https://shimiscyberworld.com/posts/telegram-1373735086-4998/ Shimi's Cyber World en 2026-04-25T18:40:29+03:00 Legal Sector Under Siege: 31 Ransomware Attacks in Seven Daysdarkweb, threat-intel, ransomware, malware, data-breach, darkfeed https://shimiscyberworld.com/posts/telegram-1373735086-4997/ Shimi's Cyber World en 2026-04-25T18:26:55+03:00 Global Payment Provider, Government Entity Hit in Major Data Leaksdarkweb, threat-intel, ransomware, vulnerability, data-breach https://shimiscyberworld.com/posts/nvd-CVE-2026-6982/ Shimi's Cyber World en 2026-04-25T18:16:17+03:00 CVE-2026-6982 — SQL Injectionvulnerability, cve, medium-severity, sql-injection, cwe-74, cwe-89 https://shimiscyberworld.com/posts/nvd-CVE-2026-6981/ Shimi's Cyber World en 2026-04-25T18:16:17+03:00 CVE-2026-6981 — IhateCreatingUserNames2 AiraHub2 Server-Side Request Forgeryvulnerability, cve, medium-severity, server-side-request-forgery, cwe-918 https://shimiscyberworld.com/posts/telegram-1542954397-4539/ Shimi's Cyber World en 2026-04-25T17:30:15+03:00 UK's NCSC Releases SilentGlass to Block Malicious Display Traffic https://shimiscyberworld.com/posts/nvd-CVE-2026-6980/ Shimi's Cyber World en 2026-04-25T17:16:00+03:00 CVE-2026-6980: Divyanshu-hash GitPilot-MCP Command Injectionvulnerability, cve, high-severity, command-injection, cwe-74, cwe-77 https://shimiscyberworld.com/posts/nvd-CVE-2026-6979/ Shimi's Cyber World en 2026-04-25T15:15:59+03:00 CVE-2026-6979 — Devlikeapro WAHA Server-Side Request Forgeryvulnerability, cve, medium-severity, server-side-request-forgery, cwe-918 https://shimiscyberworld.com/posts/nvd-CVE-2026-6978/ Shimi's Cyber World en 2026-04-25T15:15:59+03:00 CVE-2026-6978 — JiZhiCMS SQL Injectionvulnerability, cve, medium-severity, sql-injection, cwe-74, cwe-89 https://shimiscyberworld.com/posts/nvd-CVE-2026-6977/ Shimi's Cyber World en 2026-04-25T14:16:19+03:00 CVE-2026-6977: Vanna-AI Legacy Flask API Improper Authorizationvulnerability, cve, high-severity, cwe-266, cwe-285 https://shimiscyberworld.com/posts/researchers-uncover-pre-stuxnet-fast16-malware-targeting-e-xp1qr/ Shimi's Cyber World en 2026-04-25T12:26:00+03:00 Pre-Stuxnet 'fast16' Malware Targeted Engineering Software in 2005threat-intel, vulnerability, malware, tools https://shimiscyberworld.com/posts/nvd-CVE-2026-6951/ Shimi's Cyber World en 2026-04-25T09:16:16+03:00 simple-git RCE: Incomplete Fix Leaves Critical Vulnerability Openvulnerability, cve, critical, high-severity, remote-code-execution, cwe-94 https://shimiscyberworld.com/posts/adt-confirms-data-breach-after-shinyhunters-leak-threat-thhhr/ Shimi's Cyber World en 2026-04-25T01:53:14+03:00 ADT Confirms Data Breach After ShinyHunters Extortion Threatthreat-intel, data-breach, malware, ransomware https://shimiscyberworld.com/posts/nvd-CVE-2026-42171/ Shimi's Cyber World en 2026-04-25T01:16:01+03:00 CVE-2026-42171: NSIS Privilege Escalation Vulnerabilityvulnerability, cve, high-severity, cwe-427 https://shimiscyberworld.com/posts/the-npm-threat-landscape-attack-surface-and-mitigations-8o65q/ Shimi's Cyber World en 2026-04-25T00:40:33+03:00 npm Supply Chain Evolves: Wormable Malware, CI/CD Persistence Detectedthreat-intel, apt, malware, research https://shimiscyberworld.com/posts/nvd-CVE-2026-41481/ Shimi's Cyber World en 2026-04-25T00:16:19+03:00 CVE-2026-41481 — Server-Side Request Forgeryvulnerability, cve, medium-severity, server-side-request-forgery, cwe-918 https://shimiscyberworld.com/posts/nvd-CVE-2026-41478/ Shimi's Cyber World en 2026-04-25T00:16:19+03:00 Saltcorn SQL Injection (CVE-2026-41478) Exposes Sensitive Datavulnerability, cve, critical, high-severity, sql-injection, cwe-89 https://shimiscyberworld.com/posts/nvd-CVE-2026-41248/ Shimi's Cyber World en 2026-04-25T00:16:18+03:00 CVE-2026-41248: Clerk Auth Bypass Exposes Critical Web Applicationsvulnerability, cve, critical, high-severity, cwe-436, cwe-863 https://shimiscyberworld.com/posts/firestarter-malware-survives-cisco-firewall-updates-securit-jd7v0/ Shimi's Cyber World en 2026-04-24T23:34:08+03:00 Cisco Firestarter Malware Persists Through Updatesthreat-intel, data-breach, malware, vulnerability https://shimiscyberworld.com/posts/tgr-sta-1030-new-activity-in-central-and-south-america-26fh7/ Shimi's Cyber World en 2026-04-24T23:30:19+03:00 TGR-STA-1030: Persistent Threat to Central and South Americathreat-intel, apt, malware, research, microsoft https://shimiscyberworld.com/posts/windows-update-gets-new-controls-to-reduce-forced-restarts-1g7ek/ Shimi's Cyber World en 2026-04-24T23:08:26+03:00 Microsoft Windows Update Gets New Controls to Reduce Forced Restartsthreat-intel, data-breach, malware, microsoft https://shimiscyberworld.com/posts/daily-digest/ Shimi's Cyber World en 2026-04-24T23:00:00+03:00 Daily Security Digest — 2026-04-24daily-digest, vulnerability, cve, high-severity, cwe-1321, cwe-113, cwe-183, cwe-441, cwe-918, critical https://shimiscyberworld.com/posts/nvd-CVE-2026-41492/ Shimi's Cyber World en 2026-04-24T22:17:14+03:00 Dgraph CVE-2026-41492: Unauthenticated Admin Token Exposure Via /debug/varsvulnerability, cve, critical, high-severity, cwe-200 https://shimiscyberworld.com/posts/nvd-CVE-2026-41421/ Shimi's Cyber World en 2026-04-24T22:17:13+03:00 CVE-2026-41421: SiYuan Desktop RCE via HTML Notification Abusevulnerability, cve, high-severity, code-execution, cwe-78, cwe-79 https://shimiscyberworld.com/posts/nvd-CVE-2026-41419/ Shimi's Cyber World en 2026-04-24T22:17:13+03:00 4ga Boards Path Traversal Vulnerability Exposes Local Files (CVE-2026-41419)vulnerability, cve, high-severity, path-traversal, cwe-22 https://shimiscyberworld.com/posts/nvd-CVE-2026-41418/ Shimi's Cyber World en 2026-04-24T22:17:13+03:00 CVE-2026-41418 — 4ga Boards is a boards system for realtime projectvulnerability, cve, medium-severity, cwe-208 https://shimiscyberworld.com/posts/nvd-CVE-2026-41414/ Shimi's Cyber World en 2026-04-24T22:17:13+03:00 CVE-2026-41414: Skim Fuzzy Finder Vulnerability Exposes GitHub Tokensvulnerability, cve, high-severity, cwe-94 https://shimiscyberworld.com/posts/nvd-CVE-2026-41328/ Shimi's Cyber World en 2026-04-24T22:17:12+03:00 Dgraph CVE-2026-41328: Unauthenticated Data Read Access Critical Flawvulnerability, cve, critical, high-severity, cwe-943 https://shimiscyberworld.com/posts/nvd-CVE-2026-41327/ Shimi's Cyber World en 2026-04-24T22:17:12+03:00 CVE-2026-41327: Dgraph GraphQL Database Critical Unauthenticated Data Readvulnerability, cve, critical, high-severity, cwe-943 https://shimiscyberworld.com/posts/nvd-CVE-2026-33666/ Shimi's Cyber World en 2026-04-24T22:17:10+03:00 CVE-2026-33666: Zserio BitStreamReader Overflow Bypasses Bounds Checkvulnerability, cve, high-severity, cwe-190 https://shimiscyberworld.com/posts/nvd-CVE-2026-33662/ Shimi's Cyber World en 2026-04-24T22:17:09+03:00 CVE-2026-33662: OP-TEE RSA Padding Underflow Leads to Crashvulnerability, cve, high-severity, cwe-190 https://shimiscyberworld.com/posts/nvd-CVE-2026-33524/ Shimi's Cyber World en 2026-04-24T22:17:09+03:00 Zserio DoS: Crafted Payload Triggers Massive Memory Allocationvulnerability, cve, high-severity, denial-of-service, cwe-789 https://shimiscyberworld.com/posts/iran-s-cyber-threat-may-be-less-shock-and-awe-than-low-an-fpsjf/ Shimi's Cyber World en 2026-04-24T22:15:00+03:00 Iran Cyber Threat: Low-and-Slow Opportunism, Not 'Shock and Awe'threat-intel, data-breach, government https://shimiscyberworld.com/posts/adt-says-customer-data-stolen-in-cyber-intrusion-jcwup/ Shimi's Cyber World en 2026-04-24T21:45:00+03:00 ADT Customer Data Stolen in Cyber Intrusionthreat-intel, data-breach, government https://shimiscyberworld.com/posts/nvd-CVE-2026-42044/ Shimi's Cyber World en 2026-04-24T21:16:31+03:00 CVE-2026-42044 — Privilege Escalationvulnerability, cve, medium-severity, privilege-escalation, cwe-915, cwe-1321 https://shimiscyberworld.com/posts/nvd-CVE-2026-42043/ Shimi's Cyber World en 2026-04-24T21:16:31+03:00 Axios CVE-2026-42043: NO_PROXY Bypass Vulnerabilityvulnerability, cve, high-severity, cwe-183, cwe-441, cwe-918 https://shimiscyberworld.com/posts/nvd-CVE-2026-42042/ Shimi's Cyber World en 2026-04-24T21:16:31+03:00 CVE-2026-42042 — Axios is a promise based HTTP client for the browser andvulnerability, cve, medium-severity, cwe-183, cwe-201 https://shimiscyberworld.com/posts/nvd-CVE-2026-42041/ Shimi's Cyber World en 2026-04-24T21:16:31+03:00 CVE-2026-42041 — Axios is a promise based HTTP client for the browser andvulnerability, cve, medium-severity, cwe-287, cwe-1321 https://shimiscyberworld.com/posts/nvd-CVE-2026-42038/ Shimi's Cyber World en 2026-04-24T21:16:30+03:00 CVE-2026-42038 — Axios is a promise based HTTP client for the browser andvulnerability, cve, medium-severity, cwe-918 https://shimiscyberworld.com/posts/nvd-CVE-2026-42037/ Shimi's Cyber World en 2026-04-24T21:16:30+03:00 CVE-2026-42037 — Axios is a promise based HTTP client for the browser andvulnerability, cve, medium-severity, cwe-93 https://shimiscyberworld.com/posts/nvd-CVE-2026-42036/ Shimi's Cyber World en 2026-04-24T21:16:30+03:00 CVE-2026-42036 — Axios is a promise based HTTP client for the browser andvulnerability, cve, medium-severity, cwe-770 https://shimiscyberworld.com/posts/nvd-CVE-2026-42035/ Shimi's Cyber World en 2026-04-24T21:16:30+03:00 Axios CVE-2026-42035: Prototype Pollution Leads to Header Injectionvulnerability, cve, high-severity, cwe-113, cwe-1321 https://shimiscyberworld.com/posts/nvd-CVE-2026-42034/ Shimi's Cyber World en 2026-04-24T21:16:30+03:00 CVE-2026-42034 — Axios is a promise based HTTP client for the browser andvulnerability, cve, medium-severity, cwe-770 https://shimiscyberworld.com/posts/nvd-CVE-2026-42033/ Shimi's Cyber World en 2026-04-24T21:16:29+03:00 CVE-2026-42033: Axios Prototype Pollution Allows Response Tampering, HTTP Hijackingvulnerability, cve, high-severity, cwe-1321 https://shimiscyberworld.com/posts/nvd-CVE-2026-41322/ Shimi's Cyber World en 2026-04-24T21:16:28+03:00 CVE-2026-41322 — @astrojs/node allows Astro to deploy your SSR site to Nodevulnerability, cve, medium-severity, cwe-525 https://shimiscyberworld.com/posts/microsoft-to-roll-out-entra-passkeys-on-windows-in-late-apri-luumc/ Shimi's Cyber World en 2026-04-24T21:13:55+03:00 Microsoft Entra Passkeys Roll Out to Windows Devicesthreat-intel, data-breach, malware, microsoft, identity, phishing https://shimiscyberworld.com/posts/nvd-CVE-2026-6912/ Shimi's Cyber World en 2026-04-24T20:16:22+03:00 AWS Cognito Flaw Grants Deployment Admin Privilegesvulnerability, cve, high-severity, cwe-915 https://shimiscyberworld.com/posts/nvd-CVE-2026-6911/ Shimi's Cyber World en 2026-04-24T20:16:22+03:00 Critical JWT Bypass in AWS Ops Wheel Grants Admin Accessvulnerability, cve, critical, high-severity, cwe-347 https://shimiscyberworld.com/posts/nvd-CVE-2026-41411/ Shimi's Cyber World en 2026-04-24T20:16:22+03:00 CVE-2026-41411 — Command Injectionvulnerability, cve, medium-severity, command-injection, cwe-78 https://shimiscyberworld.com/posts/nvd-CVE-2026-41079/ Shimi's Cyber World en 2026-04-24T20:16:21+03:00 CVE-2026-41079 — Out-of-Bounds $1vulnerability, cve, medium-severity, out-of-bounds-1, cwe-125, cwe-200 https://shimiscyberworld.com/posts/nvd-CVE-2026-41067/ Shimi's Cyber World en 2026-04-24T20:16:21+03:00 CVE-2026-41067 — Astro is a web framework. Prior to 6.1.6, thevulnerability, cve, medium-severity, cwe-79 https://shimiscyberworld.com/posts/nvd-CVE-2026-41066/ Shimi's Cyber World en 2026-04-24T20:16:20+03:00 lxml XML Parsing Vulnerability Exposes Local Filesvulnerability, cve, high-severity, cwe-611 https://shimiscyberworld.com/posts/nvd-CVE-2026-40897/ Shimi's Cyber World en 2026-04-24T20:16:20+03:00 Critical RCE in Math.js Expression Parser (CVE-2026-40897)vulnerability, cve, high-severity, cwe-915 https://shimiscyberworld.com/posts/pentagon-grapples-with-securing-ai-as-it-moves-toward-autono-34zqn/ Shimi's Cyber World en 2026-04-24T20:14:00+03:00 Pentagon Grapples with Securing AI in Autonomous Warfarethreat-intel, data-breach, government https://shimiscyberworld.com/posts/nvd-CVE-2026-39920/ Shimi's Cyber World en 2026-04-24T19:16:36+03:00 Critical RCE in BridgeHead FileStore via Default Axis2 Credentialsvulnerability, cve, critical, high-severity, cwe-1188, cwe-1391 https://shimiscyberworld.com/posts/nvd-CVE-2026-42095/ Shimi's Cyber World en 2026-04-24T18:16:48+03:00 CVE-2026-42095 — bookserver in KDE Arianna before 26.04.1 allows attackersvulnerability, cve, medium-severity, cwe-306 https://shimiscyberworld.com/posts/norway-s-prime-minister-proposes-ban-on-social-media-access-k0yg1/ Shimi's Cyber World en 2026-04-24T17:41:00+03:00 Norway Proposes Social Media Ban for Young Teensthreat-intel, data-breach, government, tools https://shimiscyberworld.com/posts/in-other-news-unauthorized-mythos-access-plankey-cisa-nomi-90z3p/ Shimi's Cyber World en 2026-04-24T17:31:51+03:00 Mythos Unauthorized Access, CISA Nom Withdrawal, New Display Securitythreat-intel, vulnerability, data-breach https://shimiscyberworld.com/posts/nasa-employees-duped-in-chinese-phishing-scheme-targeting-u-j2hj6/ Shimi's Cyber World en 2026-04-24T17:13:00+03:00 China Targets NASA with Phishing for Defense Softwarethreat-intel, vulnerability, cloud, microsoft, phishing https://shimiscyberworld.com/posts/toronto-police-arrest-three-in-canada-s-first-mobile-sms-bla-3lai4/ Shimi's Cyber World en 2026-04-24T16:45:00+03:00 Canada's First SMS Blaster Arrests: A Shift in Phishing Tacticsthreat-intel, data-breach, government, phishing https://shimiscyberworld.com/posts/nvd-CVE-2026-5367/ Shimi's Cyber World en 2026-04-24T16:16:21+03:00 OVN Out-of-Bounds Read Exposes Heap Memory via DHCPv6vulnerability, cve, high-severity, out-of-bounds-1, cwe-130 https://shimiscyberworld.com/posts/nvd-CVE-2026-5265/ Shimi's Cyber World en 2026-04-24T16:16:21+03:00 CVE-2026-5265 — When generating an ICMP Destination Unreachable or Packetvulnerability, cve, medium-severity, cwe-130 https://shimiscyberworld.com/posts/nvd-CVE-2026-21515/ Shimi's Cyber World en 2026-04-24T16:16:03+03:00 Critical Azure IoT Central Flaw Exposes Sensitive Data, Allows Privilege Escalationvulnerability, cve, critical, high-severity, cwe-200 https://shimiscyberworld.com/posts/north-korea-s-lazarus-targets-macos-users-via-clickfix-jr0ng/ Shimi's Cyber World en 2026-04-24T16:00:00+03:00 Lazarus Targets macOS via ClickFix: North Korea's New Attack Vectorthreat-intel, tools https://shimiscyberworld.com/posts/telegram-1707304340-2291/ Shimi's Cyber World en 2026-04-24T15:57:25+03:00 Ransomware Costs Spike: VPNs and SonicWall Exploitedisrael, malware, ransomware, cloud https://shimiscyberworld.com/posts/cisa-kev-CVE-2024-7399/ Shimi's Cyber World en 2026-04-24T15:00:00+03:00 CVE-2024-7399 — Samsung MagicINFO 9 Server: Samsung MagicINFO 9 Server Path Traversal Vulnerabilityvulnerability, cve, cisa-kev, actively-exploited https://shimiscyberworld.com/posts/cisa-kev-CVE-2024-57728/ Shimi's Cyber World en 2026-04-24T15:00:00+03:00 CVE-2024-57728 — SimpleHelp SimpleHelp: SimpleHelp Path Traversal Vulnerabilityvulnerability, cve, cisa-kev, actively-exploited https://shimiscyberworld.com/posts/cisa-kev-CVE-2024-57726/ Shimi's Cyber World en 2026-04-24T15:00:00+03:00 CVE-2024-57726 — SimpleHelp SimpleHelp: SimpleHelp Missing Authorization Vulnerabilityvulnerability, cve, cisa-kev, actively-exploited https://shimiscyberworld.com/posts/bridging-the-ai-agent-authority-gap-continuous-observabilit-tw3co/ Shimi's Cyber World en 2026-04-24T14:49:00+03:00 AI Agents: The Delegated Risk Gap Defenders Must Closethreat-intel, vulnerability, ai-security https://shimiscyberworld.com/posts/26-fakewallet-apps-found-on-apple-app-store-targeting-crypto-vskn6/ Shimi's Cyber World en 2026-04-24T14:48:00+03:00 Fake Crypto Wallets Flood App Store, Targeting User Seed Phrasesthreat-intel, vulnerability, malware https://shimiscyberworld.com/posts/vulnerabilities-patched-in-crowdstrike-tenable-products-qo8nt/ Shimi's Cyber World en 2026-04-24T12:49:27+03:00 Critical Flaws Hit CrowdStrike, Tenable Products; Patches Releasedthreat-intel, vulnerability https://shimiscyberworld.com/posts/tropic-trooper-uses-trojanized-sumatrapdf-and-github-to-depl-xft8b/ Shimi's Cyber World en 2026-04-24T12:29:00+03:00 Tropic Trooper Exploits SumatraPDF and VS Code Tunnels for Espionagethreat-intel, vulnerability, malware, microsoft, tools https://shimiscyberworld.com/posts/nvd-CVE-2026-21728/ Shimi's Cyber World en 2026-04-24T12:16:03+03:00 Tempo Vulnerability: High-Severity Flaw Risks Service Availabilityvulnerability, cve, high-severity https://shimiscyberworld.com/posts/nvd-CVE-2026-4078/ Shimi's Cyber World en 2026-04-24T11:16:30+03:00 CVE-2026-4078 — Cross-Site Scripting (XSS)vulnerability, cve, medium-severity, cross-site-scripting-xss, cwe-79 https://shimiscyberworld.com/posts/nvd-CVE-2026-3569/ Shimi's Cyber World en 2026-04-24T11:16:30+03:00 CVE-2026-3569 — The Liaison Site Prober plugin for WordPress is vulnerablevulnerability, cve, medium-severity, cwe-862 https://shimiscyberworld.com/posts/nvd-CVE-2026-3565/ Shimi's Cyber World en 2026-04-24T11:16:30+03:00 CVE-2026-3565 — The Taqnix plugin for WordPress is vulnerable to Cross-Sitevulnerability, cve, medium-severity, cwe-352 https://shimiscyberworld.com/posts/nvd-CVE-2025-11762/ Shimi's Cyber World en 2026-04-24T11:16:29+03:00 CVE-2025-11762 — The HubSpot All-In-One Marketing - Forms, Popups, Live Chatvulnerability, cve, medium-severity, cwe-862 https://shimiscyberworld.com/posts/nvd-CVE-2026-1952/ Shimi's Cyber World en 2026-04-24T10:16:09+03:00 Delta Electronics AS320T Plagued by Critical DoS Vulnerabilityvulnerability, cve, critical, high-severity, denial-of-service, cwe-912 https://shimiscyberworld.com/posts/nvd-CVE-2026-1951/ Shimi's Cyber World en 2026-04-24T10:16:09+03:00 Critical Buffer Overflow in Delta Electronics AS320T PLCvulnerability, cve, critical, high-severity, cwe-121 https://shimiscyberworld.com/posts/nvd-CVE-2026-1950/ Shimi's Cyber World en 2026-04-24T10:16:08+03:00 Critical Buffer Overflow Hits Delta Electronics AS320Tvulnerability, cve, critical, high-severity, cwe-121 https://shimiscyberworld.com/posts/nvd-CVE-2026-6810/ Shimi's Cyber World en 2026-04-24T09:16:08+03:00 CVE-2026-6810 — The Booking Calendar Contact Form plugin for WordPress isvulnerability, cve, medium-severity, cwe-639 https://shimiscyberworld.com/posts/nvd-CVE-2026-5428/ Shimi's Cyber World en 2026-04-24T09:16:08+03:00 CVE-2026-5428 — Cross-Site Scripting (XSS)vulnerability, cve, medium-severity, cross-site-scripting-xss, cwe-79 https://shimiscyberworld.com/posts/nvd-CVE-2026-5364/ Shimi's Cyber World en 2026-04-24T09:16:08+03:00 WordPress Plugin Flaw Exposes Sites to RCEvulnerability, cve, high-severity, remote-code-execution, cwe-434 https://shimiscyberworld.com/posts/nvd-CVE-2026-5347/ Shimi's Cyber World en 2026-04-24T09:16:04+03:00 CVE-2026-5347 — The HM Books Gallery plugin for WordPress is vulnerable tovulnerability, cve, medium-severity, cwe-862 https://shimiscyberworld.com/posts/nvd-CVE-2026-1949/ Shimi's Cyber World en 2026-04-24T09:16:03+03:00 Critical RCE in Delta Electronics AS320T Industrial Controllersvulnerability, cve, critical, high-severity, cwe-131 https://shimiscyberworld.com/posts/telegram-1542954397-4536/ Shimi's Cyber World en 2026-04-24T08:03:39+03:00 AI-Generated 'Books' Exploit Amazon's Kindle Unlimited, Generate Millions https://shimiscyberworld.com/posts/nvd-CVE-2026-6947/ Shimi's Cyber World en 2026-04-24T07:16:23+03:00 D-Link DWM-222W Wi-Fi Adapter Vulnerable to Brute-Force Bypassvulnerability, cve, high-severity, cwe-307 https://shimiscyberworld.com/posts/nvd-CVE-2026-6393/ Shimi's Cyber World en 2026-04-24T07:16:22+03:00 CVE-2026-6393 — The BetterDocs plugin for WordPress is vulnerable tovulnerability, cve, medium-severity, cwe-862 https://shimiscyberworld.com/posts/nvd-CVE-2026-5488/ Shimi's Cyber World en 2026-04-24T07:16:22+03:00 CVE-2026-5488 — The ExactMetrics – Google Analytics Dashboard for WordPressvulnerability, cve, medium-severity, cwe-862 https://shimiscyberworld.com/posts/nvd-CVE-2026-41485/ Shimi's Cyber World en 2026-04-24T07:16:21+03:00 Kyverno Policy Engine Flaw: Cluster Crash and Admission Controller Bypassvulnerability, cve, high-severity, cwe-617 https://shimiscyberworld.com/posts/nvd-CVE-2026-41324/ Shimi's Cyber World en 2026-04-24T07:16:20+03:00 Node.js FTP Clients Exposed to DoS via Malicious Listingsvulnerability, cve, high-severity, denial-of-service, cwe-400, cwe-770 https://shimiscyberworld.com/posts/nvd-CVE-2026-41323/ Shimi's Cyber World en 2026-04-24T07:16:20+03:00 Kyverno API Call Vulnerability Exposes Kubernetes Clustersvulnerability, cve, high-severity, cwe-200, cwe-918 https://shimiscyberworld.com/posts/nvd-CVE-2026-41319/ Shimi's Cyber World en 2026-04-24T07:16:20+03:00 CVE-2026-41319 — Versions Prior To Vulnerabilityvulnerability, cve, medium-severity, cwe-74 https://shimiscyberworld.com/posts/nvd-CVE-2026-41318/ Shimi's Cyber World en 2026-04-24T07:16:20+03:00 CVE-2026-41318 — Cross-Site Scripting (XSS)vulnerability, cve, medium-severity, cross-site-scripting-xss, cwe-79, cwe-116, cwe-1336 https://shimiscyberworld.com/posts/nvd-CVE-2026-41068/ Shimi's Cyber World en 2026-04-24T07:16:19+03:00 Kyverno Privilege Escalation: RBAC Bypass in Multi-Tenant Clustersvulnerability, cve, high-severity, privilege-escalation, cwe-863 https://shimiscyberworld.com/posts/nvd-CVE-2026-2028/ Shimi's Cyber World en 2026-04-24T07:16:09+03:00 CVE-2026-2028 — Arbitrary File Accessvulnerability, cve, medium-severity, arbitrary-file-access, cwe-639 https://shimiscyberworld.com/posts/nvd-CVE-2026-41316/ Shimi's Cyber World en 2026-04-24T06:16:11+03:00 Ruby ERB Deserialization Flaw Allows Code Executionvulnerability, cve, high-severity, code-execution, cwe-693 https://shimiscyberworld.com/posts/nvd-CVE-2026-41309/ Shimi's Cyber World en 2026-04-24T06:16:11+03:00 OSSN Resource Exhaustion: DoS Risk from Malicious Image Uploadsvulnerability, cve, high-severity, denial-of-service, cwe-400, cwe-770 https://shimiscyberworld.com/posts/nvd-CVE-2026-41305/ Shimi's Cyber World en 2026-04-24T06:16:11+03:00 CVE-2026-41305 — Cross-Site Scripting (XSS)vulnerability, cve, medium-severity, cross-site-scripting-xss, cwe-79 https://shimiscyberworld.com/posts/nvd-CVE-2026-40254/ Shimi's Cyber World en 2026-04-24T06:16:11+03:00 CVE-2026-40254 — Path Traversalvulnerability, cve, medium-severity, path-traversal, cwe-193 https://shimiscyberworld.com/posts/nvd-CVE-2026-33318/ Shimi's Cyber World en 2026-04-24T06:16:11+03:00 Actual Finance Tool: Local Admin Escalation via OIDC Migration Flawvulnerability, cve, high-severity, privilege-escalation, cwe-284, cwe-862 https://shimiscyberworld.com/posts/nvd-CVE-2026-33317/ Shimi's Cyber World en 2026-04-24T06:16:11+03:00 OP-TEE Vulnerability Exposes TrustZone to OOB Reads, Crashesvulnerability, cve, high-severity, out-of-bounds-1, cwe-125, cwe-787 https://shimiscyberworld.com/posts/nvd-CVE-2026-32952/ Shimi's Cyber World en 2026-04-24T06:16:07+03:00 CVE-2026-32952 — go-ntlmssp is a Go package that provides NTLM/Negotiatevulnerability, cve, medium-severity, cwe-190 https://shimiscyberworld.com/posts/carnival-7-531-359-breached-accounts-se1n8/ Shimi's Cyber World en 2026-04-24T04:58:19+03:00 Carnival Breach: ShinyHunters Exposes 7.5M Loyalty Program Accountsdata-breach, phishing https://shimiscyberworld.com/posts/nvd-CVE-2026-31956/ Shimi's Cyber World en 2026-04-24T04:16:11+03:00 CVE-2026-31956 — Xibo is an open source digital signage platform with a webvulnerability, cve, medium-severity, cwe-639 https://shimiscyberworld.com/posts/nvd-CVE-2026-31955/ Shimi's Cyber World en 2026-04-24T04:16:11+03:00 CVE-2026-31955 — Versions Prior To Server-Side Request Forgeryvulnerability, cve, medium-severity, server-side-request-forgery, cwe-918 https://shimiscyberworld.com/posts/nvd-CVE-2026-31953/ Shimi's Cyber World en 2026-04-24T04:16:11+03:00 CVE-2026-31953 — Versions Prior To Cross-Site Scripting (XSS)vulnerability, cve, medium-severity, cross-site-scripting-xss, cwe-79 https://shimiscyberworld.com/posts/nvd-CVE-2026-40630/ Shimi's Cyber World en 2026-04-24T03:16:29+03:00 Critical Flaw in SenseLive X3050 Exposes Sensitive Configurationsvulnerability, cve, critical, high-severity, improper-access-control, cwe-288 https://shimiscyberworld.com/posts/nvd-CVE-2026-40623/ Shimi's Cyber World en 2026-04-24T03:16:28+03:00 SenseLive X3050 Vulnerability: Critical Configuration Bypassvulnerability, cve, high-severity, cwe-862 https://shimiscyberworld.com/posts/nvd-CVE-2026-40620/ Shimi's Cyber World en 2026-04-24T03:16:28+03:00 SenseLive X3050: Critical Unauthenticated Admin Accessvulnerability, cve, critical, high-severity, cwe-306 https://shimiscyberworld.com/posts/nvd-CVE-2026-40431/ Shimi's Cyber World en 2026-04-24T03:16:28+03:00 CVE-2026-40431 — A vulnerability exists in SenseLive X3050’s web managementvulnerability, cve, medium-severity, cwe-319 https://shimiscyberworld.com/posts/nvd-CVE-2026-39462/ Shimi's Cyber World en 2026-04-24T03:16:28+03:00 SenseLive X3050: Password Changes Failing After Resetvulnerability, cve, high-severity, cwe-522 https://shimiscyberworld.com/posts/nvd-CVE-2026-35503/ Shimi's Cyber World en 2026-04-24T03:16:28+03:00 SenseLive X3050 Critical Vulnerability: Client-Side Auth Bypassvulnerability, cve, critical, high-severity, cwe-798 https://shimiscyberworld.com/posts/nvd-CVE-2026-35064/ Shimi's Cyber World en 2026-04-24T03:16:27+03:00 SenseLive X3050 Vulnerability Exposes Management Interfaces Unauthenticatedvulnerability, cve, high-severity, cwe-306 https://shimiscyberworld.com/posts/nvd-CVE-2026-31952/ Shimi's Cyber World en 2026-04-24T03:16:27+03:00 Xibo Digital Signage Platform Hit with Critical SQL Injectionvulnerability, cve, high-severity, sql-injection, cwe-89, cwe-184 https://shimiscyberworld.com/posts/nvd-CVE-2026-29051/ Shimi's Cyber World en 2026-04-24T03:16:27+03:00 CVE-2026-29051 — Deployments That Explicitly Pass `--Persist-Lint-Results`; T Vulnerabilityvulnerability, cve, medium-severity, cwe-22 https://shimiscyberworld.com/posts/nvd-CVE-2026-29050/ Shimi's Cyber World en 2026-04-24T03:16:27+03:00 CVE-2026-29050 — melange allows users to build apk packages usingvulnerability, cve, medium-severity, cwe-22 https://shimiscyberworld.com/posts/nvd-CVE-2026-27843/ Shimi's Cyber World en 2026-04-24T03:16:27+03:00 SenseLive X3050 Critical Vulnerability: Persistent Lockout, No Physical Resetvulnerability, cve, critical, high-severity, cwe-306 https://shimiscyberworld.com/posts/nvd-CVE-2026-27841/ Shimi's Cyber World en 2026-04-24T03:16:26+03:00 SenseLive X3050 CSRF Vulnerability: High Risk Remote Configuration Abusevulnerability, cve, high-severity, cwe-352 https://shimiscyberworld.com/posts/nvd-CVE-2026-25775/ Shimi's Cyber World en 2026-04-24T03:16:26+03:00 Critical Unauthenticated Firmware Flaws in SenseLive X3050vulnerability, cve, critical, high-severity, cwe-306 https://shimiscyberworld.com/posts/nvd-CVE-2026-25720/ Shimi's Cyber World en 2026-04-24T03:16:26+03:00 CVE-2026-25720 — A vulnerability exists in SenseLive X3050’s web managementvulnerability, cve, medium-severity, cwe-613 https://shimiscyberworld.com/posts/nvd-CVE-2026-1789/ Shimi's Cyber World en 2026-04-24T03:16:26+03:00 CVE-2026-1789 — A vulnerability in the browser-based remote managementvulnerability, cve, medium-severity, cwe-807 https://shimiscyberworld.com/posts/nvd-CVE-2026-6732/ Shimi's Cyber World en 2026-04-24T02:16:16+03:00 CVE-2026-6732 — Libxml2 Denial of Servicevulnerability, cve, medium-severity, denial-of-service, cwe-843 https://shimiscyberworld.com/posts/nvd-CVE-2026-41355/ Shimi's Cyber World en 2026-04-24T01:16:42+03:00 OpenShell Mirror Mode Allows Arbitrary Code Executionvulnerability, cve, high-severity, code-execution, cwe-829 https://shimiscyberworld.com/posts/nvd-CVE-2026-41353/ Shimi's Cyber World en 2026-04-24T01:16:42+03:00 OpenClaw: High-Severity Access Control Bypass Loomsvulnerability, cve, high-severity, cwe-472 https://shimiscyberworld.com/posts/nvd-CVE-2026-41352/ Shimi's Cyber World en 2026-04-24T01:16:42+03:00 OpenClaw RCE: Paired Nodes Bypass Auth, Allow Arbitrary Commandsvulnerability, cve, high-severity, remote-code-execution, cwe-862 https://shimiscyberworld.com/posts/nvd-CVE-2026-41349/ Shimi's Cyber World en 2026-04-24T01:16:41+03:00 OpenClaw LLM Agent Bypass: Silent Execution Approval Disabledvulnerability, cve, high-severity, cwe-862 https://shimiscyberworld.com/posts/nvd-CVE-2026-41347/ Shimi's Cyber World en 2026-04-24T01:16:41+03:00 OpenClaw CSRF Vulnerability: High-Severity Risk in Trusted-Proxy Deploymentsvulnerability, cve, high-severity, cwe-352 https://shimiscyberworld.com/posts/nvd-CVE-2026-41342/ Shimi's Cyber World en 2026-04-24T01:16:40+03:00 OpenClaw Authentication Bypass Poses Remote Onboarding Riskvulnerability, cve, high-severity, authentication-bypass, cwe-346 https://shimiscyberworld.com/posts/nvd-CVE-2026-41336/ Shimi's Cyber World en 2026-04-24T01:16:39+03:00 OpenClaw Vulnerability: Arbitrary Code Execution via .env File Overridevulnerability, cve, high-severity, cwe-829 https://shimiscyberworld.com/posts/nvd-CVE-2026-35431/ Shimi's Cyber World en 2026-04-24T01:16:38+03:00 Critical SSRF in Microsoft Entra ID Entitlement Managementvulnerability, cve, critical, high-severity, server-side-request-forgery, cwe-918 https://shimiscyberworld.com/posts/nvd-CVE-2026-33819/ Shimi's Cyber World en 2026-04-24T01:16:37+03:00 Critical Deserialization RCE in Microsoft Bing (CVE-2026-33819)vulnerability, cve, critical, high-severity, insecure-deserialization, cwe-502 https://shimiscyberworld.com/posts/nvd-CVE-2026-33102/ Shimi's Cyber World en 2026-04-24T01:16:37+03:00 M365 Copilot Critical Open Redirect Allows Privilege Escalationvulnerability, cve, critical, high-severity, open-redirect, cwe-601 https://shimiscyberworld.com/posts/nvd-CVE-2026-32210/ Shimi's Cyber World en 2026-04-24T01:16:35+03:00 Critical SSRF in Microsoft Dynamics 365 Poses Spoofing Riskvulnerability, cve, critical, high-severity, server-side-request-forgery, cwe-918 https://shimiscyberworld.com/posts/nvd-CVE-2026-32172/ Shimi's Cyber World en 2026-04-24T01:16:33+03:00 Microsoft Power Apps Vulnerability Allows Remote Code Executionvulnerability, cve, high-severity, cwe-427 https://shimiscyberworld.com/posts/nvd-CVE-2026-26210/ Shimi's Cyber World en 2026-04-24T01:16:26+03:00 Critical KTransformers Unsafe Deserialization Vulnerability (CVE-2026-26210)vulnerability, cve, critical, high-severity, insecure-deserialization, cwe-502 https://shimiscyberworld.com/posts/nvd-CVE-2026-26150/ Shimi's Cyber World en 2026-04-24T01:16:23+03:00 Microsoft Purview SSRF: Privilege Escalation Riskvulnerability, cve, high-severity, server-side-request-forgery, cwe-918 https://shimiscyberworld.com/posts/nvd-CVE-2026-24303/ Shimi's Cyber World en 2026-04-24T01:16:22+03:00 Critical Privilege Escalation in Microsoft Partner Centervulnerability, cve, critical, high-severity, improper-access-control, cwe-284 https://shimiscyberworld.com/posts/hackers-exploit-file-upload-bug-in-breeze-cache-wordpress-pl-htqmk/ Shimi's Cyber World en 2026-04-24T00:33:45+03:00 Breeze Cache Plugin Exploit: Unauthenticated File Upload Hits WordPressthreat-intel, data-breach, malware, vulnerability, identity https://shimiscyberworld.com/posts/nvd-CVE-2026-6942/ Shimi's Cyber World en 2026-04-24T00:16:06+03:00 Critical RCE Flaw in radare2-mcp: Command Injection via JSON-RPCvulnerability, cve, critical, high-severity, remote-code-execution, cwe-78 https://shimiscyberworld.com/posts/nvd-CVE-2026-6941/ Shimi's Cyber World en 2026-04-24T00:16:06+03:00 CVE-2026-6941 — Its Project Notes Handling That Path Traversalvulnerability, cve, medium-severity, path-traversal, cwe-59 https://shimiscyberworld.com/posts/nvd-CVE-2026-6940/ Shimi's Cyber World en 2026-04-24T00:16:06+03:00 Radare2 Path Traversal Flaw: Local Attackers Can Delete Arbitrary Directoriesvulnerability, cve, high-severity, path-traversal, cwe-22 https://shimiscyberworld.com/posts/nvd-CVE-2026-28525/ Shimi's Cyber World en 2026-04-24T00:16:05+03:00 CVE-2026-28525 — The Multipart Upload Parser In Mongoose_multipart.C That Denial of Servicevulnerability, cve, medium-severity, denial-of-service, cwe-125, cwe-191 https://shimiscyberworld.com/posts/frontier-ai-and-the-future-of-defense-your-top-questions-an-1z8qk/ Shimi's Cyber World en 2026-04-23T23:45:50+03:00 Frontier AI: CISO Questions and Defensive Realitiesthreat-intel, apt, malware, research https://shimiscyberworld.com/posts/nvd-CVE-2026-41272/ Shimi's Cyber World en 2026-04-23T23:16:15+03:00 Flowise SSRF Bypass: DNS Rebinding Opens LLM Flows to Attackersvulnerability, cve, high-severity, server-side-request-forgery, cwe-918 https://shimiscyberworld.com/posts/nvd-CVE-2026-41271/ Shimi's Cyber World en 2026-04-23T23:16:15+03:00 Flowise SSRF Vulnerability Exposes Internal Systemsvulnerability, cve, high-severity, server-side-request-forgery, cwe-918 https://shimiscyberworld.com/posts/nvd-CVE-2026-41270/ Shimi's Cyber World en 2026-04-23T23:16:15+03:00 Flowise SSRF Bypass: Internal Network at Riskvulnerability, cve, high-severity, server-side-request-forgery, cwe-284, cwe-918 https://shimiscyberworld.com/posts/nvd-CVE-2026-41269/ Shimi's Cyber World en 2026-04-23T23:16:15+03:00 Flowise RCE via Malicious JavaScript Uploadsvulnerability, cve, high-severity, remote-code-execution, cwe-434 https://shimiscyberworld.com/posts/nvd-CVE-2026-41268/ Shimi's Cyber World en 2026-04-23T23:16:15+03:00 Flowise RCE: Unauthenticated Command Executionvulnerability, cve, high-severity, cwe-20 https://shimiscyberworld.com/posts/nvd-CVE-2026-41267/ Shimi's Cyber World en 2026-04-23T23:16:15+03:00 Flowise Cloud Vulnerability Exposes Multi-Tenant Environmentsvulnerability, cve, high-severity, cwe-639, cwe-915 https://shimiscyberworld.com/posts/nvd-CVE-2026-41138/ Shimi's Cyber World en 2026-04-23T23:16:14+03:00 Flowise RCE: Unchecked Input Leads to Code Executionvulnerability, cve, high-severity, remote-code-execution, cwe-94 https://shimiscyberworld.com/posts/us-sanctions-cambodian-senator-for-millions-earned-through-s-h3to2/ Shimi's Cyber World en 2026-04-23T23:07:00+03:00 US Sanctions Cambodian Senator for Massive Scam Compound Operationsthreat-intel, data-breach, government https://shimiscyberworld.com/posts/daily-digest/ Shimi's Cyber World en 2026-04-23T23:00:00+03:00 Daily Security Digest — 2026-04-23daily-digest, vulnerability, cve, critical, high-severity, cwe-20, cwe-190, cwe-345, cwe-1284, cwe-617 https://shimiscyberworld.com/posts/nvd-CVE-2026-41246/ Shimi's Cyber World en 2026-04-23T22:17:29+03:00 Contour Kubernetes Ingress: Lua Code Injection Leads to Envoy RCEvulnerability, cve, high-severity, code-execution, cwe-94 https://shimiscyberworld.com/posts/nvd-CVE-2026-41241/ Shimi's Cyber World en 2026-04-23T22:17:29+03:00 Pretalx XSS: Organizer Search Exposes User Datavulnerability, cve, high-severity, cwe-79 https://shimiscyberworld.com/posts/nvd-CVE-2026-41213/ Shimi's Cyber World en 2026-04-23T22:17:29+03:00 CVE-2026-41213 — @node-oauth/oauth2-server is a module for implementing anvulnerability, cve, medium-severity, cwe-307, cwe-1289 https://shimiscyberworld.com/posts/nvd-CVE-2026-41173/ Shimi's Cyber World en 2026-04-23T22:17:29+03:00 CVE-2026-41173 — The AWS X-Ray Remote Sampler package provides a samplervulnerability, cve, medium-severity, cwe-770 https://shimiscyberworld.com/posts/nvd-CVE-2026-41078/ Shimi's Cyber World en 2026-04-23T22:17:28+03:00 CVE-2026-41078 — Denial of Servicevulnerability, cve, medium-severity, denial-of-service, cwe-770 https://shimiscyberworld.com/posts/nvd-CVE-2026-40894/ Shimi's Cyber World en 2026-04-23T22:17:28+03:00 CVE-2026-40894 — Denial of Servicevulnerability, cve, medium-severity, denial-of-service, cwe-789 https://shimiscyberworld.com/posts/nvd-CVE-2026-40886/ Shimi's Cyber World en 2026-04-23T22:17:28+03:00 Argo Workflows Crash Loop: Malformed Annotation Halts Processingvulnerability, cve, high-severity, cwe-129 https://shimiscyberworld.com/posts/nvd-CVE-2026-31173/ Shimi's Cyber World en 2026-04-23T22:17:25+03:00 CVE-2026-31173 — ToToLink A3300R Firmware Vulnerabilityvulnerability, cve, medium-severity, cwe-77 https://shimiscyberworld.com/posts/nvd-CVE-2026-31169/ Shimi's Cyber World en 2026-04-23T22:17:25+03:00 CVE-2026-31169 — ToToLink A3300R Firmware Vulnerabilityvulnerability, cve, medium-severity, cwe-77 https://shimiscyberworld.com/posts/nvd-CVE-2026-31168/ Shimi's Cyber World en 2026-04-23T22:17:24+03:00 CVE-2026-31168 — ToToLink A3300R Firmware Vulnerabilityvulnerability, cve, medium-severity, cwe-77 https://shimiscyberworld.com/posts/nvd-CVE-2026-31167/ Shimi's Cyber World en 2026-04-23T22:17:24+03:00 CVE-2026-31167 — ToToLink A3300R Firmware Vulnerabilityvulnerability, cve, medium-severity, cwe-77 https://shimiscyberworld.com/posts/nvd-CVE-2026-31163/ Shimi's Cyber World en 2026-04-23T22:17:24+03:00 CVE-2026-31163 — ToToLink A3300R Firmware Vulnerabilityvulnerability, cve, medium-severity, cwe-77 https://shimiscyberworld.com/posts/nvd-CVE-2026-31162/ Shimi's Cyber World en 2026-04-23T22:17:24+03:00 CVE-2026-31162 — ToToLink A3300R Firmware Vulnerabilityvulnerability, cve, medium-severity, cwe-77 https://shimiscyberworld.com/posts/cisa-us-agency-breached-through-cisco-vulnerability-firest-imlfx/ Shimi's Cyber World en 2026-04-23T22:03:00+03:00 CISA Breach: Cisco Vulnerability Led to Persistent Backdoorthreat-intel, data-breach, government, malware, vulnerability https://shimiscyberworld.com/posts/telegram-1542954397-4535/ Shimi's Cyber World en 2026-04-23T22:01:18+03:00 Firefox and Tor Browser Uniquely Vulnerable to Stable Identifier Leakidentity https://shimiscyberworld.com/posts/trigona-ransomware-attacks-use-custom-exfiltration-tool-to-s-g4igl/ Shimi's Cyber World en 2026-04-23T21:59:39+03:00 Trigona Ransomware Leverages Custom Data Exfiltration Toolthreat-intel, data-breach, malware, ransomware, tools https://shimiscyberworld.com/posts/surveillance-companies-exploiting-telecom-system-to-spy-on-t-69gpn/ Shimi's Cyber World en 2026-04-23T21:43:00+03:00 Surveillance Firms Weaponize Telecom Flaws for Location Trackingthreat-intel, data-breach, government, vulnerability https://shimiscyberworld.com/posts/nvd-CVE-2026-6921/ Shimi's Cyber World en 2026-04-23T21:16:30+03:00 CVE-2026-6921 — Race in GPU in Google Chrome on Windows prior tovulnerability, cve, medium-severity, cwe-362, cwe-362 https://shimiscyberworld.com/posts/nvd-CVE-2026-6920/ Shimi's Cyber World en 2026-04-23T21:16:30+03:00 Chrome on Android GPU Vulnerability Allows Sandbox Escapevulnerability, cve, high-severity, out-of-bounds-1, cwe-125, cwe-125 https://shimiscyberworld.com/posts/nvd-CVE-2026-41909/ Shimi's Cyber World en 2026-04-23T21:16:29+03:00 CVE-2026-41909 — Paired-Device Pairing Management That Vulnerabilityvulnerability, cve, medium-severity, cwe-863 https://shimiscyberworld.com/posts/nvd-CVE-2026-41908/ Shimi's Cyber World en 2026-04-23T21:16:29+03:00 CVE-2026-41908 — The Assistant-Media Route That Vulnerabilityvulnerability, cve, medium-severity, cwe-863 https://shimiscyberworld.com/posts/nvd-CVE-2026-40891/ Shimi's Cyber World en 2026-04-23T21:16:28+03:00 CVE-2026-40891 — Denial of Servicevulnerability, cve, medium-severity, denial-of-service, cwe-789 https://shimiscyberworld.com/posts/nvd-CVE-2026-40182/ Shimi's Cyber World en 2026-04-23T21:16:28+03:00 CVE-2026-40182 — OpenTelemetry dotnet is a dotnet telemetry framework. Fromvulnerability, cve, medium-severity, cwe-789 https://shimiscyberworld.com/posts/nvd-CVE-2026-31179/ Shimi's Cyber World en 2026-04-23T21:16:25+03:00 CVE-2026-31179 — ToToLink A3300R Firmware Vulnerabilityvulnerability, cve, medium-severity, cwe-77 https://shimiscyberworld.com/posts/nvd-CVE-2026-31176/ Shimi's Cyber World en 2026-04-23T21:16:24+03:00 CVE-2026-31176 — ToToLink A3300R Firmware Vulnerabilityvulnerability, cve, medium-severity, cwe-77 https://shimiscyberworld.com/posts/nvd-CVE-2026-31159/ Shimi's Cyber World en 2026-04-23T21:16:24+03:00 CVE-2026-31159 — ToToLink A3300R Firmware Vulnerabilityvulnerability, cve, medium-severity, cwe-77 https://shimiscyberworld.com/posts/unc6692-impersonates-it-helpdesk-via-microsoft-teams-to-depl-khwgm/ Shimi's Cyber World en 2026-04-23T21:16:00+03:00 UNC6692 Impersonates IT Helpdesk via Microsoft Teams with SNOW Malwarethreat-intel, vulnerability, malware, microsoft, phishing https://shimiscyberworld.com/posts/telegram-1427288221-8813/ Shimi's Cyber World en 2026-04-23T20:31:51+03:00 Bitwarden CLI npm Package Briefly Compromised in Supply Chain Attackisrael https://shimiscyberworld.com/posts/nvd-CVE-2026-41239/ Shimi's Cyber World en 2026-04-23T19:16:26+03:00 CVE-2026-41239 — Cross-Site Scripting (XSS)vulnerability, cve, medium-severity, cross-site-scripting-xss, cwe-79, cwe-1289 https://shimiscyberworld.com/posts/nvd-CVE-2026-41238/ Shimi's Cyber World en 2026-04-23T19:16:26+03:00 CVE-2026-41238 — Cross-Site Scripting (XSS)vulnerability, cve, medium-severity, cross-site-scripting-xss, cwe-79, cwe-1321 https://shimiscyberworld.com/posts/nvd-CVE-2026-40472/ Shimi's Cyber World en 2026-04-23T19:16:25+03:00 Critical XSS in hackage-server via Malicious .cabal Metadatavulnerability, cve, critical, high-severity, cross-site-scripting-xss, cwe-79 https://shimiscyberworld.com/posts/nvd-CVE-2026-40471/ Shimi's Cyber World en 2026-04-23T19:16:25+03:00 Critical CSRF Flaw in hackage-server Poses Supply Chain Riskvulnerability, cve, critical, high-severity, cwe-352 https://shimiscyberworld.com/posts/nvd-CVE-2026-40470/ Shimi's Cyber World en 2026-04-23T19:16:25+03:00 Critical XSS in Hackage Server Exposes User Sessionsvulnerability, cve, critical, high-severity, cross-site-scripting-xss, cwe-79 https://shimiscyberworld.com/posts/nvd-CVE-2026-34003/ Shimi's Cyber World en 2026-04-23T19:16:24+03:00 X.Org X Server Flaw: Local Attackers Exploit OOB Memory Accessvulnerability, cve, high-severity, denial-of-service, cwe-125 https://shimiscyberworld.com/posts/nvd-CVE-2026-34001/ Shimi's Cyber World en 2026-04-23T19:16:24+03:00 X.Org Server Flaw: Use-After-Free Threatens Linux Desktopsvulnerability, cve, high-severity, use-after-free, cwe-825 https://shimiscyberworld.com/posts/nvd-CVE-2026-33999/ Shimi's Cyber World en 2026-04-23T19:16:24+03:00 X.Org Server Underflow: Local RCE and DoS Riskvulnerability, cve, high-severity, denial-of-service, cwe-191 https://shimiscyberworld.com/posts/nvd-CVE-2026-23751/ Shimi's Cyber World en 2026-04-23T19:16:24+03:00 Critical Kofax Capture RCE Vulnerability: Unauthenticated Access to Files and NTLMv2 Coercionvulnerability, cve, critical, high-severity, remote-code-execution, cwe-306, cwe-441 https://shimiscyberworld.com/posts/nvd-CVE-2025-62373/ Shimi's Cyber World en 2026-04-23T19:16:24+03:00 Critical RCE in Pipecat Python Framework: CVE-2025-62373vulnerability, cve, critical, high-severity, remote-code-execution, cwe-502 https://shimiscyberworld.com/posts/new-checkmarx-supply-chain-breach-affects-kics-analysis-tool-g75f0/ Shimi's Cyber World en 2026-04-23T19:05:12+03:00 Checkmarx KICS Supply Chain Compromise Exposes Developer Datathreat-intel, data-breach, malware, tools https://shimiscyberworld.com/posts/china-linked-hackers-targeted-mongolian-government-using-sla-5p8mn/ Shimi's Cyber World en 2026-04-23T19:03:00+03:00 China-Linked GopherWhisper APT Targets Mongolian Government via Slack, Discordthreat-intel, data-breach, government, malware