sittisak mintaboon

168/69 Tuesday, March 24, 2026 The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added five vulnerabilities affecting Apple, Craft CMS, and Laravel Livewire to its Known Exploited Vulnerabilities (KEV) catalog after confirming active exploitation. These vulnerabilities carry CVSS scores ranging from 7.8 to 10.0 and include issues such as buffer overflow, improper locking, and […]

167/69 Tuesday, March 24, 2026 Oracle has released security updates to address a critical vulnerability tracked as CVE-2026-21992 (CVSS score: 9.8), affecting Oracle Identity Manager and Oracle Web Services Manager. The flaw allows unauthenticated attackers to exploit the systems remotely over HTTP, potentially leading to Remote Code Execution (RCE). Successful exploitation could result in full […]

166/69 Tuesday, March 24, 2026 Since February 27, 2026, cybersecurity researchers from Netcraft have identified a large-scale attack campaign targeting websites running the popular e-commerce platform Magento. More than 7,500 domains have been compromised through website defacement, affecting over 15,000 hostnames globally. The attack involves uploading simple text files (.txt) directly into website infrastructures, impacting […]

165/69 Monday, March 23, 2026 The ransomware group WorldLeaks added the City of Los Angeles to its leak site on March 20, 2026, claiming it had stolen approximately 159.9 GB of data across 779 files. The group operates as a cybercriminal network focused on data exfiltration and extortion, pressuring victims to pay in exchange for […]

164/69 Monday, March 23, 2026 Cybersecurity firm Sansec has disclosed a vulnerability in the REST API of Magento and Adobe Commerce that allows attackers to upload malicious files to affected systems without authentication. The flaw, dubbed PolyShell, impacts versions from the earliest releases up to 2.4.9-alpha2. In older versions (below 2.3.5), the issue may also […]

163/69 Monday, March 23, 2026 Google has announced a new security feature called Advanced Flow for Android users who install applications from external sources (APK sideloading) or from unverified developers. This measure is designed to address the growing threat of cyber scams and malware. According to the Global Anti-Scam Alliance (GASA), global losses from scams […]

162/69 Friday, March 20, 2026 Security researchers have identified a new iOS exploit kit named DarkSword, which leverages six vulnerabilities-CVE-2025-31277, CVE-2025-43529, CVE-2026-20700, CVE-2025-14174, CVE-2025-43510, and CVE-2025-43520-to bypass sandbox restrictions, escalate privileges, and execute remote code on iPhones. The attack chain begins through the Safari browser, combining multiple exploits to gain kernel read/write access before deploying […]

161/69 Friday, March 20, 2026 Intuitive has disclosed a data breach caused by a targeted phishing attack, in which threat actors successfully compromised an employee account and used it to gain access to internal systems. As a result, certain data was accessed without authorization, including customer contact information, employee data, and corporate business information. The […]

160/69 Friday, March 20, 2026 Aura, a provider of digital security and identity protection services, has confirmed a major data breach after the cybercrime group ShinyHunters publicly released approximately 12GB of data following failed negotiations. The leaked dataset contains more than 900,000 records, which Aura stated are primarily marketing-related data inherited from a company it […]

159/69 Thursday, March 19, 2026 Companies House has confirmed a critical security vulnerability in its WebFiling service, potentially putting data from more than 5 million registered companies at risk. The flaw was discovered by researchers from Ghost Mail on March 12, 2026, but investigations revealed that the issue had been present in the system since […]