[R1] Nessus Agent Version 11.1.3 Fixes Arbitrary File Deletion
Nessus Agent Version 11.1.3 Fixes Arbitrary File Deletion Jason Schavel Thu, 04/23/2026 - 14:10
A vulnerability has been identified in Nessus Agent on...
It pays to be a forever student
Welcome to this week’s edition of the Threat Source newsletter. If I haven’t said it in a newsletter before, I'll say it now: If you want to be good...
Private health records of half a million Britons offered for sale on Chinese website
Technology minister tells Commons ‘de-identified’ information from UK Biobank advertised for sale on AlibabaThe confidential health records of half a million British volunteers have...
Google Favors General-Purpose Gemini Models Over Cybersecurity‑Specific AI
Google Cloud’s COO advocated for combining general-purpose frontier large language models with task-specific AI agents - Read more
UAT-4356’s Targeting of Cisco Firepower Devices
Cisco Talos is aware of UAT-4356's continued active targeting of Cisco Firepower devices’ Firepower eXtensible Operating System (FXOS). UAT-4356 exploited n-day vulnerabilities (CVE-2025-20333 and...
CVE-2026-32210 Microsoft Dynamics 365 (online) Spoofing Vulnerability
Server-side request forgery (ssrf) in Microsoft Dynamics 365 (Online) allows an unauthorized attacker to perform spoofing over a network. - Read more
Yuma AI – Unauthenticated personal data and order information disclosure
Yuma AI - Unauthenticated personal data and order information disclosure A vulnerability was identified in Yuma AI Chat AI (a chatbot), a SaaS solution...
Carlson Software VASCO-B GNSS Receiver
View CSAF
Summary
Successful exploitation of this vulnerability could enable a remote attacker to alter critical system functions or disrupt device operation.
The following versions of Carlson...
FIRESTARTER Backdoor
Malware Analysis Report at a Glance
Malware Name
FIRESTARTER
Original Publication
April 23, 2026
Executive Summary
The Cybersecurity and Infrastructure Security Agency (CISA) analyzed a sample of FIRESTARTER malware obtained...
Hangzhou Xiongmai Technology Co., Ltd XM530 IP Camera
View CSAF
Summary
Successful exploitation of this vulnerability could allow an attacker to bypass authentication and have remote access to sensitive information on the device.
The following...
Latest article
CVE-2026-41940: cPanel & WHM Authentication Bypass
OverviewOn April 28, 2026, cPanel issued a security update to fix a critical vulnerability affecting the cPanel & WHM and WP Squared products. In...
Cursor Extension Flaw Exposes Developer API Keys
Cursor flaw lets extensions steal API keys and session tokens without user interaction, according to researchers at LayerX - Read more
CVE-2026-21246 Windows Graphics Component Elevation of Privilege Vulnerability
Acknowledgement added. This is an informational change only. - Read more
ClickUp Data Leak Exposes Enterprise Emails for Over a Year
A hardcoded ClickUp API key exposed hundreds of corporate and government emails for over a year, raising new SaaS security concerns.
The post ClickUp Data...
