Security
Headlines
HeadlinesLatestCVEs

Tag

#web

GHSA-4jrw-64vr-7g8m: Apache Camel camel-neo4j component is vulnerable to cypher injection

Cypher Injection vulnerability in Apache Camel camel-neo4j component. This issue affects Apache Camel: from 4.10.0 before 4.10.8, from 4.14.0 before 4.14.3, from 4.15.0 before 4.17.0 Users are recommended to upgrade to version 4.10.8 for 4.10.x LTS and 4.14.3 for 4.14.x LTS and 4.17.0.

ghsa
Open in Source
#vulnerability#web#apache#auth
Online shoppers at risk as Magecart skimming hits major payment networks

A Magecart campaign is skimming card data from online checkouts tied to major payment networks, including AmEx, Diners Club, and Mastercard.

Fortinet Fixes Critical FortiSIEM Flaw Allowing Unauthenticated Remote Code Execution

Fortinet has released updates to fix a critical security flaw impacting FortiSIEM that could allow an unauthenticated attacker to achieve code execution on susceptible instances. The operating system (OS) injection vulnerability, tracked as CVE-2025-64155, is rated 9.4 out of 10.0 on the CVSS scoring system. "An improper neutralization of special elements used in an OS command ('OS command

How real software downloads can hide remote backdoors

Attackers use legitimate open-source software as cover, relying on user trust to compromise systems. We dive into an example.

New Research: 64% of 3rd-Party Applications Access Sensitive Data Without Justification

Research analyzing 4,700 leading websites reveals that 64% of third-party applications now access sensitive data without business justification, up from 51% in 2024.  Government sector malicious activity spiked from 2% to 12.9%, while 1 in 7 Education sites show active compromise. Specific offenders: Google Tag Manager (8% of violations), Shopify (5%), Facebook Pixel (4%). Download the

Convert Video to Text: A Comprehensive Guide

In today’s digital age, video content has become an essential tool for communication, education, and entertainment. Whether it’s…

Microsoft Fixes 114 Windows Flaws in January 2026 Patch, One Actively Exploited

Microsoft on Tuesday rolled out its first security update for 2026, addressing 114 security flaws, including one vulnerability that it said has been actively exploited in the wild. Of the 114 flaws, eight are rated Critical, and 106 are rated Important in severity. As many as 58 vulnerabilities have been classified as privilege escalation, followed by 22 information disclosure, 21 remote code

GHSA-v492-6xx2-p57g: Chainlit contains an authorization bypass vulnerability

Chainlit versions prior to 2.8.5 contain an authorization bypass through user-controlled key vulnerability. If this vulnerability is exploited, threads may be viewed or thread ownership may be obtained by an attacker who can log in to the product.

How Cybercrime Markets Launder Breach Proceeds and What Security Teams Miss

Explore how cybercrime markets turn stolen data into laundered funds using dollar‑pegged assets, mixers and exchanges-and why tracking BTC USDT price and stablecoin flows now matters for security, fraud and AML teams.

PLUGGYAPE Malware Uses Signal and WhatsApp to Target Ukrainian Defense Forces

The Computer Emergency Response Team of Ukraine (CERT-UA) has disclosed details of new cyber attacks targeting its defense forces with malware known as PLUGGYAPE between October and December 2025. The activity has been attributed with medium confidence to a Russian hacking group tracked as Void Blizzard (aka Laundry Bear or UAC-0190). The threat actor is believed to be active since at least