLM APIs for OS Command Injection (PortSwigger Lab Write-up)
2026-04-14 14:36:45
Link for non-members: LinkContinue reading on InfoSec Write-ups »
AI-Driven Pushpaganda Scam Exploits Google Discover to Spread Scareware and Ad Fraud
2026-04-14 14:30:00
Cybersecurity researchers have unmasked a novel ad fraud scheme that has been found to leverage search engine poisoning (SEO) techniques and artificial intelligence (AI)-generated content to push deceptive...
Decathlon peuple les métadonnées de sa médiathèque à base de LLM
2026-04-14 14:25:23
Decathlon a industralisé, sur AWS, un générateur de métadonnées exploitant les modèles Claude et Nova. Il en détaille les grandes lignes.
The post Decathlon peuple les métadonnées de sa médiathèque...
5 Ways Zero Trust Maximizes Identity Security
2026-04-14 14:02:12
Stolen credentials remain a top breach vector, often leading to unchecked privilege escalation. Specops explains how identity-first Zero Trust limits access, enforces device trust, and blocks lateral...
Native JSON Streaming in Symfony: How to Bypass Memory Limits and More
2026-04-14 14:00:05
In this comprehensive, advanced guide, we will explore how to architect a bulletproof JSON streaming solution. We will learn how to bypass memory limits, stream directly into highly optimized Data Transfer...
US, UK and Canada disrupt M crypto theft in Operation Atlantic
2026-04-14 13:50:50
US, UK and Canada ran Operation Atlantic, uncovering M in crypto theft and freezing M to return to victims. An international law enforcement operation from the US, UK and Canada, codenamed Operation...
Paris Code s'engage à former 1000 demandeurs d'emploi à l'IT
2026-04-14 13:41:00
A l’initiative de la Ville de Paris, le dispositif Paris Code vise à former des demandeurs d’emploi parisiens aux métiers du (...)
New Mirax Android RAT Turns Infected Phones Into Residential Proxy Nodes
2026-04-14 13:39:39
A newly discovered Android malware called Mirax has been quietly circulating in underground criminal forums since late 2025, posing a growing threat to mobile users across Europe and beyond. What sets...
AI Coding Tip 015 - Force the AI to Obey You
2026-04-14 13:01:01
Bury critical rules and AI models ignore them. Use explicit markers to force compliance.
Scamdemic: Over Trillion Annually Lost To Online Fraud; AI Lends A Helping Hand
2026-04-14 12:51:06
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Apr. 14, 2026 – Read the full story in Time For the past few years, it's escaped no one that levels of Internet...
Coupe du Monde 2026 : 36% des sponsors officiels laissent la porte ouverte aux arnaques par e-mail
2026-04-14 12:50:23
Une analyse de l’entreprise de cybersécurité Proofpoint révèle que si la plupart des partenaires ont mis en place des mesures d’authentification e-mail de base, beaucoup ne bloquent toujours...
SANS Institute, Cloud Security Alliance, [un]prompted, and OWASP GenAI Security Project Release Emergency Strategy Briefing as AI-Driven Vulnerability Discovery Compresses Exploit Timelines from Weeks to Hours
2026-04-14 12:42:40
“The AI Vulnerability Storm: Building a Mythos-Ready Security Program” delivers a risk register, 11 priority actions, and board briefing framework built by 60+ contributors and reviewed by 250+ CISOs...
Your Cloud Detection Strategy in 2026: What to Expect at the Global Cybersecurity Summit
2026-04-14 12:31:19
Cloud environments have changed how security teams detect and respond to threats. Signals come from more places, identities are harder to track, and attacks rarely stay within a single system. For many...
openSUSE Leap 15.6 openvswitch Moderate Memory Access Vulnerability Update
2026-04-14 12:30:07
An update that solves one vulnerability can now be installed.
openSUSE 15.6 openvswitch Moderate Memory Access Threat SUSE-2026-1306-1
2026-04-14 12:30:06
An update that solves one vulnerability can now be installed.
How Modern GTM Systems Drive Revenue Growth: Bridging Business Strategy with Technology
2026-04-14 12:13:20
Modern Go-To-Market (GTM) systems are transforming how businesses drive revenue by tightly integrating strategy with technology. Instead of siloed sales, marketing, and customer success functions, GTM...
Cloudflare renforce la création d'agents IA dans Agent Cloud
2026-04-14 12:08:21
Bien connu pour ses solutions de réseau de diffusion de contenu (CDN), Cloudflare continue à étendre son portefeuille autour (...)
How AI-Driven Decision Intelligence Is Reshaping Enterprise Performance Management
2026-04-14 12:07:41
AI-driven decision intelligence is reshaping enterprise performance management by enabling real-time, data-backed decisions instead of relying on static reports and intuition. It integrates advanced analytics,...
Ubuntu 20.04 LibreOffice Vulnerability CVE-2026-7691 Exploit Risk
2026-04-14 12:01:52
Important: fontforge security update
Security Advisory for Rocky Linux perl-XML-Parser RLSA-2026-10897
2026-04-14 12:01:12
Important: perl-XML-Parser security update
16-31 March 2025 Cyber Attacks Timeline
2026-04-14 11:57:57
The second half of March 2026 has been very active from an infosec standpoint, with 124 events and a threat landscape dominated by malware. As always, cyber crime led the motivations chart with 65%, slightly...
Should AI-generated content be taxed differently than human-created content?
2026-04-14 11:56:52
HackerNoon's poll on taxing AI-generated content revealed a near-even split, highlighting deep uncertainty around fairness, labor value, and regulation. While some want protections for human creators,...
Omnistealer uses the blockchain to steal everything it can
2026-04-14 11:52:15
This malware is coming for your password managers, saved logins, cloud storage, crypto wallets, and just about anything else it can reach.
Meet Kilo: HackerNoon Company of the Week
2026-04-14 11:48:54
14 people. 2.3M developers. #1 on OpenRouter. Kilo is this week's Company of the Week for good reason.
Debian 11 gdk-pixbuf Critical JPEG Processing Code Exec DLA-4531-1
2026-04-14 11:43:41
It was discovered that gdk-pixbuf, the GDK Pixbuf library, does not properly validate color component counts in the JPEG image loader, which may result in the execution of arbitrary code or denial of...
Booking.com Confirms Data Breach as Hackers Access Customer Details
2026-04-14 11:28:40
Booking.com confirms a data breach exposing customer details to hackers. No payment data accessed, but users face risk of targeted phishing scams now!
Datacenters de proximité : une opportunité pour garantir la souveraineté des données en France
2026-04-14 11:14:42
{ Tribune Expert } - Les datacenters de proximité sont des infrastructures ancrées localement, dimensionnées pour répondre à des besoins spécifiques et pleinement intégrés dans l'écosystème...
ShinyHunters claim the hack of Rockstar Games breach and started leaking data
2026-04-14 11:01:56
Leak of 8.1GB data tied to Rockstar Games includes anti-cheat code, game data, analytics and more, reportedly exposed by ShinyHunters. An 8.1GB data leak reportedly linked to Rockstar Games has surfaced,...
Ubuntu 25.10 Policykit Important Denial of Service Issues USN-8173-1
2026-04-14 10:55:29
Several security issues were fixed in polkit.
Eric Caen nommé Chief AI, IT & Digital Transformation Officer de SKEMA Business School
2026-04-14 10:43:22
Eric Caen rejoint SKEMA Business School en tant que Chief AI, IT & Digital Transformation Officer. Il rejoint le Comité Exécutif de l’école et reporte à la directrice générale, Alice Guilhon....
Repenser la cybersécurité à l'ère des logiciels créés avec l'IA
2026-04-14 10:30:32
L'IA transforme rapidement la façon dont les logiciels sont conçus, déployés et utilisés. Les tendances actuelles laissent (...)
Mirax Android RAT Turns Devices into SOCKS5 Proxies, Reaching 220,000 via Meta Ads
2026-04-14 10:20:00
A nascent Android remote access trojan called Mirax has been observed actively targeting Spanish-speaking countries, with campaigns reaching more than 220,000 accounts on Facebook, Instagram, Messenger,...
Ransomware-Linked ViperTunnel Malware Hits UK and US Businesses
2026-04-14 10:02:28
ViperTunnel is a Python-based backdoor linked to DragonForce ransomware that targets businesses using Windows servers across the US and the UK.
Top Linux Vulnerability Scanners in 2026: A Guide to Open-Source Security Tools
2026-04-14 10:00:20
Computer systems, software, applications, and Linux servers are all vulnerable to network security threats. Failure to identify these cybersecurity vulnerabilities, often through modern vulnerability...
Analysis of 216M Security Findings Shows a 4x Increase In Critical Risk (2026 Report)
2026-04-14 10:00:00
OX Security recently analyzed 216 million security findings across 250 organizations over a 90-day period. The primary takeaway: while raw alert volume grew by 52% year-over-year, prioritized critical...
Q1 2026 Open Source Malware Index: Adaptive Attacks, Familiar Weaknesses
2026-04-14 10:00:00
TL;DR
Sonatype identified 21,764 open source malware packages in Q1 2026, bringing the total logged since 2017 to 1,346,867.
npm accounted for 75% of malicious packages this quarter....
ChatGPT under scrutiny as Florida investigates campus shooting
2026-04-14 09:45:35
New cases and research suggest AI chatbots don't always shut down dangerous conversations.
Zimperium alerte sur l'essor du quishing : les QR codes deviennent un vecteur majeur de phishing mobile
2026-04-14 09:13:44
Initialement conçus pour partager des URL ou des données, les QR codes deviennent un vecteur d'attaque privilégié par les cybercriminels, qui exploitent leur omniprésence et la confiance qu'ils...
Attackers target unpatched ShowDoc servers via CVE-2025-0520
2026-04-14 09:13:40
A critical RCE flaw, tracked as CVE-2025-0520, in ShowDoc is being actively exploited, putting unpatched servers at serious risk. A critical remote code execution flaw, tracked as CVE-2025-0520 (CVSS...
L'Etat acte son sevrage aux technologies américaines
2026-04-14 08:51:40
« Nous devons nous désensibiliser des outils américains et reprendre le contrôle de notre destin numérique. Nous ne pouvons (...)
FIFA World Cup 2026: More than One-Third of Official Partners Expose the Public to the Risk of Email Fraud
2026-04-14 08:46:17
108 Malicious Chrome Extensions Steal Google and Telegram Data, Affecting 20,000 Users
2026-04-14 08:35:00
Cybersecurity researchers have discovered a new campaign in which a cluster of 108 Google Chrome extensions has been found to communicate with the same command-and-control (C2) infrastructure with the...
Cybersécurité : l'État a fixé ses échéances jusqu'à 2030
2026-04-14 08:34:52
L'État a actualisé la feuille de route de sécurité numérique pour ses SI. En voici les grands axes jusqu'à l'horizon 2030.
The post Cybersécurité : l’État a fixé ses échéances jusqu’à...
USN-8174-1: XML::Parser vulnerabilities
2026-04-14 08:13:19
It was discovered that XML::Parser incorrectly handled certain multi-byte
UTF-8 characters. If a user or automated system were tricked into
processing specially crafted XML data, a remote attacker could...
USN-8173-1: polkit vulnerabilities
2026-04-14 08:02:28
It was discovered that polkit incorrectly handled nested elements in XML
policy files. If an administrator were tricked into installing a malicious
policy file, a remote attacker could possibly use this...
U.S. CISA adds Adobe, Fortinet, Microsoft Exchange Server, and Microsoft Windows flaws to its Known Exploited Vulnerabilities catalog
2026-04-14 07:38:20
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Adobe, Fortinet, Microsoft Exchange Server, and Microsoft Windows flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity...
Fake Claude AI installer abuses DLL sideloading to deploy PlugX
2026-04-14 07:19:57
Fake Claude website impersonates Anthropic and delivers PlugX RAT via ZIP download using DLL sideloading. A fake website impersonating Anthropic's Claude service was found distributing the PlugX remote...
Common Entra ID Security Assessment Findings – Part 4: Weak Conditional Access Policies
2026-04-14 07:00:00
This post is part of a small blog series covering common Entra ID security findings observed during real-world assessments. Each article explores selected findings in more detail to provide a clearer...
2FA request can be replayed without a valid token after one successful request
2026-04-14 07:00:00
CVSSv3 Score:
6.7
An Improper authentication vulnerability [CWE-287] in FortiSOAR web GUI may allow an unauthenticated attacker to bypass authentication via replaying captured 2FA request....
Arbitrary directory delete on vmimages delete feature
2026-04-14 07:00:00
CVSSv3 Score:
6.2
An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability [CWE-22] in FortiSandbox, FortiSandbox Cloud, FortiSandbox PaaS and FortiSandbox...
Axios npm Package Compromised
2026-04-14 07:00:00
On March 31, 2026, the Axios npm package was compromised via a maintainer account takeover. Two malicious versions were published - axios@1.14.1 and axios@0.30.4 - which introduced a hidden dependency...
Clear-text credentials retrievable with IP modification for LDAP
2026-04-14 07:00:00
CVSSv3 Score:
4.1
A Storing Passwords in a Recoverable Format vulnerability [CWE-257] in FortiSOAR may allow an authenticated remote attacker to retrieve Service account password via server...
Clear-text credentials retrievable with IP modification for connectors
2026-04-14 07:00:00
CVSSv3 Score:
4.1
A Storing Passwords in a Recoverable Format vulnerability [CWE-257] in FortiSOAR may allow an authenticated remote attacker to retrieve passwords for multiple installed connectors...
Cleartext Credentials in response for API endpoints
2026-04-14 07:00:00
CVSSv3 Score:
6.2
A Cleartext Transmission of Sensitive Information vulnerability [CWE-319] in FortiSOAR may allow an authenticated attacker to view cleartext password in response for Secure...
Credential disclosure in LDAP configuration web page.
2026-04-14 07:00:00
CVSSv3 Score:
2.5
An Insufficiently protected credentials vulnerability [CWE-522] in FortiSanbox and FortiSanbox PaaS GUI may allow an authenticated administrator to read LDAP server credentials...
Hardcoded symmetric encryption key for Postgresql
2026-04-14 07:00:00
CVSSv3 Score:
5.2
A use of hard-coded cryptographic key vulnerability [CWE 321] in FortiClientEMS may allow an attacker in possession of an encrypted dump of the database to decrypt it.
...
Heap-based buffer overflow in oftpd daemon
2026-04-14 07:00:00
CVSSv3 Score:
7.3
A heap-based buffer overflow vulnerability [CWE-122] in FortiAnalyzer Cloud oftpd daemon may allow a remote unauthenticated attacker to execute arbitrary code or commands...
Integer Overflow Denial of Service in administrative interface
2026-04-14 07:00:00
CVSSv3 Score:
4.4
An Integer Overflow or Wraparound vulnerability [CWE-190] in FortiWeb may allow a privileged authenticated attacker to perform a denial of service of the system via crafted...
Missing Authentication for critical function in CAPWAP daemon
2026-04-14 07:00:00
CVSSv3 Score:
6.2
A missing authentication for critical function vulnerability [CWE-306] in FortiOS and FortiSwitchManager CAPWAP daemon may allow a local unauthenticated attacker on the same...
Multiple Path traversals in CLI
2026-04-14 07:00:00
CVSSv3 Score:
6.2
Multiple Relative Path Traversal vulnerabilities [CWE-23] in FortiWeb may allow a local privileged attacker to execute unauthorized code on the underlying system via crafted...
ShowDoc RCE Flaw CVE-2025-0520 Actively Exploited on Unpatched Servers
2026-04-14 05:50:00
A critical security vulnerability impacting ShowDoc, a document management and collaboration service popular in China, has come under active exploitation in the wild.
The vulnerability in question is...
CISA Adds 6 Known Exploited Flaws in Fortinet, Microsoft, and Adobe Software
2026-04-14 05:39:00
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added half a dozen security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.
The...
Just for Fun – An Unofficial Pen Test Game Module for D&D 5e
2026-04-14 02:52:01
Friends, I built an unlicensed, totally unofficial module for my local gaming group based on Dungeons and Dragons 5th Edition, specifically the amazing “Keys from the Golden Vault” heist book. You...
USN-8148-6: Linux kernel (Azure) vulnerabilities
2026-04-14 00:07:40
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Cryptographic API;
...
USN-8149-3: Linux kernel (Azure) vulnerabilities
2026-04-14 00:06:03
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Cryptographic API;
...
Multiples vulnérabilités dans Python (14 avril 2026)
14/04/2026
De multiples vulnérabilités ont été découvertes dans Python. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et un problème de sécurité non spécifié...
Multiples vulnérabilités dans Synology SSL VPN Client (14 avril 2026)
14/04/2026
De multiples vulnérabilités ont été découvertes dans Synology SSL VPN Client. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données et une atteinte à l'intégrité...
Multiples vulnérabilités dans les produits Siemens (14 avril 2026)
14/04/2026
De multiples vulnérabilités ont été découvertes dans les produits Siemens. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation...
Multiples vulnérabilités dans les produits Schneider Electric (14 avril 2026)
14/04/2026
De multiples vulnérabilités ont été découvertes dans les produits Schneider Electric. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte...
Multiples vulnérabilités dans les produits SAP (14 avril 2026)
14/04/2026
De multiples vulnérabilités ont été découvertes dans les produits SAP. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service...
Multiples vulnérabilités dans les produits Microsoft (14 avril 2026)
14/04/2026
De multiples vulnérabilités ont été découvertes dans les produits Microsoft. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.