nopCommerce 4.90.0 has been bitten by the notorious Cross Site Scripting (XSS) bug through its Attributes functionality. It’s a classic case of “JavaScript gone wild,” where attackers can sneak scripts into the Name field, waiting for a curious privileged user to trigger the mayhem.

Convercent’s whistleblowing platform had more leaks than a colander. Security misconfigurations and customer enumeration exposed vulnerabilities, now with shiny new CVE identifiers to boot. Keep your secrets safe, folks!

Apple’s new Safari 26.2 update is like a digital bouncer—keeping out unwanted crashes and snoops. The update patches several security vulnerabilities, ensuring your web browsing stays as smooth as a fresh jar of peanut butter. Stay safe with Safari 26.2, now available for macOS Sonoma and Sequoia.

Apple’s latest security update for macOS Sequoia 15.7.3 is here, addressing everything from memory corruption to apps snooping through your sensitive data. It’s like a digital game of whack-a-mole, but with vulnerabilities. Stay safe and updated, because nobody wants their FaceTime caller ID spoofed!

In a bid to keep Vision Pro users’ data safe, visionOS 26.2 swoops in like a digital superhero, tackling issues from app permissions to memory corruption. Apple takes a bite out of bugs with improved state handling and memory management, ensuring your device stays as secure as your secret cookie stash!

Apple’s watchOS 26.2 update is here, tackling everything from sneaky app permissions to FaceTime caller ID imposters. It’s like a superhero for your Apple Watch, swooping in to save the day from malicious attacks and rogue apps. Stay secure and update now—your wrist deserves the best!

In a world where even your TV needs a security update, Apple reveals tvOS 26.2. This patch tackles everything from apps gaining root privileges to a malicious device achieving world domination—well, maybe just a process crash. Check your Apple TV for updates before it becomes self-aware!

Apple’s latest macOS Sonoma update is out, and it’s fixing more issues than a therapist on speed dial. From memory corruption to apps sneaking into your sensitive data, macOS Sonoma 14.8.3 is here to plug those leaks. Stay patched and stay secure, or risk letting those sneaky apps crash your party.

Apple’s latest macOS Tahoe 26.2 update is here, addressing multiple security vulnerabilities like a digital superhero in a turtleneck. From fixing permissions and memory corruption issues to enhancing privacy controls, these improvements aim to keep your sensitive data safer than the last slice of pizza at a party.

iOS 18.7.3 and iPadOS 18.7.3 updates are here, addressing everything from memory corruption to FaceTime caller ID spoofing. Apple recommends applying these updates faster than a toddler with a crayon on a freshly painted wall. Keep your devices secure and your mischief managed!

Apple’s latest update, iOS 26.2 and iPadOS 26.2, is here to save the day! Fixing everything from FaceTime caller ID shenanigans to apps snooping through your Safari history, it’s like a superhero squad for your devices. So, update now and let iOS 26.2 and iPadOS 26.2 fight off those tech villains!

HP’s UEFI boot protection for computers is about as useful as a screen door on a submarine. Thanks to a bypass vulnerability, setting an admin password is like putting a lock on a wide-open door. So, if you thought your zBook Firefly was secure, think again—it’s more like a zBook Flutterby.

Harmonix on AWS faces a security hiccup—CVE-2025-14503—that lets authenticated users ascend to admin status quicker than a caffeinated squirrel. Update to version 0.4.2 pronto! Can’t upgrade yet? Tighten those IAM trust policies and keep an eye on CloudTrail events like a hawk at a pigeon parade.

CISA’s KEV Catalog just got spicier with two new vulnerabilities, including the Gladinet CentreStack and Triofox Hard Coded Cryptographic Vulnerability. Cyber actors love these like cats love laser pointers, making them high-risk for federal networks. Time to patch things up, literally!

The React2Shell CVE-2025-55182 exploits are still active, akin to a viral meme that refuses to die. If your server hasn’t been compromised yet, you’re either incredibly lucky or running on a potato. Just remember, the real malware was the friends we made along the way. Stay safe out there!

Wireshark release 4.6.2 patches 2 vulnerabilities and 5 bugs. The new Windows installers come with Visual C++ Redistributable version 14.44.35112, which prompted a laptop reboot. Who knew software updates could be so demanding?

ClickFix attacks continue to give us the finger, literally! These crafty campaigns, KongTuke and SmartApeSG, cleverly use the finger protocol to retrieve malicious content. So, if you’re not blocking TCP port 79, watch out—these attacks might just be pointing their way into your system!

Attention federal agencies: CISA has added the Google Chromium Out-of-Bounds Memory Access Vulnerability, CVE-2025-14174, to its KEV Catalog. This isn’t just tech talk—it’s like discovering a new species of cyber gremlin, and it’s hungry for your security. Time to patch up before it wreaks havoc!

CISA has added CVE-2018-4063 to its Known Exploited Vulnerabilities Catalog. This Sierra Wireless AirLink ALEOS vulnerability is like leaving your front door open with a neon sign saying “Free Wi-Fi.” It’s a favorite haunt for cybercriminals, posing major risks to federal networks. Time to lock that door!

In the Microsoft Windows world, DLLs are like the Swiss Army knives of software libraries, quietly exporting functions for needy programs. But beware! That innocent DllMain can be a hotbed of mischief, just waiting to unleash a surprise like opening a calculator app. Always keep an eye on the DLL entry point!