Lmst
Login

#Cybersecurity

Script Kiddiescriptkiddie@anonsys.net
2026-03-06

Long story short: #Google once said that you could publish this #API #key. Then Google changed the #software and used the key for #billing with #Gemini, its in-house #AI. Of course, there are now many leaked keys and high costs that Google now wants to collect from the owners of the keys. Don't let Google fool you!

see: trufflesecurity.com/blog/googl…

#news #software #money #customer #service #fool #wtf #omg #economy #bigtech #evil #problem #cybersecurity #security #marketing #fail #company #politics #responsibility #bill #cost #leak #apikey

404 Media404media.co@web.brid.gy
2026-03-05

ICE Phishing: Scammers Are Sending 'Support ICE' Emails to Steal Credentials

fed.brid.gy/r/https://www.404m

<img alt="ICE Phishing: Scammers Are Sending &apos;Support ICE&apos; Emails to Steal Credentials" src="https://www.404media.co/content/images/2026/03/54976777227_477035d788_k.jpg" /><p>Clients of a long-running email marketing platform are getting targeted with a phishing campaign telling them that their emails would begin automatically inserting a &#x201c;&#x2018;Support ICE&#x2019; donation button&#x201d; into every email they send. The strategy suggests that scammers are trying to capitalize on people&#x2019;s revulsion to ICE by coming up with strategies that would cause users to quickly log into their accounts to disable the setting. In reality, clients would be revealing their username and password to hackers.&#xa0;</p><p>The move indicates that hackers are targeting clients of enterprise software companies with extremely controversial political emails. The scam targeted customers of Emma, a long-running email marketing platform whose clients include Orange Theory, Yale University, Texas A&amp;M University, the Cystic Fibrosis Foundation, Dogfish Head Brewery, and the YMCA, among others. 404 Media was forwarded a copy of the phishing email from an Emma client.</p><p>&#x201c;As part of our commitment to supporting U.S. Immigration and Customs Enforcement (ICE), we will be adding a &#x2018;Support ICE&#x2019; donation button to the footer of every email sent through our platform,&#x201d; the phishing email reads. &#x201c;This button will appear automatically in all outgoi
EUVD BotEUVD_Bot
2026-03-06

🚨 EUVD-2026-9990

πŸ“Š Score: 9.3/10 (CVSS v3.1)
πŸ“¦ Product: ghostfolio
🏒 Vendor: ghostfolio
πŸ“… Updated: 2026-03-06

πŸ“ Ghostfolio is an open source wealth management software. Prior to version 2.245.0, an attacker can exploit the manual asset import feature to perform a full-read SSRF, allowing them to exfiltrate sensitive cloud metadata (IMDS) or probe internal network ...

πŸ”— euvd.enisa.europa.eu/vulnerabi

EUVD BotEUVD_Bot
2026-03-06

🚨 EUVD-2026-9995

πŸ“Š Score: 9.3/10 (CVSS v3.1)
πŸ“¦ Product: ghostfolio
🏒 Vendor: ghostfolio
πŸ“… Updated: 2026-03-06

πŸ“ Ghostfolio is an open source wealth management software. Prior to version 2.244.0, by bypassing symbol validation, an attacker can execute arbitrary SQL commands via the getHistorical() method, potentially allowing them to read, modify, or delete sensiti...

πŸ”— euvd.enisa.europa.eu/vulnerabi

EUVD BotEUVD_Bot
2026-03-06

🚨 EUVD-2026-9975

πŸ“Š Score: 6.5/10 (CVSS v3.1)
πŸ“¦ Product: chartbrew
🏒 Vendor: chartbrew
πŸ“… Updated: 2026-03-06

πŸ“ Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to version 4.8.1, the application performs authorization checks based solely on the project_id parameter when handling char...

πŸ”— euvd.enisa.europa.eu/vulnerabi

EUVD BotEUVD_Bot
2026-03-06

🚨 EUVD-2026-9976

πŸ“Š Score: 7.2/10 (CVSS v3.1)
πŸ“¦ Product: chartbrew
🏒 Vendor: chartbrew
πŸ“… Updated: 2026-03-06

πŸ“ Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to version 4.8.1, there is a remote code execution vulnerability via the MongoDB dataset Query. This issue has been patched...

πŸ”— euvd.enisa.europa.eu/vulnerabi

EUVD BotEUVD_Bot
2026-03-06

🚨 EUVD-2026-9977

πŸ“Š Score: 8.8/10 (CVSS v3.1)
πŸ“¦ Product: chartbrew
🏒 Vendor: chartbrew
πŸ“… Updated: 2026-03-06

πŸ“ Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to version 4.8.1, there is a remote code execution vulnerability via a vulnerable API. This issue has been patched in versi...

πŸ”— euvd.enisa.europa.eu/vulnerabi

EUVD BotEUVD_Bot
2026-03-06

🚨 EUVD-2026-9978

πŸ“Š Score: 8.8/10 (CVSS v3.1)
πŸ“¦ Product: chartbrew
🏒 Vendor: chartbrew
πŸ“… Updated: 2026-03-06

πŸ“ Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to version 4.8.3, an unauthenticated attacker can inject arbitrary SQL into queries executed against databases connected to...

πŸ”— euvd.enisa.europa.eu/vulnerabi

EUVD BotEUVD_Bot
2026-03-06

🚨 EUVD-2026-9979

πŸ“Š Score: 8.7/10 (CVSS v3.1)
πŸ“¦ Product: chartbrew
🏒 Vendor: chartbrew
πŸ“… Updated: 2026-03-06

πŸ“ Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to version 4.8.4, the chart filter endpoint POST /project/:project_id/chart/:chart_id/filter is missing both verifyToken an...

πŸ”— euvd.enisa.europa.eu/vulnerabi

EUVD BotEUVD_Bot
2026-03-06

🚨 EUVD-2026-9980

πŸ“Š Score: 6.3/10 (CVSS v3.1)
πŸ“¦ Product: chartbrew
🏒 Vendor: chartbrew
πŸ“… Updated: 2026-03-06

πŸ“ Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to version 4.8.4, the application allows uploading files (project logos) without validating the file type or content. It tr...

πŸ”— euvd.enisa.europa.eu/vulnerabi

EUVD BotEUVD_Bot
2026-03-06

🚨 EUVD-2026-9985

πŸ“Š Score: 6.3/10 (CVSS v3.1)
πŸ“¦ Product: LangBot
🏒 Vendor: langbot-app
πŸ“… Updated: 2026-03-06

πŸ“ LangBot is a global IM bot platform designed for LLMs. Prior to version 4.8.7, LangBot’s web UI renders user-supplied raw HTML using rehypeRaw, which can lead to a cross-site scripting (XSS) vulnerability. This issue has been patched in version 4.8.7.

πŸ”— euvd.enisa.europa.eu/vulnerabi

EUVD BotEUVD_Bot
2026-03-06

🚨 EUVD-2026-9986

πŸ“Š Score: 5.3/10 (CVSS v3.1)
πŸ“¦ Product: OpenSift
🏒 Vendor: OpenSift
πŸ“… Updated: 2026-03-06

πŸ“ OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. Prior to version 1.6.3-alpha, some endpoints returned raw exception strings to clients. Additionally, login token material was exposed in UI/rendered resp...

πŸ”— euvd.enisa.europa.eu/vulnerabi

EUVD BotEUVD_Bot
2026-03-06

🚨 EUVD-2026-9987

πŸ“Š Score: 8.8/10 (CVSS v3.1)
πŸ“¦ Product: OpenSift
🏒 Vendor: OpenSift
πŸ“… Updated: 2026-03-06

πŸ“ OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. Prior to version 1.6.3-alpha, multiple storage helpers used path construction patterns that did not uniformly enforce base-directory containment. This cre...

πŸ”— euvd.enisa.europa.eu/vulnerabi

EUVD BotEUVD_Bot
2026-03-06

🚨 EUVD-2026-9988

πŸ“Š Score: 8.2/10 (CVSS v3.1)
πŸ“¦ Product: OpenSift
🏒 Vendor: OpenSift
πŸ“… Updated: 2026-03-06

πŸ“ OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. Prior to version 1.6.3-alpha, the URL ingest pipeline accepted user-controlled remote URLs with incomplete destination restrictions. Although private/loca...

πŸ”— euvd.enisa.europa.eu/vulnerabi

EUVD BotEUVD_Bot
2026-03-06

🚨 EUVD-2026-9989

πŸ“Š Score: 8.6/10 (CVSS v3.1)
πŸ“¦ Product: home-gallery
🏒 Vendor: xemle
πŸ“… Updated: 2026-03-06

πŸ“ Home-Gallery.org is a self-hosted open-source web gallery to browse personal photos and videos. Prior to version 1.21.0, when a user requests a download, the application does not verify whether the requested file is located within the media source directory...

πŸ”— euvd.enisa.europa.eu/vulnerabi

EUVD BotEUVD_Bot
2026-03-06

🚨 EUVD-2026-9982

πŸ“Š Score: 7.5/10 (CVSS v3.1)
πŸ“¦ Product: Talishar
🏒 Vendor: Talishar
πŸ“… Updated: 2026-03-06

πŸ“ Talishar is a fan-made Flesh and Blood project. Prior to commit 6be3871, a Path Traversal vulnerability was identified in the gameName parameter. While the application's primary entry points implement input validation, the ParseGamestate.php component can be...

πŸ”— euvd.enisa.europa.eu/vulnerabi

EUVD BotEUVD_Bot
2026-03-06

🚨 EUVD-2026-9981

πŸ“Š Score: 5.3/10 (CVSS v3.1)
πŸ“¦ Product: Talishar
🏒 Vendor: Talishar
πŸ“… Updated: 2026-03-06

πŸ“ Talishar is a fan-made Flesh and Blood project. Prior to commit a9c218e, an authentication bypass vulnerability in Talishar's game endpoint validation logic allows any unauthenticated attacker to perform authenticated game actions β€” including sending chat me...

πŸ”— euvd.enisa.europa.eu/vulnerabi

urlDNA.io :verified:urldna@infosec.exchange
2026-03-06

Possible Phishing 🎣
on: ⚠️hxxps[:]//www[.]robiox[.]com[.]py/users/394929485252/profile
🧬 Analysis at: urldna.io/scan/69a9c4a93b77500
#cybersecurity #phishing #infosec #urldna #scam #infosec

RedPacket SecurityRedPacketSecurity
2026-03-06

CVE Alert: CVE-2026-28485 - OpenClaw - OpenClaw - redpacketsecurity.com/cve-aler

-2026-28485 #

The Daily PerspectiveTheDailyPerspective
2026-03-06

Arc Raiders Discord Flaw: How a Game Accidentally Logged Private Messages

thedailyperspective.org/articl

Client Info

Server: https://mastodon.social
Version: 2025.07
Repository: https://github.com/cyevgeniy/lmst