News & Sicurezza

Steganography & Sabotage: Inside Pawn Storm’s PRISMEX Offensive Against NATO Logistics The notorious Russia-aligned threat actor known as Pawn Storm (also recognized as APT28, Fancy Bear, and Forest Blizzard) has significantly escalated its cyber operations in early 2026. According to a ... Read more Published Date: Apr 01, 2026 (1 day, 3 hours ago) Vulnerabilities has been mentioned in this article. CVE-2026-5281 CVE-2026-3502 CVE-2026-33032 CVE-2026-21513 CVE-2026-21509 CVE-2026-21962

PNG Vulnerabilities Allow Attackers to Trigger Process Crashes, Leak Sensitive Information Two high-severity vulnerabilities have been discovered in libpng, the widely used reference library for reading and writing PNG images. These flaws allow attackers to trigger process crashes, leak sen ... Read more Published Date: Apr 01, 2026 (1 day, 1 hour ago) Vulnerabilities has been mentioned in this article. CVE-2026-33636 CVE-2026-33416

A vulnerability was found in Sanster IOPaint 1.5.3. Impacted is the function _get_file of the file iopaint/file_manager/file_manager.py of the component File Manager. Performing a manipulation of the argument filename results in path traversal. The attack is possible to be carried out remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID :CVE-2026-4748 Published : April 1, 2026, 7:16 a.m. | 2 hours, 38 minutes ago Description :A regression in the way hashes were calculated caused rules containing the address range syntax (x.x.x.x - y.y.y.y) that only differ in the address range(s) involved to be silently dropped as duplicates. Only the first of such rules is actually loaded into pf. Ranges expressed using the address[/mask-bits] syntax were not affected. Some keywords representing actions taken on a packet-matching rule, such as 'log', 'return tll', or 'dnpipe', may suffer from the same issue. It is unlikely that users have such configurations, as these rules would always be redundant. Affected rules are silently ignored, which can lead to unexpected behaviour including over- and underblocking. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID :CVE-2026-5258 Published : April 1, 2026, 7:16 a.m. | 2 hours, 38 minutes ago Description :A vulnerability was found in Sanster IOPaint 1.5.3. Impacted is the function _get_file of the file iopaint/file_manager/file_manager.py of the component File Manager. Performing a manipulation of the argument filename results in path traversal. The attack is possible to be carried out remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way. Severity: 7.5 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Exploited in the Wild: Google Issues Emergency Patch for Chrome Zero-Day (CVE-2026-5281) in Dawn Component Google has released a critical security update for the Chrome Stable channel to address 21 security vulnerabilities. While the patch covers a wide array of flaws, one particular bug has put security t ... Read more Published Date: Apr 01, 2026 (1 day, 2 hours ago) Vulnerabilities has been mentioned in this article. CVE-2026-5289 CVE-2026-5287 CVE-2026-5281 CVE-2026-5279 CVE-2026-5278 CVE-2026-5277 CVE-2026-5275 CVE-2026-5274 CVE-2026-5273 CVE-2026-5272 CVE-2026-3502 CVE-2026-33032 CVE-2026-2441 CVE-2026-21962

A vulnerability has been found in code-projects Simple Laundry System 1.0. This issue affects some unknown processing of the file /delstaffinfo.php of the component Parameter Handler. Such manipulation of the argument userid leads to sql injection. The attack can be executed remotely. The exploit has been disclosed to the public and may be used.

A flaw has been found in code-projects Simple Laundry System 1.0. This vulnerability affects unknown code of the file /modify.php of the component Parameter Handler. This manipulation of the argument firstName causes sql injection. Remote exploitation of the attack is possible. The exploit has been published and may be used.

CVE ID :CVE-2026-2696 Published : April 1, 2026, 6:16 a.m. | 1 hour, 38 minutes ago Description :The Export All URLs WordPress plugin before 5.1 generates CSV filenames containing posts URLS (including private posts) in a predictable pattern using a random 6-digit number. These files are stored in the publicly accessible wp-content/uploads/ directory. As a result, any unauthenticated user can brute-force the filenames to gain access to sensitive data contained within the exported files. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID :CVE-2025-15484 Published : April 1, 2026, 6:16 a.m. | 1 hour, 38 minutes ago Description :The Order Notification for WooCommerce WordPress plugin before 3.6.3 overrides WooCommerce's permission checks to grant full access to all unauthenticated requests, enabling complete read/write access to store resources like products, coupons, and customers. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID :CVE-2026-5291 Published : April 1, 2026, 5:16 a.m. | 2 hours, 38 minutes ago Description :Inappropriate implementation in WebGL in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium) Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID :CVE-2026-5290 Published : April 1, 2026, 5:16 a.m. | 2 hours, 38 minutes ago Description :Use after free in Compositing in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...