A high severity heap overflow in Wireshark’s TLS dissector affects 4.6.0 to 4.6.4, allowing denial of service and possible code execution. Check vendor guidance, isolate capture hosts and harden analyst workstations immediately.

Sophos warns ‘Nickel Alley’ uses LinkedIn, Upwork and Fiverr fake interviews to deliver malware and steal cryptocurrency from developers.

AVACAST by eMPIA Technology has an Unquoted Service Path (CVE-2026-7280) allowing local privileged attackers to place executables that run as SYSTEM when the service starts; severity 8.4, reported 50 minutes ago.

A critical privilege escalation (CVE-2026-22337) affects Directorist Social Login versions before 2.1.4. Update, audit admin accounts and enable MFA immediately.

A public exploit targets the fromSafeMacFilter function in Tenda F456 routers, version 1.0.0.5; remote code or disruption is possible and organisations should inventory and isolate affected devices immediately.

SiYuan desktop’s notification endpoint could render attacker HTML into an Electron renderer with nodeIntegration enabled, enabling local code execution; update to 3.6.5 and harden Electron settings.