Our news

  • Vulnerability Summary for the Week of July 6, 2026

    High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info 1Panel-dev–MaxKB MaxKB is an open-source AI assistant for enterprise. Prior to 2.10.0-lts, MaxKB tool import functionality in apps/tools/serializers/tool.py and MCP referencing mode in apps/application/chat_pipeline/step/chat_step/impl/base_chat_step.py do not consistently validate MCP transport type, allowing an authenticated user to import a .tool file containing stdio transport with…

    READ MORE

  • Vulnerability Summary for the Week of June 29, 2026

    High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info @fastify/express–@fastify/express @fastify/express versions 4.0.6 and earlier only rewrite the plugin prefix for middleware mount paths when the path argument is a string. Non-string mount paths (arrays of paths and regular expressions) are left unprefixed inside prefixed plugin scopes, so middleware registered with those forms…

    READ MORE

  • Improve Router Hygiene to Protect Against Russian State-Sponsored Targeting

    Russian Government-Sponsored Activity Targets Poorly Configured and Vulnerable Devices Across Critical Sectors Executive summary Russian Federal Security Service (FSB) Center 16 cyber actors continue to exploit poorly configured and vulnerable networking devices worldwide, opportunistically compromising multiple critical infrastructure sector networks. This joint Cybersecurity Advisory (CSA) builds on FBI’s Russian Government Cyber Actors Targeting Networking Devices,…

    READ MORE

  • Central blue AI robot surrounded by interconnected data flows, representing AI, cybersecurity, and automated systems across global networks.

    Agentic Artificial Intelligence

    When most people think of Artificial Intelligence (AI), they think of the widespread, commercial, chatbot-like platforms. You type something, and it types something back; the user initiates actions. An “agent” is different. It can browse the web, write and run code, call other software, and chain multiple steps together to complete a task without a…

    READ MORE

  • Vulnerability Summary for the Week of June 22, 2026

    High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info abhisheksaha11–URL Preview The URL Preview plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.0 via the ‘url’ parameter. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web…

    READ MORE

  • Hacker in a hoodie typing on a laptop as red cyberattack lines strike a server rack, depicting a cyberattack scenario and defense ultimate goal.

    Why Firewalls and Edge Gateways are the New Primary Target

    For a long time, the unwritten rule of initial access was simple- trick a human. Phishing and social engineering were the easiest ways into a network because people are notoriously easy to manipulate. While those vectors haven’t gone anywhere, the threat landscape has shifted drastically over the past year. Sophisticated threat actors are completely bypassing…

    READ MORE

  • Vulnerability Summary for the Week of June 15, 2026

    High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info 10Web–Form Maker by 10Web Unauthenticated SQL Injection in Form Maker by 10Web <= 1.15.38 versions. 2026-06-15 9.3 CVE-2026-39502 404-redirection-manager–404 Redirection Manager The 404 Redirection Manager plugin version 1.0 for WordPress contains an unauthenticated SQL injection vulnerability that allows remote attackers to execute arbitrary SQL…

    READ MORE

  • CISA Urges Hardening Fortinet Devices After Reports of Credential Exposure

    CISA is aware of global reports that malicious cyber actors have targeted internet-accessible Fortinet devices across government and private sector organizations using compromised credentials. This activity, referred to as FortiBleed, involves the exposure of leaked credentials associated with approximately 74,000 Fortinet devices, including firewalls and virtual private network (VPN) gateways.   To defend against this…

    READ MORE

  • Vulnerability Summary for the Week of June 8, 2026

    High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info AdguardTeam–AdGuardHome AdGuard Home, when started with the –glinet flag, contains an authentication bypass vulnerability that allows unauthenticated attackers to gain full admin access by supplying a path traversal sequence in the Admin-Token cookie, exploiting unsanitized string concatenation in the token file path construction within…

    READ MORE

  • Vulnerability Summary for the Week of June 1, 2026

    High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info 10Web–Photo Gallery by 10Web Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in 10Web Photo Gallery by 10Web allows Blind SQL Injection. This issue affects Photo Gallery by 10Web: from n/a through 1.8.41. 2026-06-04 7.6 CVE-2026-49771 AAM Plugin–Advanced Access…

    READ MORE