Security
Headlines
HeadlinesLatestCVEs

Tag

#web

Photo booth flaw exposes people’s private pictures online

A security researcher says a basic website flaw at a photo booth operator may have exposed hundreds of private customer photos.

Malwarebytes
Open in Source
#vulnerability#web#ios#perl#acer
Photo booth flaw exposes people’s private pictures online

A security researcher says a basic website flaw at a photo booth operator may have exposed hundreds of private customer photos.

Google is discontinuing its dark web report: why it matters

Google will discontinue its dark web report early next year, prompting mixed reactions. How does dark web monitoring actually help keep you safe?

Fortinet FortiGate Under Active Attack Through SAML SSO Authentication Bypass

Threat actors have begun to exploit two newly disclosed security flaws in Fortinet FortiGate devices, less than a week after public disclosure. Cybersecurity company Arctic Wolf said it observed active intrusions involving malicious single sign-on (SSO) logins on FortiGate appliances on December 12, 2025. The attacks exploit two critical authentication bypasses (CVE-2025-59718 and CVE-2025-59719

700Credit Data Breach Impacts Millions of Car Owners

US auto loan service 700Credit confirms a data breach exposed names, addresses, and Social Security numbers of dealership customers. Free credit monitoring is offered.

React2Shell Vulnerability Actively Exploited to Deploy Linux Backdoors

The security vulnerability known as React2Shell is being exploited by threat actors to deliver malware families like KSwapDoor and ZnDoor, according to findings from Palo Alto Networks Unit 42 and NTT Security. "KSwapDoor is a professionally engineered remote access tool designed with stealth in mind," Justin Moore, senior manager of threat intel research at Palo Alto Networks Unit 42, said in a

Google to Shut Down Dark Web Monitoring Tool in February 2026

Google has announced that it's discontinuing its dark web report tool in February 2026, less than two years after it was launched as a way for users to monitor if their personal information is found on the dark web. To that end, scans for new dark web breaches will be stopped on January 15, 2026, and the feature will cease to exist effective February 16, 2026. "While the report offered general

Accelerating NetOps transformation with Ansible Automation Platform

2025 was an incredible year for network operations (NetOps) and Red Hat Ansible Automation Platform. To address growing network complexity, Red Hat provided the tools NetOps teams needed to implement a strategic automation approach. Through major platform releases, new partner integrations, and global events, Red Hat helped customers achieve enterprise-wide network automation with Ansible Automation Platform. Let’s take a look back at the major network automation milestones that defined the year.Key platform innovations In October, Ansible Automation Platform 2.6 launched, introducing new ca

GHSA-3pmh-24wp-xpf4: Weblate has Systematic User and Project Enumeration via Broken Authorization in REST API (IDOR)

### Impact It was possible to retrieve user notification settings or list all users via API. ### Patches * https://github.com/WeblateOrg/weblate/pull/17256 ### References Thanks to Hector Ruiz Ruiz & NaxusAI for responsibly disclosing this vulnerability to Weblate.

GHSA-pj86-258h-qrvf: Weblate's over‑permissive webhook endpoint enables mass repository updates and component enumeration

### Impact It was possible to trigger repository updates for many repositories via a crafted webhook payload. ### Patches * https://github.com/WeblateOrg/weblate/pull/17221 ### Workarounds Disabling webhooks completely using ENABLE_HOOKS avoids this vulnerability. ### References Thanks to Hector Ruiz Ruiz & NaxusAI for responsibly disclosing this vulnerability to us.