Cwe-352 - Cross-Site Request Forgery (csrf) is a cwe tracked across 13 threat clusters and 19 intelligence report mentions on ThreatCluster. First observed May 12, 2026; most recent activity July 17, 2026.
CISA has warned of ongoing attacks exploiting the CVE-2008-4128 vulnerability in Cisco IOS 12.4, a cross-site request forgery flaw. This vulnerability, which has been known since 2008, allows attackers to execute…
A joint advisory from 21 global cybersecurity agencies warns that Russian state hackers from the FSB's Center 16 are exploiting poorly configured routers to infiltrate critical infrastructure networks worldwide. The…
Multiple vulnerabilities were identified in the Authlib library used in Ubuntu systems, specifically affecting versions 24.04 LTS and 26.04 LTS. Discovered by researchers Jay Neiva, Mauro Carrillo, and Johnny Deuss,…
A critical stored XSS vulnerability, CVE-2026-41241, has been discovered in the Pretalx conference management platform. This flaw allows registered users to execute malicious scripts that can compromise organizer…
Two significant vulnerabilities have been identified in Jenkins plugins, CVE-2026-48922 and CVE-2026-48925. The Jenkins Credentials Binding Plugin allows attackers to write files to arbitrary locations, potentially…
A critical vulnerability in phpBB forum software enables attackers to hijack any account, including administrators, with a single unauthenticated request. This flaw, tracked as PTT-2026-004, affects all versions up to…
On May 12, 2026, SAP released security updates for 15 vulnerabilities, including two critical flaws in Commerce Cloud and S/4HANA. The first critical vulnerability (CVE-2026-34263) allows unauthenticated attackers to…
The Silent Ransom Group (SRG), a cyber extortion group active since 2022, has been identified using DNS Fast Flux infrastructure to target U.S. law firms and other sensitive industries. Unlike traditional ransomware,…
A high-severity vulnerability in HestiaCP, tracked as CVE-2026-12196, allows low-privileged users to take over administrator accounts through a broken access control in the panel's cron job feature. This flaw enables…
Recent investigations into AI browsers like Perplexity Comet and ChatGPT Atlas reveal significant security vulnerabilities, particularly prompt injection attacks. These attacks allow malicious actors to embed harmful…