One Hacker, 50 Companies: How Infostealer Malware Sparked a Global Data Auction CyberSecurity News CyberDefenderJanuary 9, 2026January 9, 20264 mins0 What tools were used How access was gained Scope & Impact According to analysis from Hudson Rock…continue reading..
CVE-2025-65518: Unauthenticated Attack Can Knock Plesk Obsidian Control Panel Offline Vulnerabilities AegironJanuary 9, 2026January 9, 20268 mins0 CVE Overview Executive Summary CVE-2025-65518 is an unauthenticated Denial-of-Service vulnerability affecting the Plesk Obsidian control panel. The…continue reading..
CVE-2026-22256 & CVE-2026-22257: Multiple High-Risk XSS Flaws Identified in Salvo Framework Vulnerabilities AegironJanuary 9, 2026January 9, 20269 mins0 Product: Salvo (Rust Web Framework)Vulnerability Type: Cross-Site Scripting (XSS)Affected Component: list_html directory listing handlerImpact: Client-side code execution,…continue reading..
CVE-2026-21883: Bokeh Server WebSocket Origin Validation Bypass Enables Silent Session Hijacking Vulnerabilities AegironJanuary 9, 2026January 9, 202615 mins0 CVE ID: CVE-2026-21883Vulnerability: Origin validation bypass in Bokeh server’s WebSocket handlingSeverity: High / Critical-classCVSS Score: ~9.1 (reflects…continue reading..
Iran’s Internet Blackout as a Cyber Control Weapon Cyber Kill Chain CyberDefenderJanuary 9, 2026January 9, 20263 mins0 1. Cybersecurity Angle on the Current Blackout 2. Broader Cybersecurity Context 3. Cybersecurity Risks & Impacts 4.…continue reading..
CVE-2025-67325: Critical Unauthenticated Remote Code Execution in QloApps via Unrestricted File Upload Vulnerabilities AegironJanuary 9, 2026January 9, 20268 mins0 Vulnerability Overview CVE ID: CVE-2025-67325Product: QloAppsAffected Versions: QloApps 1.7.0 and earlierVulnerability Type: Unrestricted File UploadImpact: Unauthenticated Remote…continue reading..
CVE-2026-22234 : Critical Unauthenticated File Access in OPEXUS eCasePortal Enables Mass Data Theft and Destruction Vulnerabilities AegironJanuary 9, 2026January 9, 20269 mins0 Product: OPEXUS eCasePortalAffected Component: Attachments.aspxCVE ID: CVE-2026-22234Severity: CriticalCVSS Score: 9.8Attack Vector: Network (Remote)Authentication Required: NoneUser Interaction: NoneImpact:…continue reading..
CVE-2025-14505: Critical ECDSA Nonce Failure Leading to Private Key Recovery Vulnerabilities AegironJanuary 9, 2026January 9, 20269 mins0 CVE Overview Vulnerability Summary CVE-2025-14505 is a critical cryptographic vulnerability in the elliptic JavaScript library that directly…continue reading..
CVE-2025-66913: Critical Unauthenticated Remote Code Execution via JDBC URL Injection in JimuReport Vulnerabilities AegironJanuary 9, 2026January 9, 20269 mins0 CVE ID: CVE-2025-66913Product: JimuReportVulnerability Type: Remote Code Execution (RCE)Attack Vector: NetworkAuthentication Required: No (in many real-world deployments)User…continue reading..
CVE-2025-61686: Critical React Router Flaw Enables Server-Side File Overwrite via Session Manipulation Vulnerabilities AegironJanuary 9, 2026January 9, 20268 mins0 CVE ID: CVE-2025-61686Product: React Router / Remix (Node runtime)Affected Component: createFileSessionStorage()Vulnerability Type: Path Traversal (CWE-22)CVSS v3 Score:…continue reading..
