The two bugs, an arbitrary file read and an SSRF bug, can be exploited without user interaction to leak credentials, databases, and other data.
The post Chainlit Vulnerabilities May Leak Sensitive Information appeared first on SecurityWeek.
Category Added in a WPeMatico Campaign
APT-Grade PDFSider Malware Used by Ransomware Groups
Providing cyberespionage and remote code execution capabilities, the malware is executed via DLL sideloading.
The post APT-Grade PDFSider Malware Used by Ransomware Groups appeared first on SecurityWeek.
Weaponized Invite Enabled Calendar Data Theft via Google Gemini
A simple payload allowed attackers to create a new event leaking summaries of the victim’s private meetings.
The post Weaponized Invite Enabled Calendar Data Theft via Google Gemini appeared first on SecurityWeek.
TP-Link Patches Vulnerability Exposing VIGI Cameras to Remote Hacking
The researcher who discovered the vulnerability saw more than 2,500 internet-exposed devices.
The post TP-Link Patches Vulnerability Exposing VIGI Cameras to Remote Hacking appeared first on SecurityWeek.
Jordanian Admits in US Court to Selling Access to 50 Enterprise Networks
Operating as an access broker, the defendant sold unauthorized access to compromised networks to an undercover agent.
The post Jordanian Admits in US Court to Selling Access to 50 Enterprise Networks appeared first on SecurityWeek.
‘SolyxImmortal’ Information Stealer Emerges
The information stealer abuses legitimate APIs and libraries to exfiltrate data to Discord webhooks.
The post ‘SolyxImmortal’ Information Stealer Emerges appeared first on SecurityWeek.
Cyber Insights 2026: Information Sharing
Information sharing is necessary for efficient cybersecurity, and is widespread; but never quite perfect in practice.
The post Cyber Insights 2026: Information Sharing appeared first on SecurityWeek.
New Reports Reinforce Cyberattack’s Role in Maduro Capture Blackout
US officials told The New York Times that cyberattacks were used to turn off the lights in Caracas and disrupt air defense radars.
The post New Reports Reinforce Cyberattack’s Role in Maduro Capture Blackout appeared first on SecurityWeek.
Malicious Chrome Extension Crashes Browser in ClickFix Variant ‘CrashFix’
Posing as an ad blocker, the malicious extension crashes the browser to lure victims into installing malware.
The post Malicious Chrome Extension Crashes Browser in ClickFix Variant ‘CrashFix’ appeared first on SecurityWeek.
42,000 Impacted by Ingram Micro Ransomware Attack
The compromised personal information includes names, dates of birth, Social Security numbers, and employment-related data.
The post 42,000 Impacted by Ingram Micro Ransomware Attack appeared first on SecurityWeek.